On 2024-09-02 05:44, rbowman wrote:

On Sun, 1 Sep 2024 23:42:09 -0000 (UTC), Lawrence D'Oliveiro wrote:

On Sun, 1 Sep 2024 11:47:34 -0500, Grant Taylor wrote:

On 9/1/24 02:32, Lawrence D'Oliveiro wrote:

So it takes the root user two steps to modify/delete that file,
instead of one.

Sometimes that extra step is all that's needed to prevent processes
from falling off the rails.

To guard against accidents, yes.

To guard against malice, no.

I forget which distro it was but if you ran as root the wallpaper turned
to a bright red field with cartoon style bombs with lit fuses. One
picture...

It happened with an old openSUSE or SUSE version, long ago. Could be
version 7.

--
Cheers, Carlos.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 9/1/24 18:42, Lawrence D'Oliveiro wrote:

To guard against accidents, yes.

Yep.

To guard against malice, no.

I also said "sometimes".

My experience has been that accidents happen 100 to 1000 times more
often than human malicious actors.

Also, most security measures can (eventually) be bypassed by skilled
human actors.



--
Grant. . . .

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello!

Is there any definition for the word "privileged user" in the Linux
(especially RedHat) environment?

I am currently learning RedHat OpenShift and the courses include a
question where the answer is that 2 containers run with UID 27 are
called privileged. (DO190 ch03s08 if you have access).

I am aware that it is common that normal (real people) users start with
1000 ongoing, server process users are below. Is there a difference on
the IDs or is that just tradition?

--
kind regards
Marco

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 8/28/24 2:21 AM, Marco Moock wrote:

Hello!

Is there any definition for the word "privileged user" in the Linux (especially RedHat) environment?

User 'root' is the only, initially, "privileged user".

Open a terminal, type 'su', enter the password (which
should be DIFFERENT from that of any other user you
created during install). Root has access to EVERYTHING,
therefore the desire for the different password.

(note that 'sudo' kinda breaks this security measure, so
research and set it CAREFULLY). You do NOT have to use
'visudo' ... but then it's on YOU to get it 100% right.
Anything 'vi' I tend to REMOVE because I find line-editors
SO offensive these days.

When IBM-PCs, DOS 1.x, came out there was 'edlin' - a
"line editor". You were expected to use it when editing
text/config files. I despised the concept SO much I wrote
a 'nano'-like editor, in assembler lang, as a replacement.
I just REALLY hate line editors ...... the tech do do
much better existed from WAY back.

I am currently learning RedHat OpenShift and the courses include a
question where the answer is that 2 containers run with UID 27 are
called privileged. (DO190 ch03s08 if you have access).

I am aware that it is common that normal (real people) users start with
1000 ongoing, server process users are below. Is there a difference on
the IDs or is that just tradition?

It is "tradition" now to set the first 'regular' user
to ID 1000, group 1000. Not all 'unix-like' systems
may obey the same traditions, but Linux distros kinda
all go that way.

The SYSTEM doesn't really care about the ID numbers.

While there are terminal-line utilities, you can also
edit /etc/groups and /etc/passwd using something like
'nano' and add/remove users from the privileges of
the root user. DO be CAREFUL ! Get it right. Plenty
of docs on the net.

Linux has a rep for security. To keep that intact
please do NOT run apps and such as "root" unless
absolutely necessary.

Yea, yea ... with Win you have to use the Administrator
privs kinda often or you can't do dick .......

As for 'sudo' ... there ARE ways to force it to
require the ROOT password instead of the regular
USER password. This is much more secure. DO
research it on the net. The /etc/sudoers file
is where you make the, careful, changes.

Oh, Raspberry Pi's ... 'sudo' often requires NO
password. NOT great.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 28 Aug 2024 03:53:18 -0400 "186282@ud0s4.net"
<186283@ud0s4.net> wrote:

On 8/28/24 2:21 AM, Marco Moock wrote:

Hello!

Is there any definition for the word "privileged user" in the Linux (especially RedHat) environment?

User 'root' is the only, initially, "privileged user".

Ok, but what does privileged then mean in the RHEL/ROCP environment?

I know that stuff like sudo exists, but I'm mostly asking about the
term.

(note that 'sudo' kinda breaks this security measure, so
research and set it CAREFULLY). You do NOT have to use
'visudo' ... but then it's on YOU to get it 100% right.
Anything 'vi' I tend to REMOVE because I find line-editors
SO offensive these days.

I love vim, but this is irrelevant here. :-)

I am currently learning RedHat OpenShift and the courses include a
question where the answer is that 2 containers run with UID 27 are
called privileged. (DO190 ch03s08 if you have access).

I am aware that it is common that normal (real people) users start
with 1000 ongoing, server process users are below. Is there a
difference on the IDs or is that just tradition?

It is "tradition" now to set the first 'regular' user
to ID 1000, group 1000. Not all 'unix-like' systems
may obey the same traditions, but Linux distros kinda
all go that way.

The SYSTEM doesn't really care about the ID numbers.

Aren't there some applications/scripts that check those IDs?
IIRC in Debian some bash environment/profile stuff checks the UID to
set environment variables different for root.

Oh, Raspberry Pi's ... 'sudo' often requires NO
password. NOT great.

IIRC this is related to the OS installed on it. I run them with Debian
and Debian asks the user PW when using sudo by default, but this can be
easily changed in sudoers.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 28 Aug 2024 08:21:01 +0200, Marco Moock wrote:

Hello!

Is there any definition for the word "privileged user" in the Linux (especially RedHat) environment?

That's a question with a complicated answer.

Linux has adopted the concept of "capabilities", which
a) subdivide privileges into categories, and
b) can be assigned (with limitations) to unprivileged UIDs

Processes run by the "root" user (UID 0), within the initial
"host" environment (i.e., not running in a container) have all
capabilities, until they drop one or more of those capabilities.
If/when a "privileged" process fork()s, the child process does
not receive full capabilities; instead, it inherits the retained
capability set of it's parent process.

A common way to delegate UID 0 privileges is for the binary owned
by UID 0 to have the SETUID permission bit set. This permits the
binary, when run with the UID of an unprivileged user, to act as
UID 0, with all it's permissions. Some general purpose utilities,
such as su(1) and sudo(8) work this way.

I am currently learning RedHat OpenShift and the courses include a
question where the answer is that 2 containers run with UID 27 are
called privileged. (DO190 ch03s08 if you have access).

Containers have different restrictions. Containers initiated by
privileged processes retain the privileges of the process that started
them, and (subject to certain rules relating to the /type/ of container)
may even regain privileges /within the processes in the container/.

Containers initiated by unprivileged processes may gain new privileges,
again, /within the processes in the container/. However, there are
privileges that such process cannot gain.

I am aware that it is common that normal (real people) users start with
1000 ongoing, server process users are below. Is there a difference on
the IDs or is that just tradition?

UID 0 is the only privileged UID. All the other UIDs start off "unprivileged". The distinction between the UIDs below 1000 and those above is purely artificial and administrative. There are other separations, other than "privilege" that are applied by UID (and/or GID), and this numbering
convention permits the distribution to fit those distinctions in without affecting the UID assignments that the sysadmin will also implement.


HTH
--
Lew Pitcher
"In Skills We Trust"

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 28 Aug 2024 06:01:14 -0400, Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

On Wed, 28 Aug 2024 03:53:18 -0400 "186282@ud0s4.net"
<186283@ud0s4.net> wrote:

On 8/28/24 2:21 AM, Marco Moock wrote:

Hello!

Is there any definition for the word "privileged user" in the Linux
(especially RedHat) environment?

User 'root' is the only, initially, "privileged user".

Ok, but what does privileged then mean in the RHEL/ROCP environment?

I know that stuff like sudo exists, but I'm mostly asking about the
term.

There are "privileged users". Those with a uid in what is shown by
(as root) "grep SYS_UID /etc/login.defs".

The only benefit I'm aware of is the ability to increase the priority
for their own processes. See "man renice". There are probably other
benefits, but I don't recall any others off hand.

Regards, Dave Hodgins

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-08-28, Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

On Wed, 28 Aug 2024 03:53:18 -0400 "186282@ud0s4.net"
<186283@ud0s4.net> wrote:

On 8/28/24 2:21 AM, Marco Moock wrote:

Hello!

Is there any definition for the word "privileged user" in the Linux
(especially RedHat) environment?

User 'root' is the only, initially, "privileged user".

Ok, but what does privileged then mean in the RHEL/ROCP environment?

I know that stuff like sudo exists, but I'm mostly asking about the
term.

(note that 'sudo' kinda breaks this security measure, so
research and set it CAREFULLY). You do NOT have to use
'visudo' ... but then it's on YOU to get it 100% right.
Anything 'vi' I tend to REMOVE because I find line-editors
SO offensive these days.

I love vim, but this is irrelevant here. :-)

I am currently learning RedHat OpenShift and the courses include a
question where the answer is that 2 containers run with UID 27 are
called privileged. (DO190 ch03s08 if you have access).

I am aware that it is common that normal (real people) users start
with 1000 ongoing, server process users are below. Is there a
difference on the IDs or is that just tradition?

It is "tradition" now to set the first 'regular' user
to ID 1000, group 1000. Not all 'unix-like' systems
may obey the same traditions, but Linux distros kinda
all go that way.

The SYSTEM doesn't really care about the ID numbers.

Aren't there some applications/scripts that check those IDs?
IIRC in Debian some bash environment/profile stuff checks the UID to
set environment variables different for root.

Oh, Raspberry Pi's ... 'sudo' often requires NO
password. NOT great.

IIRC this is related to the OS installed on it. I run them with Debian
and Debian asks the user PW when using sudo by default, but this can be easily changed in sudoers.

There is nothing special about the different UID's, apart from the root user.

ID's start at 1000 so they don't overlap with ID's which may be used for
system processes and the like. When I started using Linux, they typically started at 500.

What you are referring to, is specifically a RedHat OpenShift thing,
presumably permissions and restrictions that the containerised
environment adds. In this case, this is RedHat specific, rather than
Linux per-se. You'd need to research OpenShift specifically, because
from what you describe, this is OpenShift technology at work.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 28 Aug 2024 12:01:14 +0200, Marco Moock wrote:

On Wed, 28 Aug 2024 03:53:18 -0400 "186282@ud0s4.net"
<186283@ud0s4.net> wrote:

On 8/28/24 2:21 AM, Marco Moock wrote:

Hello!

Is there any definition for the word "privileged user" in the Linux
(especially RedHat) environment?

I am currently learning RedHat OpenShift and the courses include a
question where the answer is that 2 containers run with UID 27 are
called privileged. (DO190 ch03s08 if you have access).

I am aware that it is common that normal (real people) users start with
1000 ongoing, server process users are below. Is there a difference on
the IDs or is that just tradition?

User 'root' is the only, initially, "privileged user".

Ok, but what does privileged then mean in the RHEL/ROCP environment?

Strictly speaking "privileged user" just means a user with sufficient permissions to perform the task. That user is often root since root
can do anything. But it could be a regular user that has been placed into
the appropriate group (/etc/group) or configured via SELinux etc..

At the kernel level, there are no special UIDs except 0 for root.

For openshift, idk, but these might be helpful https://www.redhat.com/en/blog/a-guide-to-openshift-and-uids https://learn.redhat.com/t5/Containers-DevOps-OpenShift/Container-image-on-the-exam/td-p/35223

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 28.08.2024 um 09:40 Uhr David W. Hodgins wrote:

There are "privileged users". Those with a uid in what is shown by
(as root) "grep SYS_UID /etc/login.defs".

The only benefit I'm aware of is the ability to increase the priority
for their own processes. See "man renice". There are probably other
benefits, but I don't recall any others off hand.

Thanks. I will check that.

--
kind regards
Marco

Send spam to 1724830817muell@cartoonies.org

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Borax Man <rotflol2@hotmail.com> wrote:

ID's start at 1000 so they don't overlap with ID's which may be used for >system processes and the like. When I started using Linux, they typically >started at 500.

That is local configuration with defaults set by the distribution. See /etc/login.defs.

Greetings
Marc
--
---------------------------------------------------------------------------- Marc Haber | " Questions are the | Mailadresse im Header Rhein-Neckar, DE | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 8/28/24 03:01, Marco Moock wrote:

On Wed, 28 Aug 2024 03:53:18 -0400 "186282@ud0s4.net"
<186283@ud0s4.net> wrote:

On 8/28/24 2:21 AM, Marco Moock wrote:

Hello!

Is there any definition for the word "privileged user" in the Linux
(especially RedHat) environment?

User 'root' is the only, initially, "privileged user".

But root can assign other users certain privileges.
For example I am root on my system but I have assigned myself
certain administrative privilegs so that for example I
can do updates with my user password.
In Multiple user systems user may be allowed the use
of certain tools to maintain their own accounts.

Ok, but what does privileged then mean in the RHEL/ROCP environment?

I know that stuff like sudo exists, but I'm mostly asking about the
term.

(note that 'sudo' kinda breaks this security measure, so
research and set it CAREFULLY). You do NOT have to use
'visudo' ... but then it's on YOU to get it 100% right.
Anything 'vi' I tend to REMOVE because I find line-editors
SO offensive these days.

I love vim, but this is irrelevant here. :-)

I am currently learning RedHat OpenShift and the courses include a
question where the answer is that 2 containers run with UID 27 are
called privileged. (DO190 ch03s08 if you have access).

I am aware that it is common that normal (real people) users start
with 1000 ongoing, server process users are below. Is there a
difference on the IDs or is that just tradition?

It is "tradition" now to set the first 'regular' user
to ID 1000, group 1000. Not all 'unix-like' systems
may obey the same traditions, but Linux distros kinda
all go that way.

The SYSTEM doesn't really care about the ID numbers.

Aren't there some applications/scripts that check those IDs?
IIRC in Debian some bash environment/profile stuff checks the UID to
set environment variables different for root.

Oh, Raspberry Pi's ... 'sudo' often requires NO
password. NOT great.

IIRC this is related to the OS installed on it. I run them with Debian
and Debian asks the user PW when using sudo by default, but this can be easily changed in sudoers.

bliss

--
b l i s s - S F 4 e v e r at D S L E x t r e m e dot com

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 8/28/24 2:33 PM, Bobbie Sellers wrote:

On 8/28/24 03:01, Marco Moock wrote:

On Wed, 28 Aug 2024 03:53:18 -0400 "186282@ud0s4.net"
<186283@ud0s4.net> wrote:

On 8/28/24 2:21 AM, Marco Moock wrote:

Hello!

Is there any definition for the word "privileged user" in the Linux
(especially RedHat) environment?

    User 'root' is the only, initially, "privileged user".

    But root can assign other users certain privileges.

Ergo my word 'initially'.

Yes, you CAN assign a vast number of 'elevated' privs
for any user. My concern for newbies is that they may
go too far that way - compromising security.

You CAN make Linux as horribly insecure as Winders.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-08-28, Marc Haber <mh+usenetspam1118@zugschl.us> wrote:

Borax Man <rotflol2@hotmail.com> wrote:

ID's start at 1000 so they don't overlap with ID's which may be used for >>system processes and the like. When I started using Linux, they typically >>started at 500.

That is local configuration with defaults set by the distribution. See /etc/login.defs.

Greetings
Marc

Yes, you can change it. Distro's defaulted to 500, now its typically
1000. I have my UID set at 500, because I've wanted to maintain the
same UID since I first started using Linux.

I'll change it one day, but all my backups will have to change too.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Marco Moock wrote:

Hello!

Is there any definition for the word "privileged user" in the Linux (especially RedHat) environment?

I am currently learning RedHat OpenShift and the courses include a
question where the answer is that 2 containers run with UID 27 are
called privileged. (DO190 ch03s08 if you have access).

I am aware that it is common that normal (real people) users start with
1000 ongoing, server process users are below. Is there a difference on
the IDs or is that just tradition?

Would users in the "wheel" group be priveleged? They can do anything
with sudo.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 29/08/2024 11:59, Borax Man wrote:

On 2024-08-28, Marc Haber <mh+usenetspam1118@zugschl.us> wrote:

Borax Man <rotflol2@hotmail.com> wrote:

ID's start at 1000 so they don't overlap with ID's which may be used for >>> system processes and the like. When I started using Linux, they typically >>> started at 500.

That is local configuration with defaults set by the distribution. See
/etc/login.defs.

Greetings
Marc

Yes, you can change it. Distro's defaulted to 500, now its typically
1000. I have my UID set at 500, because I've wanted to maintain the
same UID since I first started using Linux.

I'll change it one day, but all my backups will have to change too.

Wow. It was always 1000 on most systems I ever came in contact with.


--
In todays liberal progressive conflict-free education system, everyone
gets full Marx.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Woozy Song <suzyw0ng@outlook.com> wrote:

Marco Moock wrote:

Hello!

Is there any definition for the word "privileged user" in the Linux
(especially RedHat) environment?

I am currently learning RedHat OpenShift and the courses include a
question where the answer is that 2 containers run with UID 27 are
called privileged. (DO190 ch03s08 if you have access).

I am aware that it is common that normal (real people) users start
with 1000 ongoing, server process users are below. Is there a
difference on the IDs or is that just tradition?

Would users in the "wheel" group be priveleged? They can do anything
with sudo.

For some definitions of "privledged" that would be a yes.

But as some other poster pointed out, Marco seems to be dealing with
OpenShift internals, so he likely needs to find OpenShift's definition (wherever that might be).

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 29/08/2024 13:06, The Natural Philosopher wrote:

Wow. It was always 1000 on most systems I ever came in contact with.

FWIW, didn't actually go to 1000 by default until RHEL7 in 2014 for Redhat/Redhat-oids...

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/migration_planning_guide/chap-red_hat_enterprise_linux-migration_planning_guide-major_changes_and_migration_considerations#sect-Red_Hat_Enterprise_Linux-Migration_Planning_Guide-
System_Management-Changes-to-system-accounts

This change might cause problems when migrating to Red Hat Enterprise

Linux 7 with existing users having UIDs and GIDs between 500 and 999.
The default ranges of UID and GID can be manually changed in the /etc/login.defs file.


I'm sure Debian/Debian-oids used 1000 far earlier. debian-policy 3.8.0
from 2008 is just the earliest I can find in its present-day git, and it
was already 1000 then.

https://salsa.debian.org/dbnpolicy/policy/-/blob/v3.8.0.0/policy.sgml#L5722

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 8/28/24 01:21, Marco Moock wrote:

Hello!

Hi,

Is there any definition for the word "privileged user" in the Linux (especially RedHat) environment?

IMHO "privileged" vs "unprivileged" is really a relative thing in that
the privileged user has more privileges than an unprivileged user.

Simply saying a user account is "privileged" doesn't convey what those privileges are.

Often, those privileges are the ability to gain root access via some
means like su, sudo, doas, run0, capabilities, etc. How many of those privileges are granted becomes difficult to say.

There is also the for something like a DBA to log in with their
unprivileged individual account and gain the privileges of the user that
the database runs as. Similarly, it's possible for a backup & recovery administrator to log in with their unprivileged individual account and
gain the privileges of the user the backup daemon runs as which isn't
always root.

I am currently learning RedHat OpenShift and the courses include a
question where the answer is that 2 containers run with UID 27 are
called privileged. (DO190 ch03s08 if you have access).

Some systems have configurations where a UID or GID below a specific
value is considered privileged for some thing. But that's a subsystem /
daemon configuration.

I am aware that it is common that normal (real people) users start with
1000 ongoing, server process users are below. Is there a difference
on the IDs or is that just tradition?

I've seen 100, 250, 500, and 1000. The exact number is a convention and
more or less common depending on the time and the family of the distro
in question.



--
Grant. . . .

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 8/28/24 02:53, 186282@ud0s4.net wrote:

Root has access to EVERYTHING

I question the veracity of that.

Especially when you consider different name spaces; mount, network, etc.

Root should always have the ability to gain access to something. But I
can think of various scenarios where root doesn't inherently have access
to things.

A simple example is an immutable file which root can't remove without
disabling the immutability first.

(note that 'sudo' kinda breaks this security measure, so research and
set it CAREFULLY). You do NOT have to use 'visudo' ... but then it's
on YOU to get it 100% right.

Anything 'vi' I tend to REMOVE because I find line-editors SO offensive
these days.

So set EDITOR and / or VISUAL and / or FCEDIT to your preferred editor.
visudo will happily use them. Or live dangerously.

The SYSTEM doesn't really care about the ID numbers.

There are some things that check to see if a UID and / or GID is below a threshold for various reasons.

While there are terminal-line utilities, you can also edit /etc/groups
and /etc/passwd using something like 'nano' and add/remove users from
the privileges of the root user. DO be CAREFUL ! Get it right. Plenty
of docs on the net.

Don't forget to edit the shadow counterparts; /etc/gshadow and
/etc/shadow respectively. Lest some tools get cranky when files and
their shadows don't match.

ProTip: Use tools, like visud -- configured to use your preferred
editor -- as they often sanity check file syntax and / or synchronize
other files and generally try to help you.

I've learned that the more you're fighting the system, the more likely
that you're doing something wrong or shouldn't be doing for some reason.

As for 'sudo' ... there ARE ways to force it to require the ROOT
password instead of the regular USER password. This is much more
secure.

How is having multiple users knowing a shared password more secure than
each user only knowing their own password?

Oh, Raspberry Pi's ... 'sudo' often requires NO password. NOT great.

Agreed. But that's a distribution configuration, not a software
requirement.

Upstream sudo will ask for the running user's password. The intention
is for the running user to authenticate themselves to sudo and then sudo
allows or disallows them to do what they've asked to do based on the configuration of the sudoers file.



--
Grant. . . .

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, 28 Aug 2024 08:21:01 +0200, Marco Moock wrote:

I am currently learning RedHat OpenShift and the courses include a
question where the answer is that 2 containers run with UID 27 are
called privileged. (DO190 ch03s08 if you have access).

What they might mean is the the containers have to be managed by a
privileged user. Because some container technologies allow nonprivileged
users to create and manage their own containers.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 30/08/2024 03:17, Grant Taylor wrote:

IMHO "privileged" vs "unprivileged" is really a relative thing in that
the privileged user has more privileges than an unprivileged user.

STOP ROOT PRIVILEGE NOW!

--
In theory, there is no difference between theory and practice.
In practice, there is.
-- Yogi Berra

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 30.08.2024 um 03:05 Uhr Lawrence D'Oliveiro wrote:

On Wed, 28 Aug 2024 08:21:01 +0200, Marco Moock wrote:

I am currently learning RedHat OpenShift and the courses include a
question where the answer is that 2 containers run with UID 27 are
called privileged. (DO190 ch03s08 if you have access).

What they might mean is the the containers have to be managed by a
privileged user. Because some container technologies allow
nonprivileged users to create and manage their own containers.

If I understood it properly the true answers were containers where the
UID was 2x. Other processes ran under 1001 and those answers weren't
correct.

--
kind regards
Marco

Send spam to 1724979908muell@cartoonies.org

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-08-29, David De La Harpe Golden <david@harpegolden.net> wrote:

On 29/08/2024 13:06, The Natural Philosopher wrote:

Wow. It was always 1000 on most systems I ever came in contact with.

FWIW, didn't actually go to 1000 by default until RHEL7 in 2014 for Redhat/Redhat-oids...

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/migration_planning_guide/chap-red_hat_enterprise_linux-migration_planning_guide-major_changes_and_migration_considerations#sect-Red_Hat_Enterprise_Linux-Migration_Planning_Guide-

System_Management-Changes-to-system-accounts

This change might cause problems when migrating to Red Hat Enterprise

Linux 7 with existing users having UIDs and GIDs between 500 and 999.
The default ranges of UID and GID can be manually changed in the /etc/login.defs file.

I'm sure Debian/Debian-oids used 1000 far earlier. debian-policy 3.8.0
from 2008 is just the earliest I can find in its present-day git, and it
was already 1000 then.

https://salsa.debian.org/dbnpolicy/policy/-/blob/v3.8.0.0/policy.sgml#L5722

I first used Linux in 2000. I'm sure I didn't change any default, so
RedHat back then was configured to start at 500. That changed to 1000 sometimes after, but because all my files, backups, external drives were already tagged "uid 500" I just kept that uid for newer installs, than
change all my files on all my machines.

One day, I'll change the UID. Changing the ownership of files to match
the new UID isn't too hard. There's just a lot of drives and archives
that will be affected.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)