Principle of Least Power

[00:00:00]
>> Linux is a multi-user operating system by default, meaning that you can have multiple people logged in, but users don't even necessarily have to be other people. It can be other programs. It can be temporary users. There's a bunch of stuff that you can use users for. In our case, if we go back to our command line here, You can see here I have ubuntu, that's actually the name of my user.

[00:00:35]
So by default, Multipass setting up for us a user named ubuntu. So it's always useful to know that you can say, who am I, just like that. It's a program that just goes and finds out who you are. It's not even necessarily an existential question of, who am I?

[00:00:53]
It's not gonna tell you, you are as strong and independent person, unless that's your username. That's actually might be a good one. But anyway, when you ask, who am I, it's gonna say ubuntu. And ubuntu, sorry, you just say ubuntu. Yeah, so that is the default user just for Multipass.

[00:01:19]
That's not necessarily the default user for Ubuntu in general or Linux or anything like that. It's just for this one. But we can see, if we say, cat etc/passwd, like that, we can actually see the name of all of the users on our computer at this particular time, right?

[00:01:37]
So cat passwd is actually a file that exists in your computer that keeps track of all of your various different users. So we we have daemon, bin, sys, sync, man, lp, mail. You can see that there is actually quite a few users set up by default on ubuntu without us ever having to doing it.

[00:01:56]
The only one that we actually know anything about is ubuntu. But there's a bunch of them, right, like nobody, nobody has an account on your computer. I don't remember what the rest of these are. I know this one here, this is the home directory that they have, because each one of them has a different home directory.

[00:02:18]
And then this one right here is called their login shell. So if you log in as ubuntu, it's automatically going to log you into bash, but for example, something here like lxd, that's a different user. Their login shell is false, which is a program that just returns false.

[00:02:36]
So it means that they actually can't log in interactively, which you can, right, cuz yours is bin bash. So why do we have all these users? Why don't we just run everything as root and call it good? Well, if that question doesn't make you a little uncomfortable, it's cuz you don't necessarily understand yet what I'm getting at, but hopefully soon you will.

[00:02:56]
This is kinda the principle of least power, and I've actually talked about this before in some of my other workshops. In particular, in the containers one I talk about it. You want each user to have the least amount of power possible. Now, why is that? Let's say, for example, someone for for some reason is able to get a hold of the password for the, I don't know, news user, I don't know how they would but let's pretend for a second that they did.

[00:03:23]
If they tried to log in as the news user, they would end up logging in as a no login, which would basically just kick them out, so you can actually log in and kick them out. So it means that user actually has no power to accomplish anything via an interactive shell, which is great.

[00:03:39]
It means it's not gonna allow them to like log in, doing conventional things. So that's the principle of least power in effect here, that you've actually kind of shut down one vector of attack for attackers to get into your computer. Now, I'm running Multipass here on my local computer.

[00:03:57]
It's not really that big of a deal if someone gets into it, but if you're running a server on production that's running Ubuntu, you don't want people to be able to attack your your computer. So all this to say is if you have some sort of job that needs to run on your computer, you want to run it as an unprivileged user, so that if someone gets a hold of the login credentials for that unprivileged, they're not able to blow things up or exfiltrate data.

[00:04:26]
By the same token, you're afraid of nefarious actors out there that are trying to get into your computer, but you also should have a healthy fear of yourself. Maybe you try and run a script and it has an rm -rf * star on it. I don't know, it's happened before, weirder things have happened.

[00:04:46]
But if it's an unprivileged user that can't delete files, then you've already saved yourself just by the permissions that the user is allowed to do things. So that's the idea of users here, cuz you want to give these accounts the least amount of privilege that they can have to be able to make changes that still allows them to do their job.

[00:05:08]
Okay, so again here, if I say, whoami, I am ubuntu. But now, if I go to the root directory and I try and make a directory here, and say, call it hi, it's gonna say, hey, ubuntu you can't make hi, permission denied, right? I don't actually have permissions to do anything in that root directory.

[00:05:29]
Why is that? Well, the only user that has inherent privilege to be able to create things in that root directory is root, root is the only one. So if you just say ls -lsa, notice everything here is from root root. The second one is the group, and we'll talk about that a little bit, in a little bit, but right now we're focused on root, the user.

[00:05:51]
The root user is the only one that has any sort of privilege in this root directory to be able to do anything, okay? Whereas if I go into home, you'll notice here that there's a ubuntu directory, that's my home directory as the ubuntu user, and that directory is owned by ubuntu.

[00:06:13]
That means me, ubuntu, can do anything that I want inside of that directory. So it's kind of containing that chaos, right? So I can't, as the ubuntu user, I can't actually run rm, I can't actually run this. I'm almost scared to run it because you really shouldn't, but I know that I can't do it.

[00:06:39]
That's funny. So rm actually, so don't do this, what I actually just did, please don't because it's probably not gonna work. But it actually has a failsafe, and it was like, wait, no, don't you're not allowed to do that. But I think even if I did that, it wouldn't allow me to do it because ubuntu doesn't have permission to delete that root directory.

[00:06:56]
Don't try it, just believe me. [LAUGH] However, as ubuntu, I could totally say rm -rf ubuntu, and that would absolutely work because I have permissions to do that.