MUCH OF THE POWER OF A GNU/LINUX SYSTEM COMES FROM its support for
multiple users and for networking. Many people can use the system at once, and they
can connect to the system from remote locations. Unfortunately, with this power
comes risk, especially for systems connected to the Internet. Under some circum-
stances, a remote “hacker” can connect to the system and read, modify, or remove files
that are stored on the machine. Or, two users on the same machine can read, modify,
or remove each other’s files when they should not be allowed to do so.When this
happens, the system’s security is said to have been compromised.
The Linux kernel provides a variety of facilities to ensure that these events do not
take place. But to avoid security breaches, ordinary applications must be careful as well.
For example, imagine that you are developing accounting software.Although you
might want all users to be able to file expense reports with the system, you wouldn’t
want all users to be able to approve those reports.You might want users to be able to
view their own payroll information, but you certainly wouldn’t want them to be able
to view everyone else’s payroll information.You might want managers to be able to
view the salaries of employees in their departments, but you wouldn’t want them to
view the salaries of employees in other departments.
198 Chapter 10 Security
To enforce these kinds of controls, you have to be very careful. It’s amazingly easy
to make a mistake that allows users to do something you didn’t intend them to be able
to do.The best approach is to enlist the help of security experts. Still, every application
developer ought to understand the basics.
10.1 Users and Groups
Each Linux user is assigned a unique number, called a user ID, or UID. Of course,
when you log in, you use a username rather than a user ID.The system converts your
username to a particular user ID, and from then on it’s only the user ID that coun