2. 2
Linux Privileges
In Linux systems, most processes will be
assigned to a dedicated user or user group to
run. This may result in a lot of users with
various permissions to be present on the
system.
Regular User
The most basic type of access an account can
have in a given system. Regular users will
usually only have access to their own files
and applications but not to any of the other
system settings or directories.
ViSudo
Similar to regular user accounts, a ViSudo account
will have limited access to most files and
applications. The exceptions are a few specific
“super” privileges in certain programs.
Root
Root accounts are the most privileged accounts
on the local system. These accounts have access
to all system settings and directories, including
more low-level data.
3. Linux Boot Process
MBR
The basic input/output system, also known
as the BIOS, executes the master boot
record. This, in turn, executes the boot
bootloader code.
Kernel
The kernel is the first program to load after
the bootloader; it takes part in loading the
operating system and establishing
communication with the input and output
devices
Run Level
Run level operations are those with deprived
permissions. After the system has been
booted, root privileges are no longer needed,
and all processes may run with lower level
users.
Init
Init is considered to be the father of all
processes on an operating system as it starts
all process afterwards, due to that fact init
executed as root with PID 1.
GRUB
The Grand Unified Bootloader is part of the
GNU project and is the default bootloader in
most of the common distros available on the
market.
Run level
Kernel
MBR
GRUB
Init
3
1
2
3
4
5
4. Booting the System
A feature available from GRUB is its
ability to interrupt itself during boot and
to edit its settings.
By pressing ‘e’ during boot, the user is
promoted, with the option to edit
GRUB’s settings, via the command-line
editor.
4
5. Editing the Settings
When inside GRUB’s settings, the
important line for achieving privilege
escalation is the kernel line. The kernel
line starts with ‘linux /boot/’.
On this line, the ‘ro’, implying read only,
needs to be changed to ‘rw
init=/bin/bash’. In doing this, read/write
is defined, and init is configured to run
the default shell that resides in
‘/bin/bash’.
The last part involves saving the
configuration by pressing ‘ctrl+x’ and
proceeding with the boot.
5
6. Root Shell
When within a shell, the following
commands are used to create a user
with administrative privileges for further
use:
• Adduser [username] – Creates a user
with the given name
• Adduser [username] sudo – Grants
root permissions to the given user
• Sync – Synchronizes the data on the
disk containing memory
• Reboot -f – Forces the reboot of the
system
• Passwd [username] – Promote for
password for the given user
If all steps were executed correctly, a
new privileged user will now be created.
6
7. Means of Protection
Previously grub was encryptable using grub-md5-
crypt but is no longer considered secure.
A more updated tool is grub-mkpasswd-pbkdf2,
but sometimes manual encryption is preferred
editing the ‘/etc/grub.d/00_header’
‘/etc/grub.d/10_linux’ and ‘/etc/grub.d/30_os-
prober’ files.
Bootloader Password
Setting a bootloader password may protect
the computer from having its boot order
changed.
Restrict Access
More of a precautionary step, rather than a
security method, one could try to never
leave the computer unattended or in an
accessible area. This is not an enforceable
option in most cases.
7
