Introduction to Polkit

Introduction to Polkit: Navigating Authorization Frameworks in Linux

Polkit is an authorization framework installed on every modern Linux distribution: it provides API which allow privileged applications to expose services to unprivileged subjects. Communications with Polkit happens over D-Bus, which is an IPC (Interprocess Communication) system; to understand how the former works, we have to get a grasp of how the latter is implemented, first.

Read more

How to increase the security of Systemd services

How to increase the security of systemd services

Nowadays all major Linux distributions adopted Systemd as their init system/service manager. Creating a systemd service is just a matter of writing a “.service” unit in the appropriate directory, and manage it using the systemctl utility. When starting a service, or launching a process in general, we want to make sure it runs with the lowest possible set of privileges it needs to accomplish the task. Systemd provides a series of options we can be use to fine-tune the behavior of a service, granting or denying privileges in a granular way, and ensuring a certain level of isolation from the rest of the system.

Read more

How to keep configuration files under version control with Etckeeper

How to keep configuration files under version control with Etckeeper

On Linux-based operating system the /etc directory is used to hold global configuration files for applications and services. A good set of configurations is really important for a good working system, so being able to keep track of changes and quickly revert them, in case something go wrong, is crucial. Etckeeper helps us achieve this goal keeping configuration files under version control.

Read more

article-main

How to set filesystems mount order on modern Linux distributions

In a previous tutorial we discussed about the /etc/fstab file, and how it is used to declare the filesystems which should be mounted on boot. In the pre-Systemd era, filesystem where mounted in the order specified in the /etc/fstab file; on modern Linux distributions, instead, for a faster boot, filesystem are mounted in parallel. Systemd manages the mounting of filesystems via specifically designed units automatically generated from /etc/fstab entries. For these reasons a different strategy must be adopted to establish the dependency between two filesystems, and therefore to set their correct mount order.

Read more