Understanding Linux User Privileges, Packages, and Firewalls

Published on:January 31, 2025
Author: Dirghayu Joshi

When working with Linux systems—whether on a personal machine or in the cloud—understanding user privileges, package management, and firewall configuration is crucial. This guide ties those concepts together, showing how they connect under the hood with systemd.

Standard User's Default Privileges

By default, a standard user in Linux only has control over their personal home directory.

  • They can create, modify, and delete files within it.
  • They cannot make system-wide changes such as editing configuration files, modifying network rules, or installing global software.

System-wide changes require an administrator (superuser) account.

The default administrator account on Linux is called the root account. However, logging directly into root is strongly discouraged:

  • Root has no protection from mistakes.
  • A careless command could delete critical files or even render the system unusable.
  • Since the root username exists by default on every Linux system, it also gives attackers and botnets a known entry point.

👉 Instead of logging in as root, Linux encourages using privilege escalation through sudo.

Privilege Escalation with sudo

sudo stands for Super User Do, and it allows a regular user (who belongs to the sudo group) to run commands with administrative privileges.

Normally, using sudo prompts the user for their password as an extra safeguard. However, in many cloud-based VMs, password-less sudo is enabled by default for convenience.

Switching to Root

To switch into a root shell:

sudo su -

To exit back to a standard user session:

exit

⚠️ Best practice: Only use sudo for commands that require it, and avoid staying logged in as root unnecessarily.

Package Management in Ubuntu

Ubuntu uses the APT package manager, which is based on the Debian .deb package format.

Key Terms

  • Application: Any executable program, utility, or script.
  • Package: Contains the files and instructions needed to install one or more applications.
  • Package Manager: Software (like apt) that installs, removes, and tracks packages.
  • Repository: Online collection of packages that can be downloaded and installed.
  • .deb: The package format used by Ubuntu/Debian.

Common apt Commands

apt search <commandName>     # Find a package based on a command
apt info <packageName>       # Get package details
sudo apt install <packageName>  # Install a package
sudo apt remove <packageName>   # Remove a package

👉 Example: apt search ifconfig will help you find which package contains the ifconfig utility.

Packages, Services, Processes, and systemd

A question often arises: What does a package run? How do services and processes come into the picture?

  • Package: Bundle of files and installation instructions. May install an app or a service.
  • Service: A background process that runs continuously, performing tasks without direct user interaction.
  • Process: An active instance of a program in memory.
  • systemd: The modern Linux system and service manager. It starts services at boot, manages processes, and provides tools to check and control service status.

👉 Think of it this way:

  • The package gives you the software.
  • A service ensures it runs in the background.
  • systemd keeps track of when and how the service starts and runs.

Firewalls: UFW vs iptables

Ubuntu ships with UFW (Uncomplicated Firewall) enabled by default. While it simplifies firewall configuration, administrators often prefer iptables for finer control.

Firewall Actions

  • ACCEPT: Allow packets.
  • DROP: Silently discard packets.
  • REJECT: Block packets and notify sender.
  • LOG: Record packets for analysis.

⚠️ Be cautious—misconfigured firewalls can lock you out of your own system. For example, dropping SSH traffic (port 22) could prevent remote access.

iptables Firewall Basics

In iptables, every packet is checked against a series of rules. If a packet matches a rule, an action is taken.

Common Commands

iptables -L                  # List all rules
iptables -L -v               # List rules with packet/byte counts
iptables -nvL --line-numbers # Show rules with line numbers

iptables -P INPUT DROP       # Set default policy to DROP all incoming packets
iptables -I INPUT 2 -p tcp --dport 22 -j ACCEPT   # Insert rule to allow SSH
iptables -D INPUT 2          # Delete rule #2

iptables-save > /etc/iptables/rules.v4   # Save rules for persistence

⚠️ Important: Firewall rules only last until reboot. To make them persistent, save them with iptables-save.

Managing Firewalls with systemd

Once iptables is installed and configured, we need to ensure it starts on boot. Most modern Linux systems rely on systemd for this task.

The netfilter-persistent service (provided by iptables-persistent package) is used to manage firewall rules across restarts.

Common systemctl Commands

systemctl status -l netfilter-persistent   # Check if service is running
systemctl start netfilter-persistent       # Start service (until reboot)
systemctl restart netfilter-persistent     # Restart service
systemctl stop netfilter-persistent        # Stop service
systemctl enable netfilter-persistent      # Enable service at boot
systemctl disable netfilter-persistent     # Disable service at boot

👉 Active services appear in green when running correctly and in red if errors are detected.

Wrapping Up

We've tied together several key Linux administration concepts:

  1. User privileges: Standard users are limited, and escalation happens via sudo.
  2. Packages and services: Packages install apps, services run in the background, and systemd orchestrates both.
  3. Firewalls: UFW simplifies configuration, while iptables gives detailed control, with persistence managed by systemd.

With this understanding, you can confidently secure, manage, and troubleshoot Linux systems—whether running locally or in the cloud.

You have reached the end of the article 😊, thanks for reading and have a good day!

Subscribe to get updates on new articles

Get the latest articles delivered straight to your inbox