File System Security in Unix Annie Calpe. Overview Unix Basics File System Security: - Account Security: Passwords - File Permissions - Access Control.

Slides:



Advertisements
Similar presentations
Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
Advertisements

Engineering Secure Software. Linux File Permissions  Each file and directory has bits for.. Read, Write, Execute: rwx Files: works as it sounds  Directories:
Exploring the UNIX File System and File Security
File Security. Viewing Permissions ls –l Permission Values.
Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.
File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.
Linux+ Guide to Linux Certification, Second Edition
UNIX Chapter 08 File Security Mr. Mohammad Smirat.
Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Getting Started with Linux Linux System Administration Permissions.
File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
COMP1070/2002/lec4/H.Melikian COMP1070 Lecture #5  Files and directories in UNIX  Various types of files  File attributes  Notion of pathname  Commands.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.
The file structure and related utilities CS240 Computer Science II.
Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.
1 Lecture 2 Working with Files and Directories COP 3344 Introduction to UNIX.
– Introduction to the Shell 10/1/2015 Introduction to the Shell – Session Introduction to the Shell – Session 2 · Permissions · Users.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition
Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2011 by the Trustees of Indiana University except as noted.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.
Chapter Two Exploring the UNIX File System and File Security.
File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.
Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.
10.1 Silberschatz, Galvin and Gagne ©2005 Operating System Principles 10.4 File System Mounting A file system must be mounted before it can be accessed.
Chapter Two Exploring the UNIX File System and File Security.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
File Security and Permissions. File Permissions (1) u With respect to a particular file, Unix divides the set of all users on a system into three categories:
1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File.
Linux+ Guide to Linux Certification, Third Edition
Linux+ Guide to Linux Certification, Third Edition
PacNOG 6: Nadi, Fiji UNIX ™/ /Linux Permissions Hervey Allen Network Startup Resource Center.
Privileges: who can control what Introduction to Unix June 16, 2009 Papeete, French Polynesia Hervey Allen.
Privileges: who can control what Introduction to Unix May 24, 2008 Rabat, Morocco Hervey Allen.
Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2007 by the Trustees of Indiana University except as noted.
Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.
The Unix File system (UFS) Presented by: Gurpreet Singh Assistant Professor Department of School of Computing and Engineering Galgotias University.
Revision: Absolute and relative paths. (root) staffusrbinstudetc ResearchTeachingPrivate pgugitmasters xxxgtrxxx CUA Coursework1.txt CUA xxx02uxxx04u.
2 Manual & Filestore Mauro Jaskelioff. Introduction Using the manual The UNIX filestore File permissions.
1 Introduction to NTFS Permissions Assign NTFS permissions to specify Which users and groups can gain access to folders and files What they can do with.
1 Lecture 2 Working with Files and Directories COP 3353 Introduction to UNIX.
CSCI 330 The UNIX System Unit V Permissions. all access to directories and files is controlled UNIX uses discretionary access control (DAC) model each.
Chapter 8 File System Security. File Protection Schemes Password-Based Protection Encryption-Based Protection Protection-Based on Access Permission.
UNIX File System By Vishal Desai. Introduction Basic purpose of file system: Represent and organize the system resources. But UNIX File System also maps.
Agenda The Linux File System (chapter 4 in text) Setting Access Permissions Directory vs File Permissions chmod Utility Symbolic Method Absolute Method.
Jozef Goetz, expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.
Karlstad University Operating System security Ge Zhang Karlstad University.
Company LOGO Security in Linux PhiHDN - VuongNQ. Contents Introduction 1 Fundamental Concepts 2 Security System Calls in Linux 3 Implementation of Security.
Linux Filesystem Management
Privileges: who can control what
Viruses and spyware are two kinds of usually malicious software that you need to protect your computer against. You need antispyware technology to help.
Permissions: who can control what Unix/IP Preparation Course July 19, 2009 Eugene, Oregon, USA
Agenda The Linux File System (chapter 4 in text)
File permissions Operating systems I800
Introduction to NTFS Permissions
Chapter 11: Managing Users
Chapter 8 File Security.
Privileges: who can control what
Exploring the UNIX File System and File Security
File system(conti..) Lecture November 2018.
CE Operating Systems Lecture 21
Security and File Permission
Department of School of Computing and Engineering
Agenda The Linux File System (chapter 4 in text)
Presentation transcript:

File System Security in Unix Annie Calpe

Overview Unix Basics File System Security: - Account Security: Passwords - File Permissions - Access Control Lists

Unix Basics Developed in the late 1970s A multi-user environment Intended to be used only by a small number of people within the same company

An Area of File System Security Account Security : Concerned with keeping unauthorized users from gaining access into the system. A login feature is added for file security.

Account Security: Passwords One way hash encryption algorithm Uses a modified version of the Data Encryption Standard (DES) Uses a “salt”

The UNIX File System Controls the way that information in files and directories is laid out on the disk The hierarchical organization of files & directories is often represented with a tree structure

Simple Unix File Structure /(root) utmpbin huey cp rm myfilefile1file2

Another Area of File System Security File System Security : Concerned with preventing unauthorized access to the system’s data. Access of data is controlled through the use of file permissions.

File Permissions a.k.a. “mode bits” or “permission bits” It controls which users can access what and how. They depend also on the permission bits associated with all directories “above” the file in the directory hierarchy.

Why should you learn about permissions? May allow others to access, alter and even delete your files! The default setting is not acceptable where sensitive data is present. Many beginning users of Unix don’t understand modes, thus compromising overall security. Permissions are a useful tool to enhance file system security!

File Ownership Levels User:User who owns the file Group:Users in a group associated with the file Other:All other users; “world” permissions All:Includes all of the above levels

3 Levels of Access Protection rreadread a fileread contents of directory wwritewrite data to a file change the contents of the directory xexecuterun an executable program search the contents of a folder or subdirectory

Format of Permissions file or directory? User modes Group modes Other modes _ _ _ _ _

Additional Permissions 4th bit is available per set. These are only useful for executable files: 1. setuid (replaces user’s x by s) 2. setgid (replaces group’s x by s) 3. “sticky” (replaces other’s x by t)

Additional Permissions: setuid and setgid Used when another user must perform a task which only the owner of a file has the power to do: 1. setuid – script which assumes the User ID of the program when run 2. setgid – script which assumes the Group ID of the program group when run

Additional Permissions: The “sticky” Bit When set, only the root or owner can unlink/rename files in a directory. Without it, anyone able to write to the directory can delete/rename files. It is commonly found on world-writable directories, such as /tmp.

Checking Current Access Modes To check the file characteristics for all files within the current directory, type: “ls -l” To check the file characteristics of a specific file or directory, type: “ls -l ”

“ls -l” Example Output > ls – l drwxr-xr-x3huey512Dec2715:58dir1 -rwx huey16384Jun113:45progfile1 -rwsr-sr-t1huey24576Jan2316:35progfile2 -rw-r--r--1huey40Dec2911:42textfile1 -rw-rw-rw-1huey1024Mar2308:19textfile2

Setting Permissions The chmod command is used to set or modify file and directory permissions 2 ways to specify permissions: - symbolic mode - absolute mode

Setting Permissions : Symbolic Mode chmod op options who:u, g, o, a op:+, -, = perm bits:r, w, x, s, t

Symbolic Mode - Example Apply to all rows in current directory: >chmod u=rwx,g=rx,o=r row* Allow all users to read and search contents of directory: >chmod a=rx dir1

Adding Permissions - Example >ls -l textfile1 -rw-r--r-- … (current permissions) >chmod g+w textfile1 >ls -l textfile1 -rw-rw-r-- … (updated permissions)

Subtracting Permissions >ls -l textfile1 -rw-rw-r-- … (current permissions) >chmod g-w textfile1 >ls -l textfile1 -rw-r-r-- … (updated permissions)

Setting Permissions: Absolute Mode chmod Octal #Permission set user id set group id “sticky” bit Read by owner Write by owner Execute by owner Octal #Permission Read by group Write by group Execute by group Read by other Write by other Execute by other

Absolute Mode – Example To let the owner read, write, and execute: = 0700 Yet, only allow group users and others to read and write to the file: = 0060 (group value) = 0006 (others value) The octal value = > chmod 766

umask Used to turn off permissions: umask For a file: determine the numeric value for the desired permissions and subtract it from 666 to get the umask value

umask For a directory: determine the numeric value for the desired permissions and subtract it from 777 to get the umask value Used to set default permissions for newly created files within the directory, only during the current shell session.

Access Mode Limitations Modes are defined to only user, group, and others i.e. Users cannot designate file access to specific users

Access Control Lists (ACLs) Reduces complexity of managing permissions Stored as extended attributes Allows you to define lists that grant/deny access to a given file based on criteria that you provide Enabled ACLs will append a “+” to the set of permissions. e.g. -rwxr--r--+

ACLs Can have separate access control specifications Can limit permissions granted to individually specified users or groups Can allow user and group permissions to be automatically specified upon file creation

setfacl Used to modify(-m) or remove(-x) ACLs e.g. setfacl –m d:u:username:rwx g:student:rwx mydir NOTE: “d:” is optional for setting default ACLs for a directory

getfacl Lists ACLs on files and directories getfacl

Summary Security is an important issue with the rise in popularity of Unix as a multi-user environment(due to its portability). The most secure way of protecting your files would be to not to store them in the system in the first place. Otherwise, having an understanding of permissions is a good start towards enhancing security.

References FreeBSD Handbook “Improving the Security of Your Unix System” – D. A. Curry “Improving the Security of Your Unix System” O’Reilly Practical UNIX & Internet Security – S. Garfinkel & G. Spafford UNIX Commands – Western Michigan University UNIX Commands Unix System Security: A Guide for Users and System Administrators – D. A. Curry

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.