Unix Access Control Basic CE 2

Slides:



Advertisements
Similar presentations
Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Advertisements

Linux Users and Groups Management
Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.
Chapter 8 Files and User Information Utilities. Logical Partitions referred to as file systems like a drive in windows world $ df (display filesystems)
1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.
Unix Security Issues Process Creation/Space Users and Groups File Permissions Relationship of Program and File Security.
Linux+ Guide to Linux Certification, Second Edition
Linux+ Guide to Linux Certification, Second Edition
LERSAIS.  Access Control in Unix  Access Control in Windows  Port Redirection 2.
Getting Started with Linux Linux System Administration Permissions.
Workbook 3 Users and Groups
O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.
Introduction to Linux Installing Linux User accounts and management Linux’s file system.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
CIS 218 Advanced UNIX 1 User and System Information CIS 218.
Unix System Administration Rootly Powers Chapter 3.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.
Unix System Administration Chapter 6 Adding New Users.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.
Linux+ Guide to Linux Certification, Third Edition
File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
Lecture 5: User Accounts & Directory Service Instructor: Dr. Najla Al-Nabhan
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
Linux+ Guide to Linux Certification, Third Edition
Linux+ Guide to Linux Certification, Third Edition
PacNOG 6: Nadi, Fiji UNIX ™/ /Linux Permissions Hervey Allen Network Startup Resource Center.
Privileges: who can control what Introduction to Unix June 16, 2009 Papeete, French Polynesia Hervey Allen.
Λειτουργικά Συστήματα - Lab1 Γιάννης Πετράκης. The Operating System  Unix is a layered operating system  The innermost layer is the hardware that provides.
Privileges: who can control what Introduction to Unix May 24, 2008 Rabat, Morocco Hervey Allen.
Advanced Programming in the UNIX Environment Hop Lee.
Manually Creating a New User Account Presented by Carl South.
The Unix File system (UFS) Presented by: Gurpreet Singh Assistant Professor Department of School of Computing and Engineering Galgotias University.
IS 2150 / TEL 2810 Introduction to Security
CSCI 330 The UNIX System Unit V Permissions. all access to directories and files is controlled UNIX uses discretionary access control (DAC) model each.
Chapter 8 File System Security. File Protection Schemes Password-Based Protection Encryption-Based Protection Protection-Based on Access Permission.
Linux Use the Command-Line Interface to Administer the System.
CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.
SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Secure Design Principles OS Security Overview Lecture 2 September 6,
Jozef Goetz, expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.
Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
Karlstad University Operating System security Ge Zhang Karlstad University.
Linux Filesystem Management
Privileges: who can control what
Permissions: who can control what Unix/IP Preparation Course July 19, 2009 Eugene, Oregon, USA
Module X (Unix/Linux Password Security)
Chapter 8 File Security.
IS 2150 / TEL 2810 Introduction to Security
Chapter 2 User Management
Privileges: who can control what
Linux Users and Groups Management
Adding New Users, Storage, File System
Access Control Lists CSCI Fall 2008 GWU Sources:
COP 4343 Unix System Administration
Security and File Permission
OPS235 Lab4: Investigations 5 – 9
Chapter Introduction 3.2 The UNIX Model of Ownership
The Attack and Defense of Computers
Module 13 System and User Security
Rootly Powers Chapter 3.
Adding New Users.
Access Control and Audit
Presentation transcript:

Unix Access Control Basic CE 2 James Joshi Associate Professor, SIS May 20, 2011

Unix Security Overview

Unix Kernel Standard Utility Programs System database files I/O, Load/Run Programs, Filesystem; Device Drivers … Standard Utility Programs /bin/ls, /bin/cp, /bin/sh System database files E.g, /etc/passwd; /etc/group

Users and password Each user has a /etc/passwd contains unique account identified by a username Each account has a secret password Standard: 1-8 characters; but varies Passwords could be same – bad choice! /etc/passwd contains Username, Identification information Real name, Basic account information

Account info Field Contents rachel Username. x Holding place for the user's "encrypted password." Newer Unix systems store encrypted passwords in a separate file (the shadow password file) that can be accessed only by privileged users. 181 User's user identification number (UID). 100 User's group identification number (GID). Rachel Cohen User's full name /u/rachel User's home directory. /bin/ksh User's shell (empty field means default shell) rachel:x:181:100:Rachel Cohen:/u/rachel:/bin/ksh

Users and Groups Each user is uniquely identified by a UID Special user names Root; Bin; Daemon; Mail; Guest; ftp Every user belongs to one or more groups A primary group /etc/group Gname, Gpassword, GID, Users 16 bits: How many IDs? UID 0: superuser (More bits too) Most versions of Unix use the wheel group as the list of all of the computer's system administrators (in this case, rachel and the root user are the only members). On some systems, the group has a GID of 0; on other systems, the group has a GID of 10. Unlike a UID of 0, a GID of 0 is usually not significant. However, the name wheel is very significant: on many systems the use of the su command to invoke superuser privileges is restricted to users who are members of a group named wheel. The second line of this file defines the http group. There is one member in the http group—the http user. The third line defines the users group. The users group does not explicitly list any users; on some systems, each user is placed into this group by default through his individual entry in the /etc/passwd file. The fourth and fifth lines define two groups of users. The vision group includes the users keith, arlin, and janice. The startrek group contains the users janice, karen, and arlin. Notice that the order in which the usernames are listed on each line is not important. Finally, the sixth line defines a group for the user rachel.

Users and Groups Some useful commands groups id newgrp su wheel:*:0:root,rachel http:*:10:http users:*:100: vision:*:101:keith,arlin,janice startrek:*:102:janice,karen,arlin rachel:*:181:

Superuser root; UID = 0 …….. Complete Control Used by OS itself for basic functions Logging in/out users Recording accounting info Managing input/output devices Security controls are bypassed There are few things not allowed Decrypt passwords shadow-file, … Key Security Weakness in Unix Processes can run with Effective UID = 0

User ids Each process has three Ids Real user ID (RUID) a user’s “real identity” same as the user ID of parent (unless changed) Effective user ID (EUID) from set user ID (SUID) bit on the file being executed Can use su command to assume another’s RUID Saved user ID (SUID) Allows restoring previous EUID

Unix file system File systems store information in files and metadata about files. tree-structured A file is a block of information that is given a single name and can be acted upon with a single operation. "everything is a file"

Unix file security Each file/directory has owner and group How are the permissions set by a owner for Read, write, execute Owner, group, other Only owner, root can change permissions This privilege cannot be delegated or shared

Unix File Permissions File type, owner, group, others File type: drwx------ 3 jjoshi isfac 512 May 20 07:39 . drwx------ 3 jjoshi isfac 512 May 20 06:50 .. d-w-r-xrw- 2 jjoshi isfac 512 May 20 07:39 testDir --w-r--rw- 1 jjoshi isfac 0 May 20 07:49 testFile.txt File type: regular is indicated by “-” directory is indicated by “d” Permissions: - r, w, x r w x r w x Owner‘s Group‘s Other’s Regular file

Umask Specifies the permission you do not want given by default to new files Creation mask for directory (say, cmask): 777 Creation mask for files (cmask) : 666 When a file/directory is created its initial permissions will be Bitwise AND of Complement of umask value & cmask Do exercise 2

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.