FILE SECURITY AND ACCESS CONTROL

Slides:



Advertisements
Similar presentations
Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
Advertisements

Engineering Secure Software. Linux File Permissions  Each file and directory has bits for.. Read, Write, Execute: rwx Files: works as it sounds  Directories:
File Security. Viewing Permissions ls –l Permission Values.
Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.
File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.
Linux+ Guide to Linux Certification, Second Edition
CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang
Getting Started with Linux Linux System Administration Permissions.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Linux Directory Navigation. File & Directory Commands This is a minimal list of Unix commands that you must know for file management: ls (list) mkdir.
1 Lecture 2 Working with Files and Directories COP 3344 Introduction to UNIX.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition
Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2011 by the Trustees of Indiana University except as noted.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.
File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.
Chapter Two Exploring the UNIX File System and File Security.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
E X C E E D I N G E X P E C T A T I O N S Basic LINUX Linux System Administration Dr. Hoganson Kennesaw State University Operating Systems Directory structure:
Linux+ Guide to Linux Certification, Third Edition
Linux+ Guide to Linux Certification, Third Edition
PacNOG 6: Nadi, Fiji UNIX ™/ /Linux Permissions Hervey Allen Network Startup Resource Center.
Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2007 by the Trustees of Indiana University except as noted.
Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.
2 Manual & Filestore Mauro Jaskelioff. Introduction Using the manual The UNIX filestore File permissions.
1 Lecture 2 Working with Files and Directories COP 3353 Introduction to UNIX.
CSCI 330 The UNIX System Unit V Permissions. all access to directories and files is controlled UNIX uses discretionary access control (DAC) model each.
File System Security ls -l. First Columm d = directory l = symbolic link b = block special file c = character special file p = fifo (or named pipe) special.
Agenda The Linux File System (chapter 4 in text) Setting Access Permissions Directory vs File Permissions chmod Utility Symbolic Method Absolute Method.
Jozef Goetz, expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.
BIF703 File Permissions. As you recall from our previous notes, that Unix/Linux recognizes everything as a file: Regular files to store data, programs,
File System Security in Unix Annie Calpe. Overview Unix Basics File System Security: - Account Security: Passwords - File Permissions - Access Control.
Linux Filesystem Management
Privileges: who can control what
Permissions: who can control what Unix/IP Preparation Course July 19, 2009 Eugene, Oregon, USA
Introduction to Unix – CS 21
File permissions Operating systems I800
Linux file system "On a UNIX system, everything is a file;
Chapter 3 Maintaining Security
Lecture 2 Working with Files and Directories
Nassau Community College
UNIT-2 Basic File Attributes Course code: 10CS44
BIF703 File Permissions.
Privileges: who can control what
Using Linux Commands Lab 3.
Systems Administration CSCI Fall 2016
File system(conti..) Lecture November 2018.
Permission and CHMOD.
Lecture 44 Syed Mansoor Sarwar
CE Operating Systems Lecture 21
Access Control Lists CSCI Fall 2008 GWU Sources:
Web Programming Essentials:
UNIX System Protection
Security and File Permission
UNIX Commands A Brief Look at Common UNIX Commands.
Engineering Secure Software
The Linux Command Line Chapter 9
UNIX Commands A Brief Look at Common UNIX Commands.
UNIX Commands A Brief Look at Common UNIX Commands.
SYSTEM ACTIVITY MONITORING
In the last class,. ls –l command. seven fields
PROGRAM AT RUNTIME Subject code: CSCI-620
Engineering Secure Software
UNIX Commands A Brief Look at Common UNIX Commands.
Figure 6-13: Managing Permissions
In the last class, The concept of file system
BASIC FILE ATTRIBUTES.
RUN TIME PROGRAM BEHAVIOUR
January 26th, 2004 Class Meeting 2
Ustaza. Imtithal Alnour Saeed & Ustaza Sana AL-Hwishel
Presentation transcript:

FILE SECURITY AND ACCESS CONTROL Course Code: CSCI-620 Course Description: OPERATING SYSTEMS SECURITY Exercise 8: Session: 1 Duration: 120 min Lecture Unit: CSN1 Topic: UNIX file security Author: Prof. Bill Mihajlović Exercise 8.1 Copyright © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 Reproduction in any shape or form is prohibited.

CSCI-620 Operating systems security Topics The ACM The ACM, ACL and C-list Octal file permission code Symbolic file permission and ownership codes Umask default file and directory values Questions and answers Summary Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

Problem: The access control matrix (ACM) An ACM model of protection systems Describes who (subject) can do what (rights) to what/whom (object/subject) Example: Draw the access control matrix for the following system: An instructor can assign and grade homework and exams A TA can grade homework A Student can evaluate the instructor and TA Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Answer Homework Exam Instructor TA Students {assign,grade} ? {grade} {evaluate} Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

Question: Two ways to cut an ACM Consider ACM given below. Show order by columns (ACL) or rows (Capability Lists)? file1 file2 file3 Ana rx r rwo Bob rwxo r -- Chuck rx rwo w ACLs Capability Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Answer: The ACLs An ACL stores (non-empty elements of) each column with its object. file1: { (Ana, rx) (Bob, rwxo) (Chuck, rx) } file2: { (Ana, r) (Bob, r) (Chuck, rwo) } file3: { (Ana, rwo) (Chuck, w) } file1 file2 file3 Ana rx r rwo Bob rwxo r -- Chuck rx rwo w ACLs Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Answer: C-lists Capability or C-lists of users are rows of the ACM. Ana: { (file1, rx) (file2, r) (file3, rwo) } Bob: { (file1, rwxo) (file2, r) } Chuck: { (file1, rx) (file2, rwo) (file3, w) } file1 file2 file3 Ana rx r rwo Bob rwxo r -- Chuck rx rwo w Capability Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Question: Ownership Definition: Ownership is an ultimate access type which enables a subject to access object: Using all possible access types, and Modify the metadata relevant to the object owned including the ownership data itself. Example: Owner may transfer his/her ownership, assign the ownership, to any other subject owner. Can group g-owner transfer his ownership? Can group g-owner change any of the file access control permissions? Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

Permissions With Octal Mode Octal values are combined to identify the octal mode that is used with the chmod command. You must list all three numbers (One for each category of user) user group other Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

Example: Permissions with octal code Octal Value ugo Permission u g o 614 rw- --x r-- 731 rwx –wx —-x 752 rwx r-x -w- 777 rwx rwx rwx The first position defines the user (owner) permissions The second defines the group permissions The third defines other permissions Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Question: What are the octal equivalents of the file permission flags listed below? $ ls -l fileX -rwx------ 1 alex studs 10 Sep 21 10:49 fileX $ $ ls -l total 12 dr-xr-x--- 2 alex studs 512 Sep 21 10:50 dir1 $ ls -l fileX_1 -rwxr-xr-x 1 alex studs 25 Sep 21 9:59 fileX_1 $ Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Answer: What are the octal equivalents of the file permission flags listed below? 7 0 0 5 5 0 7 5 5 $ ls -l fileX -rwx------ 1 alex studs 10 Sep 21 10:49 fileX $ $ ls -l total 12 dr-xr-x--- 2 alex studs 512 Sep 21 10:50 dir1 $ ls -l fileX_1 -rwxr-xr-x 1 alex studs 25 Sep 21 9:59 fileX_1 $ Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Question In the list of permissions shown which the owner has read, write, and execute permissions on a file? $ ls –1 Total 4 -r-x------ 1 alex studs 1 10 Sep 21 10:49 fileX -rwxr-xr-x 1 alex studs 1 25 Sep 21 9:49 fileX_1 dr-xr-x--- 5 alex studs 1 512 Sep 21 10:50 dir1 drwxr-x--x 2 alex studs 1 512 Sep 21 10:25 dir2 $ Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Answer In the list of permissions shown which the owner has read, write, and execute permissions on a file. $ ls –1 Total 4 -r-x------ 1 alex studs 1 10 Sep 21 10:49 fileX -rwxr-xr-x 1 alex studs 1 25 Sep 21 9:49 fileX_1 dr-xr-x--- 5 alex studs 1 512 Sep 21 10:50 dir1 drwxr-x—x 2 alex studs 1 512 Sep 21 10:25 dir2 $ In the list of permissions, when the owner has read/write/execute permissions the group has read/execute permissions and other has execute permissions for a directory Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Homework Demonstrate on 12 examples use of symbolic mode application to file access permission flag modification. Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Homework Use touch command and create file fileX. Repeat the following drills with octal mode file access permission flag modification. Show the screen shots of your work. Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

Example: Octal mode permissions $ ls -l fileX chmod 555 fileX $ -rwx------ 1 alex studs 18 Sep 21 10:49 fileX $ ls -l fileX -r-xr-xr-x 1 alex studs 18 Sep 21 10:49 fileX $ Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

Example: Octal mode permissions $ chmod 775 fileX $ -rwxrwxr-x 1 alex studs 18 Sep 21 10:49 fileX $ ls -l fileX Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

Example: Octal mode permissions $ chmod 755 fileX $ ls -l fileX -rwxr-xr-x 1 alex studs 18 Sep 21 10:49 fileX $ Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

Exercise: umask command Use touch command and create files f000, f111 till f777 for umask values of 000, 111, till 777. Run ls command as shown below and show the result. -rw-rw-rw- 1 root other 0 Sep 19 22:41 f000 -rw-rw-rw- 1 root other 0 Sep 19 22:11 f111 -r--r--r-- 1 root other 0 Sep 19 22:09 f222 -r--r--r-- 1 root other 0 Sep 19 22:08 f333 --w--w--w- 1 root other 0 Sep 19 22:28 f444 --w--w--w- 1 root other 0 Sep 19 22:31 f555 ---------- 1 root other 0 Sep 19 22:32 f666 ---------- 1 root other 0 Sep 19 22:33 f777 # # ls -l f??? Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

Exercise: umask command Use mkdir command and create directory files d000, d111 till d777 for umask values of 000, 111, till 777. Run ls command as shown below and show the result. # ls -ld d??? drwxrwxrwx 2 root other 512 Sep 19 22:41 d000 drw-rw-rw- 2 root other 512 Sep 19 22:11 d111 dr-xr-xr-x 2 root other 512 Sep 19 22:09 d222 dr--r--r-- 2 root other 512 Sep 19 22:08 d333 d-wx-wx-wx 2 root other 512 Sep 19 22:28 d444 d-w--w--w- 2 root other 512 Sep 19 22:32 d555 d--x--x--x 2 root other 512 Sep 19 22:32 d666 d--------- 2 root other 512 Sep 19 22:33 d777 # Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Questions Which of the permissions can a file have ? Global access Read Compress view Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Answer Which of the permissions can a file have ? Global access Read Compress view Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Question Which of the following is not a user category in the Solaris operating system? Other Public User Group Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Question Which of the following is not a user category in UNIX/Linux operating system? Other Public User Group Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Answer Which of the following is not a user category in UNIX/Linux operating system? Other Public User Group Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Question Before changing permissions on a file or directory, you can identify the permissions. What permissions does the group have on the file fileX indicated below: -rw-r--r-- 1 student1 other 1230 Jun 11 11:23 fileX Read and write Write Read Write and execute Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Answer Before changing permissions on a file or directory, you can identify the permissions. What permissions does the group have on the file fileX indicated below: -rw-r--r-- 1 student1 other 1230 Jun 11 11:23 fileX Read and write Write Read Write and execute Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Question When using symbolic mode to add group write permissions on the file entitled report_92, which is the correct answer? chmod report_92 g+r chmod o-x report chmod g+w report_92 chmod 777 report_92 Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Answer When using symbolic mode to add group write permissions on the file entitled report_92, which is the correct answer? chmod report_92 g+r chmod o-x report chmod g+w report_92 chmod 777 report_92 Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Question Suppose you want to change permission on a file entitled file1 using octal mode. Which command assigns only read permission access for Other? chmod 777 file1 chmod 764 file1 chmod 667 file1 chmod 642 file1 Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Answer Suppose you want to change permission on a file entitled file1 using octal mode. Which command assigns only read permission access for Other? chmod 777 file1 chmod 764 file1 chmod 667 file1 chmod 642 file1 Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

Question: UNIX FCB or inode. The internal representation of a file is given by an inode An inode contains a description of the disk distribution layout of the file data and other information (metadata) associated with the file Each disk is allocated a fixed number of inodes Each inode on a given disk is identified by a unique number. Find UNIX (e.g., Solaris) or Linux command /utility that reports the number of inodes configured in the OSFS volume (partition) header (metadata). Summarize the man pages of the command. Demonstrate command and show the screen shots of your work. Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

Question: UNIX FCB or inode. What command can be used to display inode numbers of the files in the current directory? What C programming library or what header file (xxxx.h) is needed in order to enable C program to access UNIX OSFS inodes? Why is the total number of inodes limited by the OSFS administrator? Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Homework Answer all unanswered questions. Perform all exercises. Perform all exercises from shown in the text version of the exercise. Document your work with the screen shots and demonstrations. Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

CSCI-620 Operating systems security Summary In this module, you have learned how to: Display file permission using ls –l command Define permission type (read, write, execute) Set and change file permissions using symbolic notation Set and change file permissions using octal notation Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

The End Exercise 8.1 Copyright © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 Reproduction in any shape or form is prohibited.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.