Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.

Slides:



Advertisements
Similar presentations
Linux Users and Groups Management
Advertisements

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
File Security. Viewing Permissions ls –l Permission Values.
Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.
File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.
Linux+ Guide to Linux Certification, Second Edition
User Accounts and Permissions Chapter IV / Part II.
CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.
Lecture 02CS311 – Operating Systems 1 1 CS311 – Lecture 02 Outline UNIX/Linux features – Redirection – pipes – Terminating a command – Running program.
UNIX Chapter 08 File Security Mr. Mohammad Smirat.
Linux+ Guide to Linux Certification, Second Edition
Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.
Getting Started with Linux Linux System Administration Permissions.
Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.
Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition
IT2204: Systems Administration I 1 6b). Introduction to Linux.
Linux+ Guide to Linux Certification, Third Edition
Managing Users Objectives Contents Practicals Summary
File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
Managing Users Objectives –to be able to add, modify and remove Unix user accounts Contents –requirements for a user account –configuration files (passwd,
Chapter 4: File Security & Permissions Also: Hard and Soft Links, see p77-80 &
Linux+ Guide to Linux Certification, Third Edition
Linux+ Guide to Linux Certification, Third Edition
Workbook 4 User & Group Permissions RH030 Linux Computing Essentials.
PacNOG 6: Nadi, Fiji UNIX ™/ /Linux Permissions Hervey Allen Network Startup Resource Center.
Privileges: who can control what Introduction to Unix June 16, 2009 Papeete, French Polynesia Hervey Allen.
Privileges: who can control what Introduction to Unix May 24, 2008 Rabat, Morocco Hervey Allen.
Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.
BASIC FILE ATTRIBUTES. CONTENTS ls –l to display file attributes (properties) Listing of a specific directory Ownership and group ownership Different.
The Saigon CTT Chapter 10 Managing Users. The Saigon CTT  Objectives  Define the requirements for user accounts  Explain group and group accounts 
ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.
CSCI 330 The UNIX System Unit V Permissions. all access to directories and files is controlled UNIX uses discretionary access control (DAC) model each.
Chapter 8 File System Security. File Protection Schemes Password-Based Protection Encryption-Based Protection Protection-Based on Access Permission.
Lecture – Users and groups
Working with users and Groups. 1. Manage users and group 2. Manage ownership, permissions, and quotas.
Linux Use the Command-Line Interface to Administer the System.
SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions.
Agenda The Linux File System (chapter 4 in text) Setting Access Permissions Directory vs File Permissions chmod Utility Symbolic Method Absolute Method.
The Unix File System R Bigelow. The UNIX File System The file system refers to the way in which UNIX implements files and directories. The UNIX file system.
Jozef Goetz, expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.
BIF703 File Permissions. As you recall from our previous notes, that Unix/Linux recognizes everything as a file: Regular files to store data, programs,
Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
File System Security in Unix Annie Calpe. Overview Unix Basics File System Security: - Account Security: Passwords - File Permissions - Access Control.
Experiment No 4 Prepared by, Mr. Satish Pise. Objectives View the /etc/passwd file and describe its syntax. View the /etc/shadow file and describe its.
This slide deck is for LPI Academy instructors to use for lectures for LPI Academy courses. ©Copyright Network Development Group Module 14 Managing.
Privileges: who can control what
Permissions: who can control what Unix/IP Preparation Course July 19, 2009 Eugene, Oregon, USA
File permissions Operating systems I800
Chapter 11: Managing Users
Chapter 8 File Security.
Chapter 2 User Management
Privileges: who can control what
Linux Users and Groups Management
Systems Administration CSCI Fall 2016
COP 4343 Unix System Administration
Security and File Permission
Adding New Users.
Figure 6-13: Managing Permissions
Presentation transcript:

Module 4 - File Security

Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory Access Modes Setting Default Access Modes File Security

Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory Access Modes Setting Default Access Modes

Security Overview The primary function of the system’s security is to make sure that only authorized users have access to system resources. Standard Unix system security features include: User password File and directory protection with permissions Other features that enable system administrators to check for security breaches

Linux Accounts Accounts are a system mechanism that enables all the users in the system to have their own space in the file system and their own unique settings. Each user has a unique ID (UID). Each user in the system is a part of at least one group. Each group has a unique group ID (GID). There are three types of users in Unix: Super User - Has unrestricted access to the system. Has UID 0. Regular Users - Usually have access only to their own home directories. UID larger then 500

User Configuration Files The /etc/passwd file is a semicolon delimited file in which all the system users accounts are defined. Each entry in the file represents a user account user1:x:501:500:user1:/home/user1:/bin/bash The /etc/shadow file holds the password encryption information per user user1:Ep6mckrOLChF.:10063:0:99999:7:::

Group configuration file The /etc/group file holds group name to GID relations, along with listing of users in the group User can be part of a group in one of two ways: The group number appears in the user’s line in /etc/passwd – the group is then called the user’s primary group The user’s name appears in the group’s line in /etc/group staff:x:500:user3,user4,user5 Two approaches to determine a new file’s group: AT&T approach - The primary group the user belongs to determine the group ownership of files. BSD approach – Group ownership is being given to the group that has ownership over the directory in which the file is being created.

File Ownership Each file and directory is owned by a single user and belongs to a single group The user and group ownership is being assigned at the time the file is created. It is important to remember that user ownership and group ownership distinct, and it is possible that a user that owns a file will not be a member in the group that owns it.

Directory and File Access Modes File-type Owner Group Others filename d/l/- rwx rwx rwx file.txt # ls -l /etc/passwd -rw-r--r-- 1 root root 2232 Feb /etc/passwd

Changing File and Directory Access Modes Only the file owner (and the super user) may change access modes for files and directories. Use the chmod command in order to change the access modes for files and directories. There are two modes of operation with the chmod command: Symbolic mode – uses combinations of letters and symbols to add, remove or set permissions from various types of users. Octal mode- uses octal numbers to represent file permissions. Octal mode is also referred as absolute or numeric mode

Symbolic Mode The chmod command ugo (user,group,others) +=- (give, equal or take ) rwx (read, write, execute) # chmod g+rx /home/avi # chmod ugo=rwx /tmp

Octal (Absolute) Mode Command Format: chmod octalmode filename(s) Octal modes are: Read access = 4 Write access = 2 Execute access =1 Any combination and manipulation of these numbers would set the permissions for the user, group and others: 644 = rw-r--r = rwxr-xr-x 751 = rwxr-x-—x 777 = rwxrwxrwx

Setting Default Access Mode with umask

Linux umask base modes file base mode 0666 directory base mode 0777 new file mode = base-mode – umask 0644 = files 0755 = directories

Setting Default Access Mode with umask The umask filter determines the default permissions for new files and directories Display your umask: # umask # 0022 The first digit of a mode (0750, for example) is used to specify some special bits (e.g. set-user-ID, set-group-ID, and the "sticky bit") Try: # umask -S # umask 777

Remember! File level security is composed of user authentication and permissions Users are defined by names and groups in the /etc/passwd,shadow,group files Files of all types have user group and other permissions of read write and execute The meaning of those permissions are a bit different for files and directories File ownership and mode can be changed by owner and root File default permissions can be set using umask

Changing Ownership Only the owner of the file and root can change ownership Changing ownership is done with the chown command: # chown new-owner:new-group filename # chown anat:ort /etc/passwd Change directory and the recursive content with -R # chown -R anat:public /tmp

Users # useradd - Adding a new user (use the passwd to change the user password or usermod) # usermod - Changing a user # userdel - Deleting a user Lets look at /etc/passwd

Groups # groupadd - Add a new group # groupmod - Change a group # groupdel - Deleting a group Lets look at /etc/group

Exercises 1.create 5 different users 2.create 3 new groups 3.Change the new users home directory to /tmp 4.change the UID of the new users to 10001/2/3/4/5 5.change the GID of the 3 new groups to 2001/2/3 6.add all 5 users to the new 3 groups without changing the default group 7.use the useradd command and in one line add a new user, grant him a password, set his home directory to /tmp and make him a member of all 3 groups

Exercises Write the command line by using letters with chmod to set the following permissions: rwxrwxr-x : rwxr--r-- : r--r----- : rwxr-xr-x : r-x--x--x : -w-r----x : -----xrwx :

Exercises Write the command line by using octal numbers with chmod to set the following permissions: rwxrwxrwx : --x--x--x : r---w---x : -w : rw-r----- : rwx--x--x :

Exercises With the following umask values what would be the files and directories creation permissions? umask = 0027 File permissions: Directory permissions: umask = 0011 File permissions: Directory permissions: umask = 0541 File permissions: Directory permissions: umask = 0777 File permissions: Directory permissions:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.