Chapter 8 File System Security. File Protection Schemes Password-Based Protection Encryption-Based Protection Protection-Based on Access Permission.

Slides:



Advertisements
Similar presentations
Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
Advertisements

File Security. Viewing Permissions ls –l Permission Values.
Linux+ Guide to Linux Certification, Second Edition
User Accounts and Permissions Chapter IV / Part II.
Linux Linux File System.
Operating Systems Recitation 11, June 9-10, 2002.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.
UNIX Chapter 08 File Security Mr. Mohammad Smirat.
COMP1070/2002/lec4/H.Melikian COMP1070 Lecture #5  Files and directories in UNIX  Various types of files  File attributes  Notion of pathname  Commands.
O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.
Introduction to UNIX / Linux - 4
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
Title Slide CSS 404/504 The UNIX Operating System (2) By Ralph B. Bisland, Jr.
CIT 140: Introduction to ITSlide #1 CSC 140: Introduction to IT File Security.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition
Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2011 by the Trustees of Indiana University except as noted.
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.
Bash startup files Linux/Unix files stty Todd Kelley CST8207 – Todd Kelley1.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.
File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.
Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.
Unix Security.  Security architecture  File system and user accounts  Integrity management  Auditing and intrusion detection.
Chapter 10: Rights, User, and Group Administration.
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File.
Linux+ Guide to Linux Certification, Third Edition
Linux+ Guide to Linux Certification, Third Edition
PacNOG 6: Nadi, Fiji UNIX ™/ /Linux Permissions Hervey Allen Network Startup Resource Center.
Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2007 by the Trustees of Indiana University except as noted.
Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.
Lesson 3-Touring Utilities and System Features. Overview Employing fundamental utilities. Linux terminal sessions. Managing input and output. Using special.
CSCI 330 The UNIX System Unit V Permissions. all access to directories and files is controlled UNIX uses discretionary access control (DAC) model each.
SCSC 455 Computer Security Chapter 3 User Security.
Working with users and Groups. 1. Manage users and group 2. Manage ownership, permissions, and quotas.
Linux Use the Command-Line Interface to Administer the System.
SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions.
Lecture 02 File and File system. Topics Describe the layout of a Linux file system Display and set paths Describe the most important files, including.
File System Security ls -l. First Columm d = directory l = symbolic link b = block special file c = character special file p = fifo (or named pipe) special.
Agenda The Linux File System (chapter 4 in text) Setting Access Permissions Directory vs File Permissions chmod Utility Symbolic Method Absolute Method.
Jozef Goetz, expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.
Lecture 4 & 5: System Architecture  File systems  Devices  File system permissions  Review of Linux runlevels  In-class exercise.
Karlstad University Operating System security Ge Zhang Karlstad University.
File System Security in Unix Annie Calpe. Overview Unix Basics File System Security: - Account Security: Passwords - File Permissions - Access Control.
Company LOGO Security in Linux PhiHDN - VuongNQ. Contents Introduction 1 Fundamental Concepts 2 Security System Calls in Linux 3 Implementation of Security.
Linux Filesystem Management
File permissions Operating systems I800
Module X (Unix/Linux Password Security)
Linux 101 Training Module Linux Basics.
Chapter 11: Managing Users
Chapter 8 File Security.
Unix Access Control Basic CE 2
File system(conti..) Lecture November 2018.
Permission and CHMOD.
Lecture 44 Syed Mansoor Sarwar
Chapter 7 File and file System structure
Presented by, Mr. Satish Pise
Security and File Permission
Engineering Secure Software
The Linux Command Line Chapter 9
Chapter 28: User Security
Persistent shell settings; users/groups; permissions
Agenda The Linux File System (chapter 4 in text)
Persistent shell settings; users/groups; permissions
Chien-Chung Shen CIS, UD
Figure 6-13: Managing Permissions
Presentation transcript:

Chapter 8 File System Security

File Protection Schemes Password-Based Protection Encryption-Based Protection Protection-Based on Access Permission

File Protection Schemes Password-Based Protection  Both the Login name and password are required for a user to enter a UNIX system  All login names can be found in the /etc/passwd file.  A user’s password is given to that user ONLY.  Change user’s password frequently.  passwd command (for local account)  yppasswd or nispasswd command for network’s computer systems.

File Protection Schemes Password-Based Protection  Discovering a user’s password: 1) You, as the owner of an account, inform others of your password 2) a password can be guessed by another user 3) a user’s password can be extracted by “brute force”

Figure 8.1 The process of encryption and decryption File Protection Schemes Encryption-Based Protection  Whole Disk Encryption  File-level Encryption

File Protection Schemes Protection-Based on Access Permission As file owner, you can attach certain access rights to your files that dictate who can and cannot access them for various types of file operations. /etc/passwd /etc/group

File Access Rights Types of Users: – Owner – Group – All/Other Types of Permissions: – Read – Write – Execute Types of Operations Allows on Files – Directories – Other files

Table 8.1 Summary of File Permissions in LINUX Read permission Write permission Execute permission

Directory Permissions read = list files in the directory write = add new files to the directory execute = access files in the directory

Table 8.2 Permission Values

Determining and Changing File Access Privileges Determining File Access Privileges –ls –l, ls –ld

Changing the Access Rights Purpose – to set/change permissions in files chmod [options] octal-mode filelist chmod [options] symbolic-mode filelist Options -Rrecursively process subdirectories

Determining and Changing File Access Privileges (Contd)

Examples of chmod Command

Determining and Changing File Access Privileges Changing File Access Privileges – chmod [options] octal-mode file-list – chmod [options] symbolic-mode file-list

Access Privileges for Directories

Default File Access Rights umask is a bitmap which tells which permissions to be turned off when a new files is created. 022 = (deny write for g+o) rwx r-x r-x (new files permissions) umask (with no parameters returns the current mask value) umask newmask (sets new mask value.) umask command usually used in a startup file

Default File Access Rights The default access privileges: – Executable files & directories : 777 – Text files: 666 file access permission = 777 – mask A commonly used mask value is 022. Umask = 755 for executable files & directories = 644 for text files

Figure 8.2 Position of file type and access privilege bits for LINUX files (as seen by “ls –l” command)

Figure 8.3 Position of access privilege bits for LINUX files as specified in the chmod command

SUID Bit A special permission bit that allows executable files to run using the privileges of the owner of the files rather than the user of the file Can be set using commands: chmod u+s filelist chmod 4xxx filelist Shows up in ls - l in place of the user x bit as an s if the file is executable - (rwsrwxrwx) Very dangerous to use

SUID Bit Find both set user id and set group id programs. $ find / -type f –perm –exec ls –l {}\; > suid_sgid.list cat suid_sgid.list (more or less this file) ls –l /usr/bin/* | grep ‘rws’

SGID Bit A special permission bit that allows executable files to run using the privileges of the owner’s group rather than the user of the file Set using the commands chmod g+s filelist chmod 2xxx filelist

Sticky Bit A special bit that can be used as follows: For a file: it directs the operating system to keep the program in memory if possible after it finishes execution (Early versions of UNIX) For a directory: it sets it up such that only the owner of the directory can delete (or rename) files from the directory, even if other users have write privilege (tmp) Can be set using the chmod command using the options: chmod +t filelist Shows up in “ls –l” as a t - (rwxrwxrwt)