Jozef Goetz, 2009 1 expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.

Slides:



Advertisements
Similar presentations
Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Advertisements

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
UNIX file systems Learning Objectives: 1. To understand the basics of file systems 2. To understand the hierarchical structure in Unix file system 3. To.
The UNIX File System CS465. File Systems What is a file system? A means of organizing information on the computer. A file system is a logical view, not.
File Security. Viewing Permissions ls –l Permission Values.
File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.
Linux+ Guide to Linux Certification, Second Edition
Linux Linux File System.
Operating Systems Recitation 11, June 9-10, 2002.
UNIX Chapter 08 File Security Mr. Mohammad Smirat.
Getting Started with Linux Linux System Administration Permissions.
BILKENT UNIVERSITY DEPARTMENT OF COMPUTER TECHNOLOGY AND INFORMATION SYSTEMS CTIS156 INFORMATION TECHNOLOGIES II CHAPTER 10: ADVANCED FILE PROCESSING.
COMP1070/2002/lec4/H.Melikian COMP1070 Lecture #5  Files and directories in UNIX  Various types of files  File attributes  Notion of pathname  Commands.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.
The file structure and related utilities CS240 Computer Science II.
1 Lecture 2 Working with Files and Directories COP 3344 Introduction to UNIX.
Jozef Goetz, expanded by Jozef Goetz, 2009 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.
Title Slide CSS 404/504 The UNIX Operating System (2) By Ralph B. Bisland, Jr.
CIT 140: Introduction to ITSlide #1 CSC 140: Introduction to IT File Security.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition
Jozef Goetz, expanded by Jozef Goetz, 2009 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.
Bash startup files Linux/Unix files stty Todd Kelley CST8207 – Todd Kelley1.
CIT 500: IT Fundamentals Users and Filesystems 1.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.
File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.
Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.
BIF713 Basic Unix/Linux Commands Getting Help with Commands.
File Security and Permissions. File Permissions (1) u With respect to a particular file, Unix divides the set of all users on a system into three categories:
Agenda Basic Unix Commands (Chapters 2 & 3) Miscellaneous Commands: whereis, which, whoami, finger, passwd, cal, date Working with Files: cat, more, less.
Chapter 4: File Security & Permissions Also: Hard and Soft Links, see p77-80 &
1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File.
Linux+ Guide to Linux Certification, Third Edition
Linux+ Guide to Linux Certification, Third Edition
PacNOG 6: Nadi, Fiji UNIX ™/ /Linux Permissions Hervey Allen Network Startup Resource Center.
Privileges: who can control what Introduction to Unix June 16, 2009 Papeete, French Polynesia Hervey Allen.
1 © 2001 John Urrutia. All rights reserved. Chapter 4 The LINUX Filesystem.
Privileges: who can control what Introduction to Unix May 24, 2008 Rabat, Morocco Hervey Allen.
Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2007 by the Trustees of Indiana University except as noted.
Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.
Λειτουργικά Συστήματα – Lab2 Γιάννης Πετράκης. Directory Navigation and Control  The Unix file system is set up like a tree branching out from the root.
Lesson 3-Touring Utilities and System Features. Overview Employing fundamental utilities. Linux terminal sessions. Managing input and output. Using special.
File Systems, telnet and ftp Sources and Resources: 1. A Students Guide to UNIX, by Hahn 2. Paula Davidson’s Handout on UNIXHandout on UNIX.
CSCI 330 The UNIX System Unit V Permissions. all access to directories and files is controlled UNIX uses discretionary access control (DAC) model each.
Chapter 8 File System Security. File Protection Schemes Password-Based Protection Encryption-Based Protection Protection-Based on Access Permission.
Jozef Goetz, expanded by Jozef Goetz, 2006 Credits: Parts of the slides are based on slides created by textbook authors, Syed M. Sarwar, Robert.
Lecture 02 File and File system. Topics Describe the layout of a Linux file system Display and set paths Describe the most important files, including.
File System Security ls -l. First Columm d = directory l = symbolic link b = block special file c = character special file p = fifo (or named pipe) special.
1 Introduction to Unix. 2 What is UNIX?  UNIX is an Operating System (OS).  An operating system is a control program that helps the user communicate.
Agenda The Linux File System (chapter 4 in text) Setting Access Permissions Directory vs File Permissions chmod Utility Symbolic Method Absolute Method.
UNIX file systems Learning Objectives: 1. To understand the basics of file systems 2. To understand the hierarchical structure in Unix file system 3. To.
Karlstad University Operating System security Ge Zhang Karlstad University.
File System Security in Unix Annie Calpe. Overview Unix Basics File System Security: - Account Security: Passwords - File Permissions - Access Control.
Linux Filesystem Management
Privileges: who can control what
Permissions: who can control what Unix/IP Preparation Course July 19, 2009 Eugene, Oregon, USA
Agenda The Linux File System (chapter 4 in text)
File permissions Operating systems I800
Chapter 8 File Security.
Privileges: who can control what
Unix Access Control Basic CE 2
Lecture 44 Syed Mansoor Sarwar
Chapter 7 File and file System structure
Presented by, Mr. Satish Pise
Security and File Permission
Engineering Secure Software
The Linux Command Line Chapter 9
Agenda The Linux File System (chapter 4 in text)
Engineering Secure Software
Presentation transcript:

Jozef Goetz, expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert Koretsky, Syed A. Sarwar, 2005 Addison Wesley Copyright © 2005 Pearson Addison- Wesley. All rights reserved.

Jozef Goetz, Objectives You may ignore last slides 19 – 22 To show 3 protection and security mechanisms that UNIX provides To describe the types of users of a UNIX file To discuss the basic operations that can be performed on a UNIX file To explain the concept of file access permissions/ privileges in UNIX To discuss how a user can determine access privileges for a file To describe how a user can set and change permissions for a file To cover the commands and primitives ?, ~, *, chmod, groups, ls – l, ls – ld, umask

Jozef Goetz, Password-based Protection All login names are public knowledge and can be found in the /etc/passwd file. passwd –a contains info for users, each line (7 fields) is as follows: login_name:password:user_ID:user_info:home_directory:login_shell ftp :x :14 :FTP User:/var/ftp :/sbin/nologin

Jozef Goetz, Password-based Protection Change password using: passwd, Some systems: yppasswd, nispasswd 3 ways of discovering a user’s password: 1) You, as the owner of an account, inform others of your password 2) a password can be guessed by another user 3) a user’s password can be extracted by “brute force”

Jozef Goetz, Encryption-based Protection for files

Jozef Goetz, Protection based on Access Permission Types of users Display all preconfigured user groups in the format: gr name, info about group, gr. ID,members of the group user (owner) - to get: whoami group others a user with multiple groups Special user with access to all files and dirs is the superuser login name is root user ID = 0 A user belongs to one group or many: default group membership of a user is specified /etc/passwd cs253u]$ groups cs253u

Jozef Goetz, Groups and Users cmds cs253u]$ whatis groups groups (1) - print the groups a user is in cs253u]$ groups cs253u -bash-2.05b$ groups cs253u15 cs253u15 : cs253u cs253u]$ whatis users users (1) - print the user names of users currently logged in to the current host cs253u]$ users cs253u cs253u15 cs351b17 gchang

Jozef Goetz, Protection based on Access Permission Types of Access Permissions read write (create, remove, modify) execute Access Permissions for Directories execute is permission for searching directory (e.g. by using ls –l) but not for read or write

Jozef Goetz, Protection based on Access Permission

Jozef Goetz, Determining and Changing File Access Privileges Determining File Access Privileges ls –l, ls –ld -d directory list directory entries instead of contents -l use a long listing format

Jozef Goetz, Determining File Access Privileges ls –l, ls –ld execute Determining and Changing File Access Privileges

Jozef Goetz, chmod [options] octal-mode file-list chmod [options] symbolic-mode file-list chmod changes the permissions of each given file according to mode, which can be either a symbolic representation of changes to make, or an octal number representing the bit pattern for the new permissions. Determining and Changing File Access Privileges

Jozef Goetz, chmod [options] octal-mode file-list chmod [options] symbolic-mode file-list Determining and Changing File Access Privileges //start with letter l through t

Jozef Goetz, Examples of chmod Command execute

Jozef Goetz, Determining and Changing File Access Privileges -R Recursive change files and directories

Jozef Goetz, Access Privileges for Directories list the dir contents needs r+x permissions create a file on a dir needs w+x permissions

Jozef Goetz, umask mask When a new file or directory is created, UNIX sets its access privileges based on the argument of the umask command. Current Value of the mask: $ umask 022 The default access permission value on executable file or directory is computed by: file access permission = 777 – mask The default access permission value on text files is computed by: file access permission = 666 – mask A commonly default used mask value is 022 so access permission = 777 – 022 = 755 for.exe files and dirs access permission = 666 – 022 = 644 for text files Default file access privileges

Jozef Goetz, Give the answer about permissions if mask = 077 which is preferable by me. The umask command is normally placed in the system startup file ~/.profile (Sytem V UNIX) or the ~/.login file (in BSD UNIX) so it executes every time you log on to the system Default file access privileges

Jozef Goetz, Special Access Bits

Jozef Goetz, Special Protection Access Bits The Set-User-ID (SUID) Bit If this bit is set for a file containing an executable program for a command, the command takes on the privileges of the owner of the file when it executes. If a file is owned by ‘root’ and has its SUID bit set, it runs with superuser privileges even the file itself doesn’t have those privileges Since the cat command is root owned, a ordinary user runs the command with root privileges! This means that a user can display and/or copy anyone’s files on this system! chmod 4xxx file-list or chmod u+s file-list cs253u]$ chmod 4700 my cs253u]$ ls -l my -rws cs253u cs253u 24 Feb 23 00:50 my cs253u]$ chmod u-s my cs253u]$ ls -l my -rwx cs253u cs253u 24 Feb 23 00:50 my

Jozef Goetz, Special Protection Access Bits The Set-Group-ID (SGID) Bit Causes the access permission of the process to take the group identity of the group to which the owner of the file belongs. chmod 2xxx file-list or chmod g+s file-list cs253u]$ ls -l my -rwx cs253u cs253u 24 Feb 23 00:50 my cs253u]$ chmod 2700 my cs253u]$ ls -l my -rwx--S--- 1 cs253u cs253u 24 Feb 23 00:50 my cs253u]$ chmod g-s my cs253u]$ ls -l my -rwx cs253u cs253u 24 Feb 23 00:50 my

Jozef Goetz, Special Protection Access Bits The Sticky Bit Goal: to keep file(s) in memory or the swap area Can be set for a directory to ensure that an unprivileged user cannot remove, move to the disk or rename files of other users in that directory. It can be set for directories. chmod 1xxx file-list or chmod +t file-list cs253u]$ ls -ld me drwx cs253u cs253u 19 Feb 22 21:55 me cs253u]$ chmod +t me cs253u]$ ls -ld me drwx-----T 2 cs253u cs253u 19 Feb 22 21:55 me cs253u]$ chmod 700 me cs253u]$ ls -ld me drwx cs253u cs253u 19 Feb 22 21:55 me

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.