Presentation is loading. Please wait.

Presentation is loading. Please wait.

File System Security in Unix Annie Calpe. Overview Unix Basics File System Security: - Account Security: Passwords - File Permissions - Access Control.

Published byFrank Freeman Modified over 8 years ago

Similar presentations

Presentation on theme: "File System Security in Unix Annie Calpe. Overview Unix Basics File System Security: - Account Security: Passwords - File Permissions - Access Control."— Presentation transcript:

1 File System Security in Unix Annie Calpe

2 Overview Unix Basics File System Security: - Account Security: Passwords - File Permissions - Access Control Lists

3 Unix Basics Developed in the late 1970s A multi-user environment Intended to be used only by a small number of people within the same company

4 An Area of File System Security Account Security : Concerned with keeping unauthorized users from gaining access into the system. A login feature is added for file security.

5 Account Security: Passwords One way hash encryption algorithm Uses a modified version of the Data Encryption Standard (DES) Uses a “salt”

6 The UNIX File System Controls the way that information in files and directories is laid out on the disk The hierarchical organization of files & directories is often represented with a tree structure

7 Simple Unix File Structure /(root) utmpbin huey cp rm myfilefile1file2

8 Another Area of File System Security File System Security : Concerned with preventing unauthorized access to the system’s data. Access of data is controlled through the use of file permissions.

9 File Permissions a.k.a. “mode bits” or “permission bits” It controls which users can access what and how. They depend also on the permission bits associated with all directories “above” the file in the directory hierarchy.

10 Why should you learn about permissions? May allow others to access, alter and even delete your files! The default setting is not acceptable where sensitive data is present. Many beginning users of Unix don’t understand modes, thus compromising overall security. Permissions are a useful tool to enhance file system security!

11 File Ownership Levels User:User who owns the file Group:Users in a group associated with the file Other:All other users; “world” permissions All:Includes all of the above levels

12 3 Levels of Access Protection rreadread a fileread contents of directory wwritewrite data to a file change the contents of the directory xexecuterun an executable program search the contents of a folder or subdirectory

13 Format of Permissions file or directory? User modes Group modes Other modes _ _ _ _ _

14 Additional Permissions 4th bit is available per set. These are only useful for executable files: 1. setuid (replaces user’s x by s) 2. setgid (replaces group’s x by s) 3. “sticky” (replaces other’s x by t)

15 Additional Permissions: setuid and setgid Used when another user must perform a task which only the owner of a file has the power to do: 1. setuid – script which assumes the User ID of the program when run 2. setgid – script which assumes the Group ID of the program group when run

16 Additional Permissions: The “sticky” Bit When set, only the root or owner can unlink/rename files in a directory. Without it, anyone able to write to the directory can delete/rename files. It is commonly found on world-writable directories, such as /tmp.

17 Checking Current Access Modes To check the file characteristics for all files within the current directory, type: “ls -l” To check the file characteristics of a specific file or directory, type: “ls -l ”

18 “ls -l” Example Output > ls – l drwxr-xr-x3huey512Dec2715:58dir1 -rwx------1huey16384Jun113:45progfile1 -rwsr-sr-t1huey24576Jan2316:35progfile2 -rw-r--r--1huey40Dec2911:42textfile1 -rw-rw-rw-1huey1024Mar2308:19textfile2

19 Setting Permissions The chmod command is used to set or modify file and directory permissions 2 ways to specify permissions: - symbolic mode - absolute mode

20 Setting Permissions : Symbolic Mode chmod op options who:u, g, o, a op:+, -, = perm bits:r, w, x, s, t

21 Symbolic Mode - Example Apply to all rows in current directory: >chmod u=rwx,g=rx,o=r row* Allow all users to read and search contents of directory: >chmod a=rx dir1

22 Adding Permissions - Example >ls -l textfile1 -rw-r--r-- … (current permissions) >chmod g+w textfile1 >ls -l textfile1 -rw-rw-r-- … (updated permissions)

23 Subtracting Permissions >ls -l textfile1 -rw-rw-r-- … (current permissions) >chmod g-w textfile1 >ls -l textfile1 -rw-r-r-- … (updated permissions)

24 Setting Permissions: Absolute Mode chmod Octal #Permission 4000 2000 1000 0400 0200 0100 set user id set group id “sticky” bit Read by owner Write by owner Execute by owner Octal #Permission 0040 0020 0010 0004 0002 0001 Read by group Write by group Execute by group Read by other Write by other Execute by other

25 Absolute Mode – Example To let the owner read, write, and execute: 0400 + 0200 + 0100 = 0700 Yet, only allow group users and others to read and write to the file: 0040 + 0020 = 0060 (group value) 0004 + 0002 = 0006 (others value) The octal value = 0700 + 0060 + 0006 > chmod 766

26 umask Used to turn off permissions: umask For a file: determine the numeric value for the desired permissions and subtract it from 666 to get the umask value

27 umask For a directory: determine the numeric value for the desired permissions and subtract it from 777 to get the umask value Used to set default permissions for newly created files within the directory, only during the current shell session.

28 Access Mode Limitations Modes are defined to only user, group, and others i.e. Users cannot designate file access to specific users

29 Access Control Lists (ACLs) Reduces complexity of managing permissions Stored as extended attributes Allows you to define lists that grant/deny access to a given file based on criteria that you provide Enabled ACLs will append a “+” to the set of permissions. e.g. -rwxr--r--+

30 ACLs Can have separate access control specifications Can limit permissions granted to individually specified users or groups Can allow user and group permissions to be automatically specified upon file creation

31 setfacl Used to modify(-m) or remove(-x) ACLs e.g. setfacl –m d:u:username:rwx g:student:rwx mydir NOTE: “d:” is optional for setting default ACLs for a directory

32 getfacl Lists ACLs on files and directories getfacl

33 Summary Security is an important issue with the rise in popularity of Unix as a multi-user environment(due to its portability). The most secure way of protecting your files would be to not to store them in the system in the first place. Otherwise, having an understanding of permissions is a good start towards enhancing security.

34 References FreeBSD Handbook “Improving the Security of Your Unix System” – D. A. Curry “Improving the Security of Your Unix System” O’Reilly Practical UNIX & Internet Security – S. Garfinkel & G. Spafford UNIX Commands – Western Michigan University UNIX Commands Unix System Security: A Guide for Users and System Administrators – D. A. Curry http://acl.bestbits.at/

Download ppt "File System Security in Unix Annie Calpe. Overview Unix Basics File System Security: - Account Security: Passwords - File Permissions - Access Control."

Similar presentations

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
Engineering Secure Software. Linux File Permissions  Each file and directory has bits for.. Read, Write, Execute: rwx Files: works as it sounds  Directories:

Engineering Secure Software. Linux File Permissions  Each file and directory has bits for.. Read, Write, Execute: rwx Files: works as it sounds  Directories:
Exploring the UNIX File System and File Security

Exploring the UNIX File System and File Security
File Security. Viewing Permissions ls –l Permission Values.

File Security. Viewing Permissions ls –l Permission Values.
Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.

Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.
File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.

File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
UNIX Chapter 08 File Security Mr. Mohammad Smirat.

UNIX Chapter 08 File Security Mr. Mohammad Smirat.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Getting Started with Linux Linux System Administration Permissions.

Getting Started with Linux Linux System Administration Permissions.
File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.

File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
COMP1070/2002/lec4/H.Melikian COMP1070 Lecture #5  Files and directories in UNIX  Various types of files  File attributes  Notion of pathname  Commands.

COMP1070/2002/lec4/H.Melikian COMP1070 Lecture #5  Files and directories in UNIX  Various types of files  File attributes  Notion of pathname  Commands.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.

Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.

Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.

Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.
The file structure and related utilities CS240 Computer Science II.

The file structure and related utilities CS240 Computer Science II.
Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.

Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.

Similar presentations

Ads by Google