Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module X (Unix/Linux Password Security)

Published byJason Arnold Modified over 6 years ago

Similar presentations

Presentation on theme: "Module X (Unix/Linux Password Security)"— Presentation transcript:

1 Module X (Unix/Linux Password Security)
At the end of this module, you should know a whole lot about unix file properties and permissions, password and shadow files, and hash functions used for storing password information. Module 32

2 Linux User PermissionSets
File permissions can be set for any of the following sets of users: u: The Users who owns the file g: The group associated with the file o: Any other users A user's permission set (for file access) is determined in the most restrictive way possible. If you are the file owner, u permissions apply If you are not the file owner but are in the file's group, g permissions apply. If you are not the owner and are not in the group, o permissions apply. Module 32

3 Permissions That Can be Granted
r: Read (for a directory: can list files in it) w: Write (for a directory: can store files in it) x: Execute (for a directory: can traverse the directory) s/S: set-user/group can be set (shows as s if the corresponding execute permission is granted and S otherwise) (for directory: set group ID means created files will belong to the same group as the directory). t: Sticky-bit (on a directory only)means only root and directory owner can remove files from the directory. Module 32

4 Let's Look at Some File Permissions
ls -l /etc/passwd -rw-r--r-- 1 root root 1845 Oct 3 10:58 /etc/passwd -rw-r--r-- 1 root root ... { { { o permisions File type u permisions g permisions Module 32

5 Let's Look at Some File Properties
-rw-r--r-- 1 root root 1845 Oct 3 10:58 /etc/passwd # links to this file in the filesystem file name owner date/time inode number group Module 32

6 File Date/Time Three times are associated with each file:
atime Time of last file access (when it was last read) mtime Time of last modification to the file contents (when it was last written) ctime Time of last change to the file's metadata (includes permissions) By default, ls -l shows the mtime. -c parameter to ls shows the ctime instead. Module 32

7 Permissions on the /tmp Directory
ls -ld /tmp drwxrwxrwt 11 root root 4096 Oct 3 11:32 /tmp /tmp is a directory (d at the beginning). By default, anyone can list files in /tmp (r), create files in /tmp (w), or traverse through /tmp (x) Sticky bit (t at the end) is set because all users must be able to create files in /tmp, but other users shouldn't be able to delete your files. Module 32

8 Permissions on /etc/passwd
ls -ld /etc/passwd -rw-r--r-- 1 root root 1916 Oct 3 11:11 /etc/passwd /etc/passwd is a regular file. It is readable and writeable by root (its owner) Why is it readable? It represents the map between uid (a number) and user name (a string) which must be visible for ls (and many other utilities) to work the way we expect them to. Module 32

9 What's in /etc/passwd? cat /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync One line for each user Entries on each line separated by colons User name Password User id Group id User's Real Name Home directory Shell Module 32

10 Hash Functions A hash function is a surjective map from a large (possibly infinite) domain into a smaller finite range. Cryptographic hashes typically map unbounded sequences of characters (files) into short fixed- length bit-strings (hashes). Good hash functions are relatively uniform, yet not easily predictable (it's hard to generate a message that has a known hash value). Examples of cryptographic hashes: MD5, SHA-256, SHA-512 Module 32

11 Where are the Passwords?
Hashes of user passwords used to be stored in /etc/passwd. In 1987 a break-in based prompted Julie Haugh to develop the shadow file plan. The break in was deduced to have been achieved with an off-line password cracker. Under the shadow plan, passwords (which users don't need to see) are placed in a file that is readable only by root. Other password information is preserved in /etc/passwd. Module 32

12 Shadow File Contents Fields: Username Salt and hashed password
cat /etc/passwd root:$6$oLPX9vQW$lVeMDTNVusacEBkyStxLfS5JLgLg6OrR7bjAhoRwV4CqJATQH8Ke nllIIeebh2ibnJILaDnkrJ8J32oXcPBpt/:15863:0:99999:7::: daemon:*:15772:0:99999:7::: bin:*:15772:0:99999:7::: sys:*:15772:0:99999:7::: sync:*:15772:0:99999:7::: Fields: Username Salt and hashed password Days since epoch of last password change Days until a change is allowed Days before a change is required Days warning for expiration Days before account is inactive Days since epoch when account expires Reserved Module 32

13 $id$salt$hash The ID tells what hash function is used: $1$: MD5
$2a$: Blowfish $5$: SHA-256 $6$:SHA-512 The salt is prepended to the password before encryption. This makes it harder to store tables of decrypted passwords associated with their hashes. Module 32

14 Authentication Plan User provides password
Login program looks up hash function h salt and hash for User in /etc/shadow Login program calculates h(salt:password) and compares to hash. If they match, login succeeds. Otherwise, login fails. Module 32

Download ppt "Module X (Unix/Linux Password Security)"

Similar presentations

Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Basic Unix system administration

Basic Unix system administration
The Unix File System. What are the three parts of every file on a Unix filesystem? And where is each stored? Filename - stored in directories Inode -

The Unix File System. What are the three parts of every file on a Unix filesystem? And where is each stored? Filename - stored in directories Inode -
Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.

Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.
UNIX file systems Learning Objectives: 1. To understand the basics of file systems 2. To understand the hierarchical structure in Unix file system 3. To.

UNIX file systems Learning Objectives: 1. To understand the basics of file systems 2. To understand the hierarchical structure in Unix file system 3. To.
1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.

1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
User Accounts and Permissions Chapter IV / Part II.

User Accounts and Permissions Chapter IV / Part II.
UNIX Files and Security Software Tools. Slide 2 File Systems l What is a file system? A means of organizing information on the computer. A file system.

UNIX Files and Security Software Tools. Slide 2 File Systems l What is a file system? A means of organizing information on the computer. A file system.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Getting Started with Linux Linux System Administration Permissions.

Getting Started with Linux Linux System Administration Permissions.
Host Security: Basic Notions Applied Security. What is host security? A host is any computer, including Workstations Network servers Laptops Wirelessly.

Host Security: Basic Notions Applied Security. What is host security? A host is any computer, including Workstations Network servers Laptops Wirelessly.
O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.

O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.
Introduction to Linux Installing Linux User accounts and management Linux’s file system.

Introduction to Linux Installing Linux User accounts and management Linux’s file system.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.

Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.

Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.

Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.

IT2204: Systems Administration I 1 6b). Introduction to Linux.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.

Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.

Similar presentations

Ads by Google