Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 3 Maintaining Security

Published byMelvyn Allen Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 3 Maintaining Security"— Presentation transcript:

1 Chapter 3 Maintaining Security
CSNB113 SYSTEM ADMINISTRATION College of Information Technology Universiti Tenaga Nasional (UNITEN) SN 2017

2 Objectives Use chmod to change file permissions in an absolute manner
Learn how the administrator uses three basic file permissions bits Use chown and chgrp to change the owner and group owner of files Restrict a user’s activities with the restricted shell SN 2017

3 Introduction Security in a computer system eventually involves files
Faulty file permission – exploit by malicious user System Administrator’s responsibility - ensure that system directories (/bin, /usr/bin, /etc, /sbin) and files in them are not writable by others SN 2017

4 Listing File Attributes
Number of links Last modification time owner $ ls –l total 2 drwxrw-r-- 1 ixo team :42 Material -rwxr-xr-x 1 sn dba :22 file1.txt File type Permission group File name Here, the first column represents different access modes, i.e., the permission associated with a file or a director SN 2017

5 Other (world) permissions
File Permission Owner permissions The owner's permissions determine what actions the owner of the file can perform on the file Group permissions The group's permissions determine what actions a user, who is a member of the group that a file belongs to, can perform on the file. Other (world) permissions The permissions for others indicate what action all other users can perform on the file. SN 2017

6 File Permission The permissions are broken into groups of threes, and each position in the group denotes a specific permission, in this order: read (r), write (w), execute (x). Basic permission Read, r : content of the file is accessible Write, w : permitted to create, modify, or remove the file eXecute, x : allowed to run or “pass through” SN 2017

7 File Permission rwxr-xr-x
owner group world Example: Access permission for file1.txt Owner is allowed to: Read, write and execute file1.txt Group is allowed to: Read, and execute file1.txt World is allowed to: Read, and execute file1.txt SN 2017

8 Change File Permission
To change the file or the directory permissions - use the chmod (change mode) command. There are two ways to use chmod :- The symbolic mode The absolute mode. SN 2017

9 Symbolic Mode Can add, delete, or specify the permission set you want by using the operators in the following table: Symbol Description + Adds the designated permission(s) to a file or directory - Removes the designated permission(s) from a file or directory. = Sets the designated permission(s). SN 2017

10 Symbolic Mode Example $ls -l testfile
-rwxrwxr-- 1 sn student 1024 Nov 7 11:25 testfile $chmod o+wx testfile -rwxrwxrwx 1 sn student Nov 7 11:25 testfile $chmod u-x testfile -rw-rwxrwx 1 sn student Nov 7 11:25 testfile $chmod g = rx testfile -rw-r-xrwx 1 sn student Nov 7 11:25 testfile $chmod o+wx,u-x,g = rx testfile SN 2017

11 Absolute Mode. Use a number to specify each set of permissions for the file. Each permission is assigned a value and the total of each set of permissions provides a number for that set. $ chmod 700 file1.txt SN 2017

12 Change File Permission
Binary Octal Permissions Significance 000 --- No permission 001 1 --x Executable only 010 2 -w- Writable only 011 3 -wx Writable and executable 100 4 r-- Readable only 101 5 r-x Readable and executable 110 6 rw- Readable, writable 111 7 rwx Readable, writable, executable SN 2017

13 Change File Ownership chown command: transfer ownership of a file to a user The new owner of this file is sn020202 $ ls -l testfile -rwxrwxr-- 1 sn student Nov 7 11:25 testfile $ chown sn testfile -rwxrwxr-- 1 sn student Nov 7 11:25 testfile SN 2017

14 Change File Group Owner
chgrp command: change a file’s group owner A user can change the group owner of a file, but only to a group to which he/she belongs to. The new group owner of this file is alumni $ ls -l testfile -rwxrwxr-- 1 sn student Nov 7 11:25 testfile $ chgrp alumni testfile -rwxrwxr-- 1 sn alumni Nov 7 11:25 testfile SN 2017

15 Restricted Shell A restricted shell is used to set up an environment more controlled than the standard shell. rbash and rksh shell versions: Restrict the activities of a user Place either one into the last field of /etc/passwd Restrict the following user’s actions: Use cd command Redefine PATH Redefine SHELL Use pathname containing a / Use > and >> operators (create or append to files) SN 2017

16 Restricted Shell Pros of Restricted Shell Cons of Restricted Shell
Used in conjunction with a chroot jail, in a further attempt to limit access to the system as a whole. Cons of Restricted Shell Insufficient to allow execution of entirely untrusted software. When a command that is found to be a shell script is executed, rbash turns off any restrictions in the shell spawned to execute the script. When users run bash or dash from rbash then they got unrestricted shells. rbash should only be used within a chroot unless you know what you are doing. There are many ways to break out a restricted bash shell that are not easy to predict in advance. SN 2017

17 References Das, S. (2012). Your UNIX/LINUX The Ultimate Guide: Third Edition. McGraw-Hill Hahn, H. (2008). Harley Hahn's Guide to Unix and Linux. California: McGraw-Hill Higher Education SN 2017

Download ppt "Chapter 3 Maintaining Security"

Similar presentations

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
UNIX file systems Learning Objectives: 1. To understand the basics of file systems 2. To understand the hierarchical structure in Unix file system 3. To.

UNIX file systems Learning Objectives: 1. To understand the basics of file systems 2. To understand the hierarchical structure in Unix file system 3. To.
File Security. Viewing Permissions ls –l Permission Values.

File Security. Viewing Permissions ls –l Permission Values.
File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.

File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
User Accounts and Permissions Chapter IV / Part II.

User Accounts and Permissions Chapter IV / Part II.
CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang

CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang
Linux Linux File System.

Linux Linux File System.
UNIX Files and Security Software Tools. Slide 2 File Systems l What is a file system? A means of organizing information on the computer. A file system.

UNIX Files and Security Software Tools. Slide 2 File Systems l What is a file system? A means of organizing information on the computer. A file system.
Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.

Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.
Getting Started with Linux Linux System Administration Permissions.

Getting Started with Linux Linux System Administration Permissions.
Linux Directory Navigation. File & Directory Commands This is a minimal list of Unix commands that you must know for file management: ls (list) mkdir.

Linux Directory Navigation. File & Directory Commands This is a minimal list of Unix commands that you must know for file management: ls (list) mkdir.
1 Lecture 2 Working with Files and Directories COP 3344 Introduction to UNIX.

1 Lecture 2 Working with Files and Directories COP 3344 Introduction to UNIX.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)

File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
1Week 4 - Jan 31, 2005 Week 4 Agenda UNIX Directory Structure Absolute pathname Relative pathname Permissions chmod (symbolic/absolute)

1Week 4 - Jan 31, 2005 Week 4 Agenda UNIX Directory Structure Absolute pathname Relative pathname Permissions chmod (symbolic/absolute)
The UNIX File System. The UNIX File A file is a container for storing information and data. Filename limited to 255 characters. Can’t contain / or NULL.

The UNIX File System. The UNIX File A file is a container for storing information and data. Filename limited to 255 characters. Can’t contain / or NULL.
Object-Oriented Software Engineering Using UNIX groups and Subversion Estimated Time: 30-40 minutes “Unix is user-friendly. It's just very selective about.

Object-Oriented Software Engineering Using UNIX groups and Subversion Estimated Time: minutes “Unix is user-friendly. It's just very selective about.
Object-Oriented Software Engineering Using UNIX groups and CVS Estimated Time: 30-40 minutes.

Object-Oriented Software Engineering Using UNIX groups and CVS Estimated Time: minutes.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.

Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.

Similar presentations

Ads by Google