Presentation is loading. Please wait.

Presentation is loading. Please wait.

Unix Access Control Basic CE 2

Published byΠολυξένη Κουντουριώτης Modified over 6 years ago

Similar presentations

Presentation on theme: "Unix Access Control Basic CE 2"— Presentation transcript:

1 Unix Access Control Basic CE 2
James Joshi Associate Professor, SIS May 20, 2011

2 Unix Security Overview

3 Unix Kernel Standard Utility Programs System database files
I/O, Load/Run Programs, Filesystem; Device Drivers … Standard Utility Programs /bin/ls, /bin/cp, /bin/sh System database files E.g, /etc/passwd; /etc/group

4 Users and password Each user has a /etc/passwd contains
unique account identified by a username Each account has a secret password Standard: 1-8 characters; but varies Passwords could be same – bad choice! /etc/passwd contains Username, Identification information Real name, Basic account information

5 Account info Field Contents
rachel Username. x Holding place for the user's "encrypted password." Newer Unix systems store encrypted passwords in a separate file (the shadow password file) that can be accessed only by privileged users. 181 User's user identification number (UID). 100 User's group identification number (GID). Rachel Cohen User's full name /u/rachel User's home directory. /bin/ksh User's shell (empty field means default shell) rachel:x:181:100:Rachel Cohen:/u/rachel:/bin/ksh

6 Users and Groups Each user is uniquely identified by a UID
Special user names Root; Bin; Daemon; Mail; Guest; ftp Every user belongs to one or more groups A primary group /etc/group Gname, Gpassword, GID, Users 16 bits: How many IDs? UID 0: superuser (More bits too) Most versions of Unix use the wheel group as the list of all of the computer's system administrators (in this case, rachel and the root user are the only members). On some systems, the group has a GID of 0; on other systems, the group has a GID of 10. Unlike a UID of 0, a GID of 0 is usually not significant. However, the name wheel is very significant: on many systems the use of the su command to invoke superuser privileges is restricted to users who are members of a group named wheel. The second line of this file defines the http group. There is one member in the http group—the http user. The third line defines the users group. The users group does not explicitly list any users; on some systems, each user is placed into this group by default through his individual entry in the /etc/passwd file. The fourth and fifth lines define two groups of users. The vision group includes the users keith, arlin, and janice. The startrek group contains the users janice, karen, and arlin. Notice that the order in which the usernames are listed on each line is not important. Finally, the sixth line defines a group for the user rachel.

7 Users and Groups Some useful commands groups id newgrp su
wheel:*:0:root,rachel users:*:100: vision:*:101:keith,arlin,janice startrek:*:102:janice,karen,arlin rachel:*:181:

8 Superuser root; UID = 0 …….. Complete Control
Used by OS itself for basic functions Logging in/out users Recording accounting info Managing input/output devices Security controls are bypassed There are few things not allowed Decrypt passwords shadow-file, … Key Security Weakness in Unix Processes can run with Effective UID = 0

9 User ids Each process has three Ids Real user ID (RUID)
a user’s “real identity” same as the user ID of parent (unless changed) Effective user ID (EUID) from set user ID (SUID) bit on the file being executed Can use su command to assume another’s RUID Saved user ID (SUID) Allows restoring previous EUID

10 Unix file system File systems store
information in files and metadata about files. tree-structured A file is a block of information that is given a single name and can be acted upon with a single operation. "everything is a file"

11 Unix file security Each file/directory has owner and group
How are the permissions set by a owner for Read, write, execute Owner, group, other Only owner, root can change permissions This privilege cannot be delegated or shared

12 Unix File Permissions File type, owner, group, others File type:
drwx jjoshi isfac May 20 07:39 . drwx jjoshi isfac May 20 06:50 .. d-w-r-xrw- 2 jjoshi isfac May 20 07:39 testDir --w-r--rw- 1 jjoshi isfac May 20 07:49 testFile.txt File type: regular is indicated by “-” directory is indicated by “d” Permissions: - r, w, x r w x r w x Owner‘s Group‘s Other’s Regular file

13 Umask Specifies the permission you do not want given by default to new files Creation mask for directory (say, cmask): 777 Creation mask for files (cmask) : 666 When a file/directory is created its initial permissions will be Bitwise AND of Complement of umask value & cmask Do exercise 2

Download ppt "Unix Access Control Basic CE 2"

Similar presentations

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Linux Users and Groups Management

Linux Users and Groups Management
Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.

Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.
Chapter 8 Files and User Information Utilities. Logical Partitions referred to as file systems like a drive in windows world $ df (display filesystems)

Chapter 8 Files and User Information Utilities. Logical Partitions referred to as file systems like a drive in windows world $ df (display filesystems)
1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.

1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.
Unix Security Issues Process Creation/Space Users and Groups File Permissions Relationship of Program and File Security.

Unix Security Issues Process Creation/Space Users and Groups File Permissions Relationship of Program and File Security.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
LERSAIS.  Access Control in Unix  Access Control in Windows  Port Redirection 2.

LERSAIS.  Access Control in Unix  Access Control in Windows  Port Redirection 2.
Getting Started with Linux Linux System Administration Permissions.

Getting Started with Linux Linux System Administration Permissions.
Workbook 3 Users and Groups

Workbook 3 Users and Groups
O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.

O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.
Introduction to Linux Installing Linux User accounts and management Linux’s file system.

Introduction to Linux Installing Linux User accounts and management Linux’s file system.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.

Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
CIS 218 Advanced UNIX 1 User and System Information CIS 218.

CIS 218 Advanced UNIX 1 User and System Information CIS 218.
Unix System Administration Rootly Powers Chapter 3.

Unix System Administration Rootly Powers Chapter 3.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)

File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.

Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.

Similar presentations

Ads by Google