Presentation is loading. Please wait.

Presentation is loading. Please wait.

FILE SECURITY AND ACCESS CONTROL

Published byJean Dorsey Modified over 5 years ago

Similar presentations

Presentation on theme: "FILE SECURITY AND ACCESS CONTROL"— Presentation transcript:

1 FILE SECURITY AND ACCESS CONTROL
Course Code: CSCI-620 Course Description: OPERATING SYSTEMS SECURITY Exercise 8: Session: 1 Duration: min Lecture Unit: CSN1 Topic: UNIX file security Author: Prof. Bill Mihajlović Exercise 8.1 Copyright © R. A. Mihajlovic, Brooklyn, NY, USA, Reproduction in any shape or form is prohibited.

2 CSCI-620 Operating systems security
Topics The ACM The ACM, ACL and C-list Octal file permission code Symbolic file permission and ownership codes Umask default file and directory values Questions and answers Summary Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

3 Problem: The access control matrix (ACM)
An ACM model of protection systems Describes who (subject) can do what (rights) to what/whom (object/subject) Example: Draw the access control matrix for the following system: An instructor can assign and grade homework and exams A TA can grade homework A Student can evaluate the instructor and TA Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

4 CSCI-620 Operating systems security
Answer Homework Exam Instructor TA Students {assign,grade} ? {grade} {evaluate} Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

5 Question: Two ways to cut an ACM
Consider ACM given below. Show order by columns (ACL) or rows (Capability Lists)? file1 file2 file3 Ana rx r rwo Bob rwxo r -- Chuck rx rwo w ACLs Capability Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

6 CSCI-620 Operating systems security
Answer: The ACLs An ACL stores (non-empty elements of) each column with its object. file1: { (Ana, rx) (Bob, rwxo) (Chuck, rx) } file2: { (Ana, r) (Bob, r) (Chuck, rwo) } file3: { (Ana, rwo) (Chuck, w) } file1 file2 file3 Ana rx r rwo Bob rwxo r -- Chuck rx rwo w ACLs Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

7 CSCI-620 Operating systems security
Answer: C-lists Capability or C-lists of users are rows of the ACM. Ana: { (file1, rx) (file2, r) (file3, rwo) } Bob: { (file1, rwxo) (file2, r) } Chuck: { (file1, rx) (file2, rwo) (file3, w) } file1 file2 file3 Ana rx r rwo Bob rwxo r -- Chuck rx rwo w Capability Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

8 CSCI-620 Operating systems security
Question: Ownership Definition: Ownership is an ultimate access type which enables a subject to access object: Using all possible access types, and Modify the metadata relevant to the object owned including the ownership data itself. Example: Owner may transfer his/her ownership, assign the ownership, to any other subject owner. Can group g-owner transfer his ownership? Can group g-owner change any of the file access control permissions? Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

9 Permissions With Octal Mode
Octal values are combined to identify the octal mode that is used with the chmod command. You must list all three numbers (One for each category of user) user group other Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

10 Example: Permissions with octal code
Octal Value ugo Permission u g o 614 rw- --x r-- 731 rwx –wx —-x 752 rwx r-x -w- 777 rwx rwx rwx The first position defines the user (owner) permissions The second defines the group permissions The third defines other permissions Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

11 CSCI-620 Operating systems security
Question: What are the octal equivalents of the file permission flags listed below? $ ls -l fileX rwx alex studs 10 Sep 21 10:49 fileX $ $ ls -l total dr-xr-x alex studs Sep 21 10:50 dir1 $ ls -l fileX_ rwxr-xr-x alex studs Sep 21 9:59 fileX_1 $ Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

12 CSCI-620 Operating systems security
Answer: What are the octal equivalents of the file permission flags listed below? $ ls -l fileX rwx alex studs 10 Sep 21 10:49 fileX $ $ ls -l total dr-xr-x alex studs Sep 21 10:50 dir1 $ ls -l fileX_ rwxr-xr-x alex studs Sep 21 9:59 fileX_1 $ Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

13 CSCI-620 Operating systems security
Question In the list of permissions shown which the owner has read, write, and execute permissions on a file? $ ls – Total r-x alex studs Sep :49 fileX -rwxr-xr-x 1 alex studs Sep :49 fileX_1 dr-xr-x--- 5 alex studs Sep :50 dir1 drwxr-x--x 2 alex studs Sep :25 dir2 $ Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

14 CSCI-620 Operating systems security
Answer In the list of permissions shown which the owner has read, write, and execute permissions on a file. $ ls – Total r-x alex studs Sep :49 fileX -rwxr-xr-x 1 alex studs Sep :49 fileX_1 dr-xr-x alex studs Sep :50 dir1 drwxr-x—x 2 alex studs Sep :25 dir2 $ In the list of permissions, when the owner has read/write/execute permissions the group has read/execute permissions and other has execute permissions for a directory Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

15 CSCI-620 Operating systems security
Homework Demonstrate on 12 examples use of symbolic mode application to file access permission flag modification. Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

16 CSCI-620 Operating systems security
Homework Use touch command and create file fileX. Repeat the following drills with octal mode file access permission flag modification. Show the screen shots of your work. Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

17 Example: Octal mode permissions
$ ls -l fileX chmod 555 fileX $ -rwx alex studs 18 Sep 21 10:49 fileX $ ls -l fileX -r-xr-xr-x 1 alex studs 18 Sep 21 10:49 fileX $ Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

18 Example: Octal mode permissions
$ chmod 775 fileX $ -rwxrwxr-x alex studs 18 Sep 21 10:49 fileX $ ls -l fileX Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

19 Example: Octal mode permissions
$ chmod 755 fileX $ ls -l fileX -rwxr-xr-x alex studs 18 Sep 21 10:49 fileX $ Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

20 Exercise: umask command
Use touch command and create files f000, f111 till f777 for umask values of 000, 111, till 777. Run ls command as shown below and show the result. -rw-rw-rw- 1 root other Sep 19 22:41 f000 -rw-rw-rw- 1 root other Sep 19 22:11 f111 -r--r--r root other Sep 19 22:09 f222 -r--r--r root other Sep 19 22:08 f333 --w--w--w- 1 root other Sep 19 22:28 f444 --w--w--w- 1 root other Sep 19 22:31 f555 root other Sep 19 22:32 f666 root other Sep 19 22:33 f777 # # ls -l f??? Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

21 Exercise: umask command
Use mkdir command and create directory files d000, d111 till d777 for umask values of 000, 111, till 777. Run ls command as shown below and show the result. # ls -ld d??? drwxrwxrwx 2 root other Sep 19 22:41 d000 drw-rw-rw- 2 root other Sep 19 22:11 d111 dr-xr-xr-x 2 root other Sep 19 22:09 d222 dr--r--r root other Sep 19 22:08 d333 d-wx-wx-wx 2 root other Sep 19 22:28 d444 d-w--w--w- 2 root other Sep 19 22:32 d555 d--x--x--x 2 root other Sep 19 22:32 d666 d root other Sep 19 22:33 d777 # Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

22 CSCI-620 Operating systems security
Questions Which of the permissions can a file have ? Global access Read Compress view Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

23 CSCI-620 Operating systems security
Answer Which of the permissions can a file have ? Global access Read Compress view Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

24 CSCI-620 Operating systems security
Question Which of the following is not a user category in the Solaris operating system? Other Public User Group Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

25 CSCI-620 Operating systems security
Question Which of the following is not a user category in UNIX/Linux operating system? Other Public User Group Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

26 CSCI-620 Operating systems security
Answer Which of the following is not a user category in UNIX/Linux operating system? Other Public User Group Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

27 CSCI-620 Operating systems security
Question Before changing permissions on a file or directory, you can identify the permissions. What permissions does the group have on the file fileX indicated below: -rw-r--r-- 1 student1 other 1230 Jun 11 11:23 fileX Read and write Write Read Write and execute Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

28 CSCI-620 Operating systems security
Answer Before changing permissions on a file or directory, you can identify the permissions. What permissions does the group have on the file fileX indicated below: -rw-r--r-- 1 student1 other 1230 Jun 11 11:23 fileX Read and write Write Read Write and execute Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

29 CSCI-620 Operating systems security
Question When using symbolic mode to add group write permissions on the file entitled report_92, which is the correct answer? chmod report_92 g+r chmod o-x report chmod g+w report_92 chmod 777 report_92 Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

30 CSCI-620 Operating systems security
Answer When using symbolic mode to add group write permissions on the file entitled report_92, which is the correct answer? chmod report_92 g+r chmod o-x report chmod g+w report_92 chmod 777 report_92 Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

31 CSCI-620 Operating systems security
Question Suppose you want to change permission on a file entitled file1 using octal mode. Which command assigns only read permission access for Other? chmod 777 file1 chmod 764 file1 chmod 667 file1 chmod 642 file1 Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

32 CSCI-620 Operating systems security
Answer Suppose you want to change permission on a file entitled file1 using octal mode. Which command assigns only read permission access for Other? chmod 777 file1 chmod 764 file1 chmod 667 file1 chmod 642 file1 Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

33 Question: UNIX FCB or inode.
The internal representation of a file is given by an inode An inode contains a description of the disk distribution layout of the file data and other information (metadata) associated with the file Each disk is allocated a fixed number of inodes Each inode on a given disk is identified by a unique number. Find UNIX (e.g., Solaris) or Linux command /utility that reports the number of inodes configured in the OSFS volume (partition) header (metadata). Summarize the man pages of the command. Demonstrate command and show the screen shots of your work. Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

34 Question: UNIX FCB or inode.
What command can be used to display inode numbers of the files in the current directory? What C programming library or what header file (xxxx.h) is needed in order to enable C program to access UNIX OSFS inodes? Why is the total number of inodes limited by the OSFS administrator? Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

35 CSCI-620 Operating systems security
Homework Answer all unanswered questions. Perform all exercises. Perform all exercises from shown in the text version of the exercise. Document your work with the screen shots and demonstrations. Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

36 CSCI-620 Operating systems security
Summary In this module, you have learned how to: Display file permission using ls –l command Define permission type (read, write, execute) Set and change file permissions using symbolic notation Set and change file permissions using octal notation Exercise 8.1 © R. A. Mihajlovic, Brooklyn, NY, USA, 2009 CSCI-620 Operating systems security

37 The End Exercise 8.1 Copyright © R. A. Mihajlovic, Brooklyn, NY, USA, Reproduction in any shape or form is prohibited.

Download ppt "FILE SECURITY AND ACCESS CONTROL"

Similar presentations

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
Engineering Secure Software. Linux File Permissions  Each file and directory has bits for.. Read, Write, Execute: rwx Files: works as it sounds  Directories:

Engineering Secure Software. Linux File Permissions  Each file and directory has bits for.. Read, Write, Execute: rwx Files: works as it sounds  Directories:
File Security. Viewing Permissions ls –l Permission Values.

File Security. Viewing Permissions ls –l Permission Values.
Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.

Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.
File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.

File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang

CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang
Getting Started with Linux Linux System Administration Permissions.

Getting Started with Linux Linux System Administration Permissions.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.

Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Linux Directory Navigation. File & Directory Commands This is a minimal list of Unix commands that you must know for file management: ls (list) mkdir.

Linux Directory Navigation. File & Directory Commands This is a minimal list of Unix commands that you must know for file management: ls (list) mkdir.
1 Lecture 2 Working with Files and Directories COP 3344 Introduction to UNIX.

1 Lecture 2 Working with Files and Directories COP 3344 Introduction to UNIX.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)

File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2011 by the Trustees of Indiana University except as noted.

Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2011 by the Trustees of Indiana University except as noted.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.

Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.
File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.

File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.
Chapter Two Exploring the UNIX File System and File Security.

Chapter Two Exploring the UNIX File System and File Security.
CE01000-3 Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.

CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
E X C E E D I N G E X P E C T A T I O N S Basic LINUX Linux System Administration Dr. Hoganson Kennesaw State University Operating Systems Directory structure:

E X C E E D I N G E X P E C T A T I O N S Basic LINUX Linux System Administration Dr. Hoganson Kennesaw State University Operating Systems Directory structure:
Linux+ Guide to Linux Certification, Third Edition

Linux+ Guide to Linux Certification, Third Edition

Similar presentations

Ads by Google