Presentation is loading. Please wait.

Presentation is loading. Please wait.

LERSAIS.  Access Control in Unix  Access Control in Windows  Port Redirection 2.

Published byPatrick Ball Modified over 9 years ago

Similar presentations

Presentation on theme: "LERSAIS.  Access Control in Unix  Access Control in Windows  Port Redirection 2."— Presentation transcript:

1 LERSAIS

2  Access Control in Unix  Access Control in Windows  Port Redirection 2

3 Exercise 3

4  Each file/directory has owner and group  How are the permissions set by a owner for  Read, write, execute  Owner, group, other ???  Only owner, root can change permissions  This privilege cannot be delegated or shared 4

5  File type, owner, group, others  ls –l drwx------ 2 jjoshi isfac 512 Aug 20 2003 risk management lrwxrwxrwx 1 jjoshi isfac 15 Apr 7 09:11 risk_m->risk management -rw-r--r-- 1 jjoshi isfac 1754 Mar 8 18:11 words05.ps -r-sr-xr-x 1 root bin 9176 Apr 6 2002 /usr/bin/rs -r-sr-sr-x 1 root sys 2196 Apr 6 2002 /usr/bin/passwd  File types  regular -, directory d, symlink l, device b/c, socket s, fifo f/p  Permissions  r, w, x  Any other permissions? 5

6  Do Part I: File Structure Setup  chgrp: change the group associated with a file  chown: change the owner of a file  Do Part II: Exercise File and Folder Permissions  chmod: change file system modes (permissions/special modes) of a file/directory 6 set uid set gid stic ky rwxrwxrwx specialownergroupothers

7  Specifies the permission you do not want given by default to new files  Bitwise AND with the bitwise complement of the umask value  Example  proposed permission: 0775, umask: 0026 ▪ 000 000 010 110 : 0026 umask ▪ 111 111 101 001 : 7751 complement of umask ▪ ˄ 000 111 111 101 : 0775 proposed permission ▪ =000 111 101 001 : 0751 actual permission 7

8  Do Part III: Default File Permissions  What is the initial mask?  What are the permissions for testmask1?  What are the permissions for testmask2?  What about umask = 0000? 8 umask User Access Group AccessOther Access 0000All 0002All Read, Execute 0007All None 0022AllRead, Execute 0027AllRead, ExecuteNone 0077AllNone

9  Three setid bits  suid ▪ set EUID of process to ID of file owner  sgid ▪ set EGID of process to GID of file  suid/sgid used when a process executes a file ▪ If suid(sgid) bit is on – the EUID (EGID) of the process changed to UID (GUID) of the file  Sticky ▪ Off: if user has write permission on directory, can rename or remove files, even if not owner ▪ On: only file owner, directory owner, and root can rename or remove file in the directory 9 -r--r-sr-t 1 root user 12324 Mar 26 1995 /tmp/example What does this mean?

10  Do Part IV: setuid bit, setgid bit and sticky bit  chmod 4755 /bin/touch  Why touch is denied second time? 10 set uid set gid stic ky rwxrwxrwx specialownergroupothers

11 Demo 11

12  Basic permission setting  Properties > Security > Edit ▪ Add/remove users and groups ▪ Define allowed/denied permissions  Advanced permissions? 12

13  Advanced permissions 13

14  Access control management in Unix vs. Windows  How different?  Which one is easier?  Which one is more efficient? 14

15 Exercise 15

16  Exploit a machine and obtain access to a server with a filtered port by piping another unfiltered port  Trojans are hard to detect and can be used to mount such an attack 16

17  An internally used FTP server  Information security department blocks certain known ports including 21, which is for FTP  A user logs into the server, and accidentally plants a trojan  The trojan enables port redirection on the FTP server  Attacker gains access to the FTP server via the redirected port! 17

18  What security problems can occur due to port redirection?  What about useful purposes 18

Download ppt "LERSAIS.  Access Control in Unix  Access Control in Windows  Port Redirection 2."

Similar presentations

The UNIX File System Harry Chen Department of CSEE University of MD Baltimore County.

The UNIX File System Harry Chen Department of CSEE University of MD Baltimore County.
Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
Engineering Secure Software. Linux File Permissions  Each file and directory has bits for.. Read, Write, Execute: rwx Files: works as it sounds  Directories:

Engineering Secure Software. Linux File Permissions  Each file and directory has bits for.. Read, Write, Execute: rwx Files: works as it sounds  Directories:
Unix permissions, ownership and setuid File security and ownership The chmod(1) command Process Ownership Setuid, Setgid and the Sticky bit Writing setuid.

Unix permissions, ownership and setuid File security and ownership The chmod(1) command Process Ownership Setuid, Setgid and the Sticky bit Writing setuid.
File Security. Viewing Permissions ls –l Permission Values.

File Security. Viewing Permissions ls –l Permission Values.
Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.

Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang

CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang
Linux Linux File System.

Linux Linux File System.
Sharing Files Richard Newman based on Smith “Elementary Information Security”

Sharing Files Richard Newman based on Smith “Elementary Information Security”
UNIX Chapter 08 File Security Mr. Mohammad Smirat.

UNIX Chapter 08 File Security Mr. Mohammad Smirat.
Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.

Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.
Getting Started with Linux Linux System Administration Permissions.

Getting Started with Linux Linux System Administration Permissions.
File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.

File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.

O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.

Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.

Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.
Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.

Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.
Unix Basics Lecture 14. UNIX Introduction The UNIX operating system is made up of three parts;  the kernel, the shell and the programs. The kernel of.

Unix Basics Lecture 14. UNIX Introduction The UNIX operating system is made up of three parts;  the kernel, the shell and the programs. The kernel of.

Similar presentations

Ads by Google