Download presentation
Presentation is loading. Please wait.
Published bySteven Hines Modified over 9 years ago
2
Unix System Administration Rootly Powers Chapter 3
3
Owners Shmoners 4 Every Unix file has both an owner and a group owner 4 Only the owner can modify permissions on a file 4 The owner is always a single person (actually, they can be married too) 4 The owner can specify which operations the group owners may perform on a file
4
Where Do These “Owners” Reside? 4 Owners can be found in /etc/passwd 4 Group owners can be found either in /etc/group or by looking at the GID field of users in /etc/passwd
5
Hey, Who Owns this Process? Get it off my lawn! 4 Kernel associates 4 numbers with each process –real and effective UID –real and effective GID 4 Normally both real and effect numbers are the same 4 SETUID or SETGID programs can modify them
6
I Am The Superuser -- Step Aside Clark Kent 4 UID 0 4 Called “root” by convention (but not required) 4 The superuser can modify any file, file permission or process 4 The superuser is all knowing, all powerful 4 Hail the superuser!
7
Don’t Forget To Lock the Store! 4 Choose a good root password –Only the first 8 characters of a password are significant –Root password should always be eight characters –Use a mixture of letters, numbers, symbols
8
Good Password Hygiene 4 Change the root password every so often, especially if several people have access it. 4 Try running “crack” on it for a few days 4 Don’t write it on a Post-It™ and stick it to your monitor 4 Don’t have it tattooed on your forehead 4 Try using “sudo” instead of giving out the root password
9
How do you sudo? 4 Sudo is a program that allows limited root access to programs 4 /etc/sudoers contains users or groups of users and the programs they may run as root 4 Don’t give users access to programs where they can “shell out” to a Unix prompt. The shell will have root access
10
Users of lesser importance with funny names 4 daemon - owns unprivileged software 4 bin - owner of system commands 4 sys - owner of kernel and memory images 4 nobody - owner of nothing, nada, zippo, zilch 4 They users typically have their account set so it can’t be logged into. This can be done by entering a * or NP in the password field
11
Give Me Rootly Powers for 200 Alex 4 Must be configured as a SETUID program to allow non-rootly system admins run privileged programs 4 The finger daemon (fingerd) is usually run as this user 4 It is the command used to switch to the root account by default or other accounts if a username is given as an argument
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.