Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.

Published byKathleen Norton Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory."— Presentation transcript:

1 Module 4 - File Security

2 Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory Access Modes Setting Default Access Modes File Security

3 Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory Access Modes Setting Default Access Modes

4 Security Overview The primary function of the system’s security is to make sure that only authorized users have access to system resources. Standard Unix system security features include: User password File and directory protection with permissions Other features that enable system administrators to check for security breaches

5 Linux Accounts Accounts are a system mechanism that enables all the users in the system to have their own space in the file system and their own unique settings. Each user has a unique ID (UID). Each user in the system is a part of at least one group. Each group has a unique group ID (GID). There are three types of users in Unix: Super User - Has unrestricted access to the system. Has UID 0. Regular Users - Usually have access only to their own home directories. UID larger then 500

6 User Configuration Files The /etc/passwd file is a semicolon delimited file in which all the system users accounts are defined. Each entry in the file represents a user account user1:x:501:500:user1:/home/user1:/bin/bash The /etc/shadow file holds the password encryption information per user user1:Ep6mckrOLChF.:10063:0:99999:7:::

7 Group configuration file The /etc/group file holds group name to GID relations, along with listing of users in the group User can be part of a group in one of two ways: The group number appears in the user’s line in /etc/passwd – the group is then called the user’s primary group The user’s name appears in the group’s line in /etc/group staff:x:500:user3,user4,user5 Two approaches to determine a new file’s group: AT&T approach - The primary group the user belongs to determine the group ownership of files. BSD approach – Group ownership is being given to the group that has ownership over the directory in which the file is being created.

8 File Ownership Each file and directory is owned by a single user and belongs to a single group The user and group ownership is being assigned at the time the file is created. It is important to remember that user ownership and group ownership distinct, and it is possible that a user that owns a file will not be a member in the group that owns it.

9 Directory and File Access Modes File-type Owner Group Others filename d/l/- rwx rwx rwx file.txt # ls -l /etc/passwd -rw-r--r-- 1 root root 2232 Feb 21 2011 /etc/passwd

10 Changing File and Directory Access Modes Only the file owner (and the super user) may change access modes for files and directories. Use the chmod command in order to change the access modes for files and directories. There are two modes of operation with the chmod command: Symbolic mode – uses combinations of letters and symbols to add, remove or set permissions from various types of users. Octal mode- uses octal numbers to represent file permissions. Octal mode is also referred as absolute or numeric mode

11 Symbolic Mode The chmod command ugo (user,group,others) +=- (give, equal or take ) rwx (read, write, execute) # chmod g+rx /home/avi # chmod ugo=rwx /tmp

12 Octal (Absolute) Mode Command Format: chmod octalmode filename(s) Octal modes are: Read access = 4 Write access = 2 Execute access =1 Any combination and manipulation of these numbers would set the permissions for the user, group and others: 644 = rw-r--r-- 755 = rwxr-xr-x 751 = rwxr-x-—x 777 = rwxrwxrwx

13 Setting Default Access Mode with umask

14 Linux umask base modes file base mode 0666 directory base mode 0777 new file mode = base-mode – umask 0644 = 0666 - 0022 files 0755 = 0777 - 0022 directories

15 Setting Default Access Mode with umask The umask filter determines the default permissions for new files and directories Display your umask: # umask # 0022 The first digit of a mode (0750, for example) is used to specify some special bits (e.g. set-user-ID, set-group-ID, and the "sticky bit") Try: # umask -S # umask 777

16 Remember! File level security is composed of user authentication and permissions Users are defined by names and groups in the /etc/passwd,shadow,group files Files of all types have user group and other permissions of read write and execute The meaning of those permissions are a bit different for files and directories File ownership and mode can be changed by owner and root File default permissions can be set using umask

17 Changing Ownership Only the owner of the file and root can change ownership Changing ownership is done with the chown command: # chown new-owner:new-group filename # chown anat:ort /etc/passwd Change directory and the recursive content with -R # chown -R anat:public /tmp

18 Users # useradd - Adding a new user (use the passwd to change the user password or usermod) # usermod - Changing a user # userdel - Deleting a user Lets look at /etc/passwd

19 Groups # groupadd - Add a new group # groupmod - Change a group # groupdel - Deleting a group Lets look at /etc/group

20 Exercises 1.create 5 different users 2.create 3 new groups 3.Change the new users home directory to /tmp 4.change the UID of the new users to 10001/2/3/4/5 5.change the GID of the 3 new groups to 2001/2/3 6.add all 5 users to the new 3 groups without changing the default group 7.use the useradd command and in one line add a new user, grant him a password, set his home directory to /tmp and make him a member of all 3 groups

21 Exercises Write the command line by using letters with chmod to set the following permissions: rwxrwxr-x : rwxr--r-- : r--r----- : rwxr-xr-x : r-x--x--x : -w-r----x : -----xrwx :

22 Exercises Write the command line by using octal numbers with chmod to set the following permissions: rwxrwxrwx : --x--x--x : r---w---x : -w------- : rw-r----- : rwx--x--x :

23 Exercises With the following umask values what would be the files and directories creation permissions? umask = 0027 File permissions: Directory permissions: umask = 0011 File permissions: Directory permissions: umask = 0541 File permissions: Directory permissions: umask = 0777 File permissions: Directory permissions:

24

25

Download ppt "Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory."

Similar presentations

Linux Users and Groups Management

Linux Users and Groups Management
Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
File Security. Viewing Permissions ls –l Permission Values.

File Security. Viewing Permissions ls –l Permission Values.
Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.

Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.
File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.

File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
User Accounts and Permissions Chapter IV / Part II.

User Accounts and Permissions Chapter IV / Part II.
CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang

CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.
Lecture 02CS311 – Operating Systems 1 1 CS311 – Lecture 02 Outline UNIX/Linux features – Redirection – pipes – Terminating a command – Running program.

Lecture 02CS311 – Operating Systems 1 1 CS311 – Lecture 02 Outline UNIX/Linux features – Redirection – pipes – Terminating a command – Running program.
UNIX Chapter 08 File Security Mr. Mohammad Smirat.

UNIX Chapter 08 File Security Mr. Mohammad Smirat.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.

Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.
Getting Started with Linux Linux System Administration Permissions.

Getting Started with Linux Linux System Administration Permissions.
Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.

Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.
Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.

Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)

File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition

Similar presentations

Ads by Google