Download presentation
Presentation is loading. Please wait.
Published byAudrey Reynolds Modified over 8 years ago
1
CSCI 530 Lab Authorization
2
Review Authentication: proving the identity of someone Passwords Smart Cards DNA, fingerprint, retina, etc. Authorization: allowing a user to access certain resources
3
Authorization in Linux Authorization on Linux is handled by Access Control Lists (ACLs) ACLs grant access to files In Linux, everything is a file, even system perhipherals Example: /dev/hda1 – first partition on the hard disks mounted at hard disk “a” (hda) We can control who has access to different files and/or system resources with Access Control Lists and Groups
4
Linux Users and Groups In the last lab, you practiced using the useradd command Similar command for groups groupadd – creates a new group usermod – allows you to change the group to which the user belongs Groups allow for multiple users to have similar authorization on certain resources Linux has many preset groups Some are for programs, such as apache
5
Changing the Authorization on Files In linux, we use the chmod command on a file to change the authorization The format is chmod permissions filename Example: chmod 755 text.txt Permissions take the form of User Group World Each numerical value is a decimal representation of a binary code: Read Write Execute 1 means on and a 0 means off 7 corresponds to: 111, meaning read, write, and execute permissions So 755 means the user has full access, the group has read and execute status, and the world has read and execute status Only the original owner of the file has authorization to modify the permissions of a file (and root – under certain distributions)
6
More Linux ACL Examples Your scf.usc.edu account Every student has a Unix account on Aludra You can make a website with the url: www-scf.usc.edu/~username When you login to Aludra, once you’ve set up your account for a webpage, you have a public_html folder To publish webpages, simply put the file in the public_html directory However, no one will be able to see the files unless you modify the permissions Access from a webpage is considered “world” access, so you must grand read and execute permissions to “world”
7
Windows Authorization Windows has a different form of Authorization, depending on the network Workgroups – small networks Each client must specify his/her own authorization Local Security Policies Domains – large networks with Domain Controllers Group Policies - policies that are set forth for the entire network, based on user permissions
8
Windows 2000 Authorization – Standalone Clients Two parts of Windows make up the full authorization: Users & Groups Start Settings Control Panel Users & Groups Windows 2000 has preset groups, you cannot make your own Local Security Policies Start Settings Control Panel Administrative Tools Local Security Policy Here’s where you get to assign permissions to groups Windows 2003 Allows you to create your own groups Gives more control to the administrator for setting up policies across the client and the domain
9
This week’s lab We have Windows 2000 virtual machines We are going to look at the default security policies that are in place We will also see some of the preset local security policies given by Microsoft
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.