Presentation is loading. Please wait.

Presentation is loading. Please wait.

Company LOGO Security in Linux PhiHDN - VuongNQ. Contents Introduction 1 Fundamental Concepts 2 Security System Calls in Linux 3 Implementation of Security.

Published byApril O’Brien’ Modified over 7 years ago

Similar presentations

Presentation on theme: "Company LOGO Security in Linux PhiHDN - VuongNQ. Contents Introduction 1 Fundamental Concepts 2 Security System Calls in Linux 3 Implementation of Security."— Presentation transcript:

1 Company LOGO Security in Linux PhiHDN - VuongNQ

2 Contents Introduction 1 Fundamental Concepts 2 Security System Calls in Linux 3 Implementation of Security in Linux 4

3 Introduction Linux, as a clone of MINIX and UNIX, has been a multiuser system almost from beginning. Security and control of information was built in very early on.

4 Fundamental Concepts A UID is an integer between 0 and 65,535. Files, processes and other resources are marked with UID of their owner. By default, the owner of a file is the person who created the file. Users can be organized into groups, which are also numbered with 16-bit integers called GIDs (Groups IDs). A user could be in one or more groups at the same time.

5 Fundamental Concepts Potential accesses are read, write, and execute, designated by the letters r, w, and x, respectively. There are three categories of users (owner, group and others). 3 bits per category. 9 bits are sufficient to represent the access rights.

6 Fundamental Concepts Figure 10-37. Some example file protection modes.

7 Fundamental Concepts

8

9

10 The user with UID 0 is special and is called the superuser (or root). Root can read and write all files in the system.

11 Power of root Create a file. Set permission 000 000 000 (--- --- ---). It means nobody has any access (Figure 10-37)

12 Power of root Result:

13 Power of root Use root user to access:

14 Set permission to 777 to check again. Power of root When use command :wq!, the file has been updated successfully.

15 Conclusion The superuser (root) has the power to read and write all files in system, no matter who owns them and no matter how they are protected.

16 Fundamental Concepts (cont) Special files corresponding to the I/O devices have the same protection bits as regular files. Ex: the printer special file, /dev/lp, could be owned by the root or by a special user, daemon, and have mode rw------- to keep everyone else from directly accessing the printer. Problem: Sometimes users do have a legitimate need to print something. Solution: use SETUID bit.

17 Fundamental Concepts When a program with the SETUID bit on is executed, the effective UID for that process becomes the UID of the executable file’s owner instead of the UID of the user who invoked it. By making the program that accesses the printer be owned by daemon but with the SETUID bit on, any user could execute it, and have power of daemon (e.g., access to /dev/lp ) but only run that program (which might queue print jobs for printing in an orderly fashion).

18 Fundamental Concepts In addition to the SETUID bit there is also a SETGID bit that works analogously. This bit is rarely used.

19 Fundamental Concepts

20 How do you set the sticky bit? –In a terminal window: Put the number ‘1′ in front of a normal chmod command. Eg – to make the test file or directory world readable, writeable, executable, and sticky use chmod 1777 test. –In your desktop environment: Right-click the test file or directory and go to properties. Look for a permissions tab or listing and check the sticky bit checkbox. How can you tell if the sticky bit is set on a file or directory? There will be a letter ‘t’ in the last position of the file permissions as in: rwxrwxrw-t

21 Security System Calls in Linux There are only a small number of system calls relating to security. For example: –Sets newgame to rwxr-xr-x so that everyone can run it Only the owner of a file and the superuser can change its protection bits.

22 Security System Calls in Linux

23 Implementation of Security in Linux Login (which is SETUID root) asks for a login name and a password. It hashes the password and then looks in the password file ( /etc/passwd ) to see if the hash matches the one there. If the password is correct, the login program looks in /etc/passwd to see the name of the user’s preferred shell. ( bash, csh, ksh ) The login program then uses setuid and setgid to give itself the user’s UID and GID.

24 Implementation of Security in Linux Then it opens: –The keyboard for standard input (file descriptor 0) –The screen for standard output (file descriptor 1) –The screen for standard error (file descriptor 2) Finally, it executes the preferred shell. Username:Password:UID:GID:Description:Home directory:Shell

25 Implementation of Security in Linux The preferred shell is running with the correct UID and GID. All processes that it forks off automatically inherit the shell’s UID and GID -> they also will have the correct owner and group. All files they create also get these values.

26 Implementation of Security in Linux When any process attempts to open a file, the system first checks the protection bits to see if the access is permitted. –If so, the file is opened and a file descriptor returned. –If not, the file is not opened and -1 returned. No checks are made on subsequent read or write calls. The Linux security model and its implementation are essentially the same as in most other traditional UNIX systems.

27 References References: –Modern Operating Systems, 3rd Edition – Andrew S. Tanenbaum (Chapter 10.7 – Page 799) –Hoang Duc Quang’s Slides –Internet Examples was made by using Fedora 11

28 Company LOGO PhiHDN - VuongNQ

Download ppt "Company LOGO Security in Linux PhiHDN - VuongNQ. Contents Introduction 1 Fundamental Concepts 2 Security System Calls in Linux 3 Implementation of Security."

Similar presentations

Computer Science CSC 405 LabBy Yuzheng Zhou1 CSC 405 Introduction to Computer Security Lab session.

Computer Science CSC 405 LabBy Yuzheng Zhou1 CSC 405 Introduction to Computer Security Lab session.
Chapter One The Essence of UNIX.

Chapter One The Essence of UNIX.
1 Introduction to UNIX Ke Liu

1 Introduction to UNIX Ke Liu
Unix permissions, ownership and setuid File security and ownership The chmod(1) command Process Ownership Setuid, Setgid and the Sticky bit Writing setuid.

Unix permissions, ownership and setuid File security and ownership The chmod(1) command Process Ownership Setuid, Setgid and the Sticky bit Writing setuid.
Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.

Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.

1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Sharing Files Richard Newman based on Smith “Elementary Information Security”

Sharing Files Richard Newman based on Smith “Elementary Information Security”
Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.

Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.
Getting Started with Linux Linux System Administration Permissions.

Getting Started with Linux Linux System Administration Permissions.
File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.

File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.
Unix System Administration Rootly Powers Chapter 3.

Unix System Administration Rootly Powers Chapter 3.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
Guide To UNIX Using Linux Fourth Edition

Guide To UNIX Using Linux Fourth Edition
CSC 322 Operating Systems Concepts Lecture - 4: by Ahmed Mumtaz Mustehsan Special Thanks To: Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,

CSC 322 Operating Systems Concepts Lecture - 4: by Ahmed Mumtaz Mustehsan Special Thanks To: Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)

File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.

Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.

Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.

Similar presentations

Ads by Google