Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privileges: who can control what Introduction to Unix May 24, 2008 Rabat, Morocco Hervey Allen.

Published byAron Phillips Modified over 8 years ago

Similar presentations

Presentation on theme: "Privileges: who can control what Introduction to Unix May 24, 2008 Rabat, Morocco Hervey Allen."— Presentation transcript:

1 Privileges: who can control what Introduction to Unix May 24, 2008 Rabat, Morocco Hervey Allen

2 NSRC@AfNOG '08 Rabat Goal Understand the following: The Unix security model How a program is allowed to run Where user and group information is stored Details of file permissions

3 NSRC@AfNOG '08 Rabat Some philosophy It's available! Wait, what was that? Oh yeah, it's available! It's has some very powerful features. It's ubiquitous in Unix ( visudo, vipw, vigr, etc.)‏ Not that hard to learn after initial learning curve. Impress your friends and family with your arcane knowledge of computers.

4 NSRC@AfNOG '08 Rabat Users and Groups Unix understands Users and Groups A user can belong to several groups A file can belong to only one user and one group at a time A particular user, the superuser “root” has extra privileges (uid = “0” in /etc/passwd)‏ Only root can change the ownership of a file

5 NSRC@AfNOG '08 Rabat Users and Groups cont. User information in /etc/passwd User info in db-format in /etc/pwd.db User password hashes in db-format in /etc/spwd.db Group information is in /etc/group /etc/passwd and /etc/group divide data fields using “:”

6 NSRC@AfNOG '08 Rabat A program runs... 1. A program may be run by a user, when the system starts or by another process. 2. Before the program can execute the kernel inspects several things: a) Looks up the numeric ID values for uid and gid of the user in the file /etc/passwd. b) Is the execute bit set on the program file? c) Does whoever ran the program, or the program itself have the required privileges to do what is requested? d) In most cases, while executing, a program inherits the privileges of the user/process who started it.

7 NSRC@AfNOG '08 Rabat A program in detail When we type: ls -l /usr/bin/top We'll see: -r-xr-xr-x 1 root wheel 46112 Apr 28 10:52 /usr/bin/top What does all this mean?

8 NSRC@AfNOG '08 Rabat -r-xr-xr-x 1 root wheel 46112 Apr 28 10:52 /usr/bin/top ---------- --- ------- ------- -------- ------------ ------------- | | | | | | | | | | | | | File Name | | | | | | | | | | | +--- Modification Time/Date | | | | | | | | | +------------- Size (in bytes)‏ | | | | | | | +----------------------- Group | | | | | +-------------------------------- Owner | | | +-------------------------------------- Dir. entry refs to file | +---------------------------------------------- File Permissions Group The name of the group that has file permissions in addition to the file's owner. Owner The name of the user who owns the file. File Permissions A representation of the file's access permissions. The first character is the type of file. A "-" indicates a regular (ordinary) file. A "d" would indicate a directory. The second set of three characters represent the read, write, and execution rights of the file's owner. The next three represent the rights of the file's group, and the final three represent the rights granted to everybody else. (Example modified from http://www.linuxcommand.org/lts0030.php)‏

9 NSRC@AfNOG '08 Rabat Access rights Files are owned by a user and a group (ownership)‏ Files have permissions for the user, the group, and other “other” permission is often referred to as “world” The permissions are Read, Write and Execute (R, W, X)‏ The same applies to all files

10 NSRC@AfNOG '08 Rabat Some special cases When looking at the output from “ ls -l ” in the first column you might see: d = directory - = regular file l = symbolic link s = Unix domain socket p = named pipe c = character device file b = block device file

11 NSRC@AfNOG '08 Rabat Some special cases cont In the Owner, Group and other columns you might see: s = setuid [when in Owner column] s = setgid [when in Group column] t = sticky bit [when at end] Some References http://www.tuxfiles.org/linuxhelp/filepermissions.html http://www.cs.uregina.ca/Links/class-info/330/Linux/linux.html http://www.onlamp.com/pub/a/bsd/2000/09/06/FreeBSD_Basics.html

12 NSRC@AfNOG '08 Rabat There are two ways to set permissions when using the chmod command: Symbolic mode: testfile has permissions of -r--r--r-- U G O * $ chmod g+x testfile==>-r--r-xr-- $ chmod u+wx testfile==>-rwxr-xr-- $ chmod ug-x testfile==>-rw--r--r-- U=user, G=group, O=other (world)‏ File permissions

13 NSRC@AfNOG '08 Rabat Absolute mode: We use octal (base eight) values represented like this: Letter Permission Value R read 4 W write 2 X execute 1 - none 0 For each column, User, Group or Other you can set values from 0 to 7. Here is what each means: 0= --- 1= --x 2= -w- 3= -wx 4= r-- 5= r-x 6= rw- 7= rwx File permissions cont.

14 NSRC@AfNOG '08 Rabat Numeric mode cont: Example index.html file with typical permission values: $ chmod 755 index.html $ ls -l index.html -rwxr-xr-x 1 root wheel 0 May 24 06:20 index.html $ chmod 644 index.html $ ls -l index.html -rw-r--r-- 1 root wheel 0 May 24 06:20 index.html File permissions cont.

15 NSRC@AfNOG '08 Rabat Two critical points: 1.The permissions of the directory in which a file resides determines what a user can do to the file. 2.The permissions of the file determine what a user can do to the data in the file. Example: If a directory is owned by another user, then you cannot delete a file in the directory, even if you have write (w) access to the file, but you can update the data in the file. Inherited permissions

16 NSRC@AfNOG '08 Rabat To reinforce these concepts let's do some exercises. In addition, a very nice reference on using the chmod command is: An Introduction to Unix Permissions -- Part Two By Dru Lavigne http://www.onlamp.com/pub/a/bsd/2000/09/13/FreeBSD_Basics.html Conclusion

Download ppt "Privileges: who can control what Introduction to Unix May 24, 2008 Rabat, Morocco Hervey Allen."

Similar presentations

The UNIX File System Harry Chen Department of CSEE University of MD Baltimore County.

The UNIX File System Harry Chen Department of CSEE University of MD Baltimore County.
Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
Unix permissions, ownership and setuid File security and ownership The chmod(1) command Process Ownership Setuid, Setgid and the Sticky bit Writing setuid.

Unix permissions, ownership and setuid File security and ownership The chmod(1) command Process Ownership Setuid, Setgid and the Sticky bit Writing setuid.
UNIX file systems Learning Objectives: 1. To understand the basics of file systems 2. To understand the hierarchical structure in Unix file system 3. To.

UNIX file systems Learning Objectives: 1. To understand the basics of file systems 2. To understand the hierarchical structure in Unix file system 3. To.
File Security. Viewing Permissions ls –l Permission Values.

File Security. Viewing Permissions ls –l Permission Values.
Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.

Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.
File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.

File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.
CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang

CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang
Linux Linux File System.

Linux Linux File System.
UNIX Files and Security Software Tools. Slide 2 File Systems l What is a file system? A means of organizing information on the computer. A file system.

UNIX Files and Security Software Tools. Slide 2 File Systems l What is a file system? A means of organizing information on the computer. A file system.
Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.

Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.
Getting Started with Linux Linux System Administration Permissions.

Getting Started with Linux Linux System Administration Permissions.
File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.

File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.
Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.

Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.
1 Lecture 2 Working with Files and Directories COP 3344 Introduction to UNIX.

1 Lecture 2 Working with Files and Directories COP 3344 Introduction to UNIX.
Unix System Administration Rootly Powers Chapter 3.

Unix System Administration Rootly Powers Chapter 3.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)

File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
1Week 4 - Jan 31, 2005 Week 4 Agenda UNIX Directory Structure Absolute pathname Relative pathname Permissions chmod (symbolic/absolute)

1Week 4 - Jan 31, 2005 Week 4 Agenda UNIX Directory Structure Absolute pathname Relative pathname Permissions chmod (symbolic/absolute)
Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2011 by the Trustees of Indiana University except as noted.

Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2011 by the Trustees of Indiana University except as noted.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.

Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.

Similar presentations

Ads by Google