Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8 File System Security. File Protection Schemes Password-Based Protection Encryption-Based Protection Protection-Based on Access Permission.

Published byEzra Chapman Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 8 File System Security. File Protection Schemes Password-Based Protection Encryption-Based Protection Protection-Based on Access Permission."— Presentation transcript:

1 Chapter 8 File System Security

2 File Protection Schemes Password-Based Protection Encryption-Based Protection Protection-Based on Access Permission

3 File Protection Schemes Password-Based Protection  Both the Login name and password are required for a user to enter a UNIX system  All login names can be found in the /etc/passwd file.  A user’s password is given to that user ONLY.  Change user’s password frequently.  passwd command (for local account)  yppasswd or nispasswd command for network’s computer systems.

4 File Protection Schemes Password-Based Protection  Discovering a user’s password: 1) You, as the owner of an account, inform others of your password 2) a password can be guessed by another user 3) a user’s password can be extracted by “brute force”

5 Figure 8.1 The process of encryption and decryption File Protection Schemes Encryption-Based Protection  Whole Disk Encryption  File-level Encryption

6 File Protection Schemes Protection-Based on Access Permission As file owner, you can attach certain access rights to your files that dictate who can and cannot access them for various types of file operations. /etc/passwd /etc/group

7 File Access Rights Types of Users: – Owner – Group – All/Other Types of Permissions: – Read – Write – Execute Types of Operations Allows on Files – Directories – Other files

8 Table 8.1 Summary of File Permissions in LINUX Read permission Write permission Execute permission

9 Directory Permissions read = list files in the directory write = add new files to the directory execute = access files in the directory

10 Table 8.2 Permission Values

11 Determining and Changing File Access Privileges Determining File Access Privileges –ls –l, ls –ld

12 Changing the Access Rights Purpose – to set/change permissions in files chmod [options] octal-mode filelist chmod [options] symbolic-mode filelist Options -Rrecursively process subdirectories

13 Determining and Changing File Access Privileges (Contd)

14 Examples of chmod Command

15 Determining and Changing File Access Privileges Changing File Access Privileges – chmod [options] octal-mode file-list – chmod [options] symbolic-mode file-list

16 Access Privileges for Directories

17 Default File Access Rights umask is a bitmap which tells which permissions to be turned off when a new files is created. 022 = 000 010 010 (deny write for g+o) rwx r-x r-x (new files permissions) umask (with no parameters returns the current mask value) umask newmask (sets new mask value.) umask command usually used in a startup file

18 Default File Access Rights The default access privileges: – Executable files & directories : 777 – Text files: 666 file access permission = 777 – mask A commonly used mask value is 022. Umask 022 777 - 022 = 755 for executable files & directories 666 - 022 = 644 for text files

19 Figure 8.2 Position of file type and access privilege bits for LINUX files (as seen by “ls –l” command)

20 Figure 8.3 Position of access privilege bits for LINUX files as specified in the chmod command

21 SUID Bit A special permission bit that allows executable files to run using the privileges of the owner of the files rather than the user of the file Can be set using commands: chmod u+s filelist chmod 4xxx filelist Shows up in ls - l in place of the user x bit as an s if the file is executable - (rwsrwxrwx) Very dangerous to use

22 SUID Bit Find both set user id and set group id programs. $ find / -type f –perm +6000 –exec ls –l {}\; > suid_sgid.list cat suid_sgid.list (more or less this file) ls –l /usr/bin/* | grep ‘rws’

23 SGID Bit A special permission bit that allows executable files to run using the privileges of the owner’s group rather than the user of the file Set using the commands chmod g+s filelist chmod 2xxx filelist

24 Sticky Bit A special bit that can be used as follows: For a file: it directs the operating system to keep the program in memory if possible after it finishes execution (Early versions of UNIX) For a directory: it sets it up such that only the owner of the directory can delete (or rename) files from the directory, even if other users have write privilege (tmp) Can be set using the chmod command using the options: chmod +t filelist Shows up in “ls –l” as a t - (rwxrwxrwt)

Download ppt "Chapter 8 File System Security. File Protection Schemes Password-Based Protection Encryption-Based Protection Protection-Based on Access Permission."

Similar presentations

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
File Security. Viewing Permissions ls –l Permission Values.

File Security. Viewing Permissions ls –l Permission Values.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
User Accounts and Permissions Chapter IV / Part II.

User Accounts and Permissions Chapter IV / Part II.
Linux Linux File System.

Linux Linux File System.
Operating Systems Recitation 11, June 9-10, 2002.

Operating Systems Recitation 11, June 9-10, 2002.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.
UNIX Chapter 08 File Security Mr. Mohammad Smirat.

UNIX Chapter 08 File Security Mr. Mohammad Smirat.
COMP1070/2002/lec4/H.Melikian COMP1070 Lecture #5  Files and directories in UNIX  Various types of files  File attributes  Notion of pathname  Commands.

COMP1070/2002/lec4/H.Melikian COMP1070 Lecture #5  Files and directories in UNIX  Various types of files  File attributes  Notion of pathname  Commands.
O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.

O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.

Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.

Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.
Introduction to UNIX / Linux - 4

Introduction to UNIX / Linux - 4
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
Title Slide CSS 404/504 The UNIX Operating System (2) By Ralph B. Bisland, Jr.

Title Slide CSS 404/504 The UNIX Operating System (2) By Ralph B. Bisland, Jr.
CIT 140: Introduction to ITSlide #1 CSC 140: Introduction to IT File Security.

CIT 140: Introduction to ITSlide #1 CSC 140: Introduction to IT File Security.
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)

File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2011 by the Trustees of Indiana University except as noted.

Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2011 by the Trustees of Indiana University except as noted.

Similar presentations

Ads by Google