Company LOGO Security in Linux PhiHDN - VuongNQ. Contents Introduction 1 Fundamental Concepts 2 Security System Calls in Linux 3 Implementation of Security.

Slides:



Advertisements
Similar presentations
Computer Science CSC 405 LabBy Yuzheng Zhou1 CSC 405 Introduction to Computer Security Lab session.
Advertisements

Chapter One The Essence of UNIX.
1 Introduction to UNIX Ke Liu
Unix permissions, ownership and setuid File security and ownership The chmod(1) command Process Ownership Setuid, Setgid and the Sticky bit Writing setuid.
Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.
Linux+ Guide to Linux Certification, Second Edition
1 CSE 380 Computer Operating Systems Instructor: Insup Lee and Dianna Xu University of Pennsylvania Fall 2003 Lecture Note: Protection Mechanisms.
Guide To UNIX Using Linux Third Edition
Sharing Files Richard Newman based on Smith “Elementary Information Security”
Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.
Getting Started with Linux Linux System Administration Permissions.
File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.
Unix System Administration Rootly Powers Chapter 3.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
Guide To UNIX Using Linux Fourth Edition
CSC 322 Operating Systems Concepts Lecture - 4: by Ahmed Mumtaz Mustehsan Special Thanks To: Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,
File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)
Linux+ Guide to Linux Certification, Second Edition
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.
CS 390 Unix Programming Summer Unix Programming - CS 3902 Course Details Online Information Please check.
File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
Hands On UNIX II Dorcas Muthoni. Processes A running instance of a program is called a "process" Identified by a numeric process id (pid)‏  unique while.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.
1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File.
Linux+ Guide to Linux Certification, Third Edition
Linux+ Guide to Linux Certification, Third Edition
Workbook 4 User & Group Permissions RH030 Linux Computing Essentials.
PacNOG 6: Nadi, Fiji UNIX ™/ /Linux Permissions Hervey Allen Network Startup Resource Center.
Privileges: who can control what Introduction to Unix June 16, 2009 Papeete, French Polynesia Hervey Allen.
Introduction to Programming Using C An Introduction to Operating Systems.
1 Lecture 6 Introduction to Process Management COP 3353 Introduction to UNIX.
Privileges: who can control what Introduction to Unix May 24, 2008 Rabat, Morocco Hervey Allen.
Advanced Programming in the UNIX Environment Hop Lee.
Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.
Lesson 3-Touring Utilities and System Features. Overview Employing fundamental utilities. Linux terminal sessions. Managing input and output. Using special.
SCSC 455 Computer Security Chapter 3 User Security.
Chapter 8 File System Security. File Protection Schemes Password-Based Protection Encryption-Based Protection Protection-Based on Access Permission.
SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions.
Jozef Goetz, expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.
Access Control. Many models Traditional Unix model Windows model Role-based access control (SE Linux)‏ Access control for confidentiality (Bell-La Padula.
File System Security in Unix Annie Calpe. Overview Unix Basics File System Security: - Account Security: Passwords - File Permissions - Access Control.
Privileges: who can control what
Permissions: who can control what Unix/IP Preparation Course July 19, 2009 Eugene, Oregon, USA
SYSTEM ADMINISTRATION PART I by İlker Korkmaz and Kaya Oğuz
Week 4 - Friday CS222.
Module X (Unix/Linux Password Security)
...looking a bit closer under the hood
Avani R.Vasant V.V.P. Engineering College
System Programming and administration CS 308
Chapter 11: Managing Users
Hands On UNIX AfNOG 2010 Kigali, Rwanda
Chapter 8 File Security.
Hands On UNIX AfNOG X Cairo, Egypt
Privileges: who can control what
Using the Terminal Lab 3+.
Chapter 7 File and file System structure
Presented by, Mr. Satish Pise
UNIX System Protection
Shells, Help, and Paths.
Security and File Permission
Chapter Introduction 3.2 The UNIX Model of Ownership
Rootly Powers Chapter 3.
Figure 6-13: Managing Permissions
Lecture 6 Introduction to Process Management
Race Condition Vulnerability
Presentation transcript:

Company LOGO Security in Linux PhiHDN - VuongNQ

Contents Introduction 1 Fundamental Concepts 2 Security System Calls in Linux 3 Implementation of Security in Linux 4

Introduction Linux, as a clone of MINIX and UNIX, has been a multiuser system almost from beginning. Security and control of information was built in very early on.

Fundamental Concepts A UID is an integer between 0 and 65,535. Files, processes and other resources are marked with UID of their owner. By default, the owner of a file is the person who created the file. Users can be organized into groups, which are also numbered with 16-bit integers called GIDs (Groups IDs). A user could be in one or more groups at the same time.

Fundamental Concepts Potential accesses are read, write, and execute, designated by the letters r, w, and x, respectively. There are three categories of users (owner, group and others). 3 bits per category. 9 bits are sufficient to represent the access rights.

Fundamental Concepts Figure Some example file protection modes.

Fundamental Concepts

The user with UID 0 is special and is called the superuser (or root). Root can read and write all files in the system.

Power of root Create a file. Set permission ( ). It means nobody has any access (Figure 10-37)

Power of root Result:

Power of root Use root user to access:

Set permission to 777 to check again. Power of root When use command :wq!, the file has been updated successfully.

Conclusion The superuser (root) has the power to read and write all files in system, no matter who owns them and no matter how they are protected.

Fundamental Concepts (cont) Special files corresponding to the I/O devices have the same protection bits as regular files. Ex: the printer special file, /dev/lp, could be owned by the root or by a special user, daemon, and have mode rw to keep everyone else from directly accessing the printer. Problem: Sometimes users do have a legitimate need to print something. Solution: use SETUID bit.

Fundamental Concepts When a program with the SETUID bit on is executed, the effective UID for that process becomes the UID of the executable file’s owner instead of the UID of the user who invoked it. By making the program that accesses the printer be owned by daemon but with the SETUID bit on, any user could execute it, and have power of daemon (e.g., access to /dev/lp ) but only run that program (which might queue print jobs for printing in an orderly fashion).

Fundamental Concepts In addition to the SETUID bit there is also a SETGID bit that works analogously. This bit is rarely used.

Fundamental Concepts

How do you set the sticky bit? –In a terminal window: Put the number ‘1′ in front of a normal chmod command. Eg – to make the test file or directory world readable, writeable, executable, and sticky use chmod 1777 test. –In your desktop environment: Right-click the test file or directory and go to properties. Look for a permissions tab or listing and check the sticky bit checkbox. How can you tell if the sticky bit is set on a file or directory? There will be a letter ‘t’ in the last position of the file permissions as in: rwxrwxrw-t

Security System Calls in Linux There are only a small number of system calls relating to security. For example: –Sets newgame to rwxr-xr-x so that everyone can run it Only the owner of a file and the superuser can change its protection bits.

Security System Calls in Linux

Implementation of Security in Linux Login (which is SETUID root) asks for a login name and a password. It hashes the password and then looks in the password file ( /etc/passwd ) to see if the hash matches the one there. If the password is correct, the login program looks in /etc/passwd to see the name of the user’s preferred shell. ( bash, csh, ksh ) The login program then uses setuid and setgid to give itself the user’s UID and GID.

Implementation of Security in Linux Then it opens: –The keyboard for standard input (file descriptor 0) –The screen for standard output (file descriptor 1) –The screen for standard error (file descriptor 2) Finally, it executes the preferred shell. Username:Password:UID:GID:Description:Home directory:Shell

Implementation of Security in Linux The preferred shell is running with the correct UID and GID. All processes that it forks off automatically inherit the shell’s UID and GID -> they also will have the correct owner and group. All files they create also get these values.

Implementation of Security in Linux When any process attempts to open a file, the system first checks the protection bits to see if the access is permitted. –If so, the file is opened and a file descriptor returned. –If not, the file is not opened and -1 returned. No checks are made on subsequent read or write calls. The Linux security model and its implementation are essentially the same as in most other traditional UNIX systems.

References References: –Modern Operating Systems, 3rd Edition – Andrew S. Tanenbaum (Chapter 10.7 – Page 799) –Hoang Duc Quang’s Slides –Internet Examples was made by using Fedora 11

Company LOGO PhiHDN - VuongNQ

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.