Operating Systems Recitation 11, June 9-10, 2002.

Slides:

Advertisements

Similar presentations

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.

Advertisements

Computer Science CSC 405 LabBy Yuzheng Zhou1 CSC 405 Introduction to Computer Security Lab session.

System Files and Process Environment Password file Group file System identification Time Process environment.

Operating Systems Recitation 5, April 21-22, 2002 slide 13 updated April 28 th.

Unix Security Issues Process Creation/Space Users and Groups File Permissions Relationship of Program and File Security.

Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.

Linux+ Guide to Linux Certification, Second Edition

UNIX Chapter 08 File Security Mr. Mohammad Smirat.

Getting Started with Linux Linux System Administration Permissions.

O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.

Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.

Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.

CIT 140: Introduction to ITSlide #1 CSC 140: Introduction to IT File Security.

File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)

Linux+ Guide to Linux Certification, Second Edition

Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.

IT2204: Systems Administration I 1 6b). Introduction to Linux.

Operating Systems Recitation 9, May 19-20, Iterative server Handle one connection request at a time. Connection requests stored in queue associated.

Unix System Administration Chapter 6 Adding New Users.

File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.

Operating Systems Recitation 1, March th, 2002.

ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.

Lesson 9-Setting and Using Permissions. Overview Describing file permissions. Using execute permissions with a file. Changing file permissions using mnemonics.

Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 

There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?

Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.

Process Control Process identifiers Process creation fork and vfork wait and waitpid Race conditions exec functions system function.

Files and Directories File types stat functions for file information

1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File.

Linux+ Guide to Linux Certification, Third Edition

Linux+ Guide to Linux Certification, Third Edition

PacNOG 6: Nadi, Fiji UNIX ™/ /Linux Permissions Hervey Allen Network Startup Resource Center.

Privileges: who can control what Introduction to Unix June 16, 2009 Papeete, French Polynesia Hervey Allen.

Privileges: who can control what Introduction to Unix May 24, 2008 Rabat, Morocco Hervey Allen.

Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.

Today’s topic Access and manipulate meta data for files –File type, ownership, access permissions, access time, etc How to determine if a file is not there?

Lesson 3-Touring Utilities and System Features. Overview Employing fundamental utilities. Linux terminal sessions. Managing input and output. Using special.

Manually Creating a New User Account Presented by Carl South.

© 2006 ITT Educational Services Inc. Linux Operating System :: Unit 3 :: Slide 1 Downloading and Installing Software yum pirut Bit Torrent rmp.

ITI-481: Unix Administration Meeting 3 Christopher Uriarte, Instructor Rutgers University Center for Applied Computing Technologies.

NCHU System & Network Lab Lab 14 File and Directory.

Password. On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a.

SCSC 455 Computer Security Chapter 3 User Security.

Chapter 8 File System Security. File Protection Schemes Password-Based Protection Encryption-Based Protection Protection-Based on Access Permission.

Working with users and Groups. 1. Manage users and group 2. Manage ownership, permissions, and quotas.

Linux Use the Command-Line Interface to Administer the System.

SUSE Linux Enterprise Desktop Administration Chapter 9 Manage Users, Groups, and Permissions.

CSCI 330 UNIX and Network Programming Unit VIII: I/O Management II.

Jozef Goetz, expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.

Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.

Karlstad University Operating System security Ge Zhang Karlstad University.

Advanced Programming in the UNIX Environment Hop Lee.

Company LOGO Security in Linux PhiHDN - VuongNQ. Contents Introduction 1 Fundamental Concepts 2 Security System Calls in Linux 3 Implementation of Security.

CHAPTER 6. SYSTEM DATA FILES AND INFORMATION System Programming 本份投影片大量參考熊博安教授的系統程式投影片羅習五國立中正大學資訊工程學系

Privileges: who can control what

Module X (Unix/Linux Password Security)

Chapter 11: Managing Users

Chapter 8 File Security.

Chapter 2 User Management

Privileges: who can control what

Adding New Users, Storage, File System

Unix Access Control Basic CE 2

Operating Systems 15 - security

Chapter 7 File and file System structure

Presented by, Mr. Satish Pise

Security and File Permission

The Linux Command Line Chapter 9

Chien-Chung Shen CIS, UD

Module 13 System and User Security

Adding New Users.

Presentation transcript:

Operating Systems Recitation 11, June 9-10, 2002

Motivation Privileged facility needs to be available for general users. Example: Allow user to perform specific operation that requires root permissions.

Process and file identities Process: (user ID, group ID) x (real, effective) real: user running program effective: user whose permissions are used to access files and resources. File: owner ID, group owner ID domain (set user ID) bit.

Domain bit (set user ID bit) If user X executes a file owned by Y, whose domain bit is off, then real and effective user ID’s of process are set to X. If domain bit is on, then real user ID of process is set to X, and effective user ID is set to Y.

Process real and effective user ID’s #include uid_t getuid(void); uid_t geteuid(void); Return real, effective user ID of calling process.

Process real and effective user ID’s #include int setuid(uid_t uid); Sets both real and effective user ID’s. Only super-user. int seteuid(uid_t uid); Set effective user ID of process. Return 0 if OK, -1 on error.

Password file User name Encrypted password Numerical user ID Numerical group ID Comment field Initial working dir Initial shell char* pw_name char* pw_passwd uid_t pw_uid gid_t pw_gid char* pw_gecos char* pw_dir char* pw_shell

Entries in password file #include struct passwd* getpwuid(uid_t uid); struct passwd* getpwnam(const char *name); Return pointer if OK, NULL on error. Examples: –getpwuid is used by ls program to map numerical user ID in i-node to user’s login. –getpwnam is used by login program when entering login name.

Passwords in Unix Encryption of Unix passwords: one-way function (crypt). User passwords are far from random. Brute force (statistical, dictionary): educated guess, apply function, compare result. Shadow passwords: instead of visible encrypted passwords (in /etc/passwd file), store with root access (in /etc/shadow file). Breakable.

Exercise description Write a program that reads information from two files which only have owner permissions, by setting the program’s set- user-ID bit. User x runs a program owned by user y, and the program’s domain (suid) bit is on. Users x and y each have a secret file in their initial directory that only they can access. Program prints a line from both files.

Exercise description 1.Get real user ID (user running program). Set effective user to real user (if file suid bit is on then effective user was initially the program owner). Read first line of file named secret which in user’s initial directory, and printout user’s name, full path of secret file, and first line of secret file.

Exercise description 2.Get user ID of program owner using stat function (st_uid member in stat structure).

Exercise description 3.Get user name and initial directory of program owner. Set effective user ID (back) to program owner. Read first line of secret file which is in user’s initial directory, and printout user’s name, full path of secret file, and first line of secret file.

Exercise notes Save file named secret only with owner read/write permissions (chmod 600). Other users can access this file only using the ex-suid program.

Exercise description Example run: % /tmp/y/program real user: x secret file: /a/home/cc/students/cs/x/secret secret: X program owner: y secret file: /a/home/cc/cs/y/secret secret: Y

Exercise submission Submission: optional. Software Directory: ~username/os02b/ex-suid Files: ex-suid.c Permissions: chmod ugo+rx (to above) Hardcopy name, ID, login, CID ex-suid.c submit in 281, Nir Noimark, Environment: Unix, Linux

References Operating systems, Sivan Toledo, Akademon, Operating systems concepts, Abraham Silberschatz and Peter Galvin, Advanced programming in the Unix environment, Richard Stevens, Addison- Wesley, 1993.