Tài Liệu - Võ Tấn Dũng (votandung) Unit4 Linux ITC

Tài Liệu - Võ Tấn Dũng (votandung) Unit4 Linux ITC tài liệu, giáo án, bài giảng , luận văn, luận án, đồ án, bài tập lớn...

File Security

Lecturer: Võ Tấn Dũng

votandung@yahoo.com http://sites.google.com/site/votandungsg/

Information Technology College of HoChiMinh city

Faculty of Information Technology

Course: Fundamentals of Linux OS

Unit 4

Objectives

Upon completion of this module, you should be able to:

• Display file permissions

• Define permission types (read, write, and execute)

• Set and change file permissions using symbolic and

octal notation

• Display the umask value of a file or directory

VÕ TẤN DŨNG

Linux security

overview

Security Overview

• The primary function of a system’s security feature is to deny

access to unauthorized users

• Keeping computer information secure is important to the user

and the system administrator By protecting their files and

accounts from unauthorized use, users are also protecting their job and reputation

• Standard Linux environment security features include user

passwords, which restrict access to the system; file and

directory protection with permissions; files that control remote

logins and commands on individual workstations; and other

features that enable system administrators to check for security breaches

VÕ TẤN DŨNG

Two default levels of security

The Linux operating system has two default levels of security:

• First, users must supply a login ID and password in order to access a Linux workstation

• Second, files and directories are automatically

protected by permissions when they are created

Super user

• Linux provides a special user account called root that has total access to the system This account’s user is also called the

superuser

• All permissions placed on files and directories can be

overridden by the root user

• The superuser account is used to run system administration

commands and to edit important system files such as the

password file

VÕ TẤN DŨNG

Permission Categories

The ls -l command displays the following permissions:

- File type – This includes directories and ordinary files

- User (owner) – The user who created the file or directory

- Group– Class of users defined by the system administrator

- Others (public) – All other users

How file and directory access

is determined

UID and GID

• All files and directories have a user identifier (UID) and group

identifier (GID) number associated with them

• The kernel uses these numbers to identify ownership of files,

rather than the user or group name familiar to the user

VÕ TẤN DŨNG

$ ls -an

drwxr-xr-x 2 101 10 512 May 24 17:25 mickey

-rw-r r 1 101 10 0 May 24 17:25 profile

Permissions and corresponding

symbols

Changing Permissions

VÕ TẤN DŨNG

Using chmod command

- with symbolic mode

- with octal (absolute) mode

Using umask filter

Symbolic mode and octal mode

The two modes of operation with the chmod command are

symbolic and octal

• Symbolic mode uses combinations of letters and symbols

to add or remove permissions from various categories of

users

• Octal mode uses octal numbers to represent file

permissions Octal mode is also referred to as absolute or

numeric mode

The chmod command is used by a file’s owner (or superuser) to

change file permissions

• Remove group read permission

• Deny read permission to others

$ ls -l dante

-rw-r r 1 user2 staff 2 Jun 11 1:44 dante

$ chmod g-r dante

$ ls -l dante

-rw r 1 user2 staff 2 Jun 11 1:44 dante

$ chmod o-r dante

$ ls -l dante

-rw - 1 user2 staff 2 Jun 11 1:44 dante

Changing permissions with

symbolic mode

• Add execute permission for owner, and read permission for group and others

Attention: There is no space after u+x and before go+r, although

there is a comma between them

• Set permissions to read and write for everyone

VÕ TẤN DŨNG

$ chmod u+x,go+r dante

$ ls -l dante

-rwxr r 1 user2 staff 2 Jun 11 1:44 dante

Changing permissions with

symbolic mode (cont.)

$ chmod a=rw dante

$ ls -l dante

-rw-rw-rw- 1 user2 staff 2 Jun 11 1:44 dante

Octal (Absolute) Mode

• Octal mode is based on the base eight numbering system

(0–7 are the available numerals)

Octal values for permission sets

VÕ TẤN DŨNG

Combined values and permissions

Default permissions: 644 and 755

• The first position defines the user (owner) permissions, the

second position defines the group, and the last position defines others

• Default permissions on files are 644, and default permissions

on directories are 755

VÕ TẤN DŨNG

Changing permission with octal

Changing permission with octal

mode (cont.)

• Change user and group permissions to include write access:

• Change group permission to read and execute:

The umask filter

The umask filter determines the default permissions for files and

directories The permissions are assigned during the creation of

new files and directories

• Depending up the shell, the umask value will display differently

as either 0022, 022, or 22

Example: Displaying Your umask

$ umask

022

Default Permissions by umask

• The default permissions which will be assigned to a newly

created file or directory are determined by the application of the umask filter against the maximum system assignable file (666)

and directory (777) permissions

Calculate the default permission

of a new file from umask

• With a given value of default umask filter how the system

determining what the default permissions will be when

creating new files

Calculate the default permission

of a new directory from umask

• With a given value of default umask filter how the system

determining what the default permissions will be when

creating new directories

VÕ TẤN DŨNG

Changing the umask value

• The umask value can be changed at the command line by

the umask command

Example: Verify the current umask

• The umask value is set in the kernel but an alternate value

can be placed in /etc/profile by the system administrator

• The new umask value will be lost when you log out of the

system unless the umask command is placed in the profile file

END OF UNIT 4

VÕ TẤN DŨNG

• remember to do your homework

(see http://sites.google.com/site/votandungsg/)