Tài Liệu - Võ Tấn Dũng (votandung) Unit4 Linux ITC tài liệu, giáo án, bài giảng , luận văn, luận án, đồ án, bài tập lớn...
Information Technology College of HoChiMinh city Faculty of Information Technology Course: Fundamentals of Linux OS Unit File Security Lecturer: Võ Tấn Dũng votandung@yahoo.com http://sites.google.com/site/votandungsg/ Objectives Upon completion of this module, you should be able to: • Display file permissions • Define permission types (read, write, and execute) • Set and change file permissions using symbolic and octal notation • Display the umask value of a file or directory VÕ TẤN DŨNG Linux security overview VÕ TẤN DŨNG Security Overview • The primary function of a system’s security feature is to deny access to unauthorized users • Keeping computer information secure is important to the user and the system administrator By protecting their files and accounts from unauthorized use, users are also protecting their job and reputation • Standard Linux environment security features include user passwords, which restrict access to the system; file and directory protection with permissions; files that control remote logins and commands on individual workstations; and other features that enable system administrators to check for security breaches VÕ TẤN DŨNG Two default levels of security The Linux operating system has two default levels of security: • First, users must supply a login ID and password in order to access a Linux workstation • Second, files and directories are automatically protected by permissions when they are created VÕ TẤN DŨNG Super user • Linux provides a special user account called root that has total access to the system This account’s user is also called the superuser • All permissions placed on files and directories can be overridden by the root user • The superuser account is used to run system administration commands and to edit important system files such as the password file VÕ TẤN DŨNG Permission Categories The ls -l command displays the following permissions: - File type – This includes directories and ordinary files User (owner) – The user who created the file or directory Group – Class of users defined by the system administrator Others (public) – All other users VÕ TẤN DŨNG How file and directory access is determined UID and GID • All files and directories have a user identifier (UID) and group identifier (GID) number associated with them • The kernel uses these numbers to identify ownership of files, rather than the user or group name familiar to the user $ ls -an drwxr-xr-x 101 10 512 May 24 17:25 mickey -rw-r r 101 10 May 24 17:25 profile VÕ TẤN DŨNG Permissions and corresponding symbols VÕ TẤN DŨNG Changing Permissions Using chmod command - with symbolic mode - with octal (absolute) mode Using umask filter VÕ TẤN DŨNG Symbolic Mode Command Format chmod mode filename VÕ TẤN DŨNG Changing permissions with symbolic mode • Remove group read permission $ ls -l dante -rw-r r user2 staff Jun 11 1:44 dante $ chmod g-r dante $ ls -l dante -rw r user2 staff Jun 11 1:44 dante • Deny read permission to others $ chmod o-r dante $ ls -l dante -rw - user2 staff Jun 11 1:44 dante VÕ TẤN DŨNG Changing permissions with symbolic mode (cont.) • Add execute permission for owner, and read permission for group and others $ chmod u+x,go+r dante $ ls -l dante -rwxr r user2 staff Jun 11 1:44 dante Attention: There is no space after u+x and before go+r, although there is a comma between them • Set permissions to read and write for everyone $ chmod a=rw dante $ ls -l dante -rw-rw-rw- user2 staff Jun 11 1:44 dante VÕ TẤN DŨNG Octal (Absolute) Mode • Octal mode is based on the base eight numbering system (0–7 are the available numerals) VÕ TẤN DŨNG Octal values for permission sets VÕ TẤN DŨNG Combined values and permissions VÕ TẤN DŨNG Default permissions: 644 and 755 • The first position defines the user (owner) permissions, the second position defines the group, and the last position defines others • Default permissions on files are 644, and default permissions on directories are 755 VÕ TẤN DŨNG Changing permission with octal mode Command Format chmod octal_mode filename • Example: Give user, group, and others a read and execute access: $ ls -l dante rw-rw-rw- user2 staff Jun 11 11:54 dante $ chmod 555 dante $ ls -l dante -r-xr-xr-x user2 staff Jun 11 11:54 dante VÕ TẤN DŨNG Changing permission with octal mode (cont.) Example: • Change user and group permissions to include write access: $ chmod 775 dante $ ls -l dante -rwxrwxr-x user2 staff Jun 11 11:54 dante • Change group permission to read and execute: $ chmod 755 dante $ ls -l dante -rwxr-xr-x user2 staff Jun 11 11:54 dante VÕ TẤN DŨNG The umask filter The umask filter determines the default permissions for files and directories The permissions are assigned during the creation of new files and directories Example: Displaying Your umask $ umask 022 • Depending up the shell, the umask value will display differently as either 0022, 022, or 22 VÕ TẤN DŨNG Default Permissions by umask • The default permissions which will be assigned to a newly created file or directory are determined by the application of the umask filter against the maximum system assignable file (666) and directory (777) permissions For files, the octal value 666 means: 42-42-42rw-rw-rwFor directories, the octal value 777 means: 421421421 rwxrwxrwx VÕ TẤN DŨNG Calculate the default permission of a new file from umask • With a given value of default umask filter how the system determining what the default permissions will be when creating new files VÕ TẤN DŨNG Calculate the default permission of a new directory from umask • With a given value of default umask filter how the system determining what the default permissions will be when creating new directories VÕ TẤN DŨNG Changing the umask value • The umask value can be changed at the command line by the umask command Example: Verify the current umask $ umask 022 Example: Change the umask value to 027 and verify $ umask 027 $ umask 027 • The umask value is set in the kernel but an alternate value can be placed in /etc/profile by the system administrator • The new umask value will be lost when you log out of the system unless the umask command is placed in the profile file VÕ TẤN DŨNG END OF UNIT • remember to your homework (see http://sites.google.com/site/votandungsg/) VÕ TẤN DŨNG ... ls -an drwxr-xr-x 101 10 512 May 24 17:25 mickey -rw-r r 101 10 May 24 17:25 profile VÕ TẤN DŨNG Permissions and corresponding symbols VÕ TẤN DŨNG Changing Permissions Using chmod command - with... $ ls -l dante -rw-rw-rw- user2 staff Jun 11 1:44 dante VÕ TẤN DŨNG Octal (Absolute) Mode • Octal mode is based on the base eight numbering system (0–7 are the available numerals) VÕ TẤN DŨNG... dante $ chmod g-r dante $ ls -l dante -rw r user2 staff Jun 11 1:44 dante • Deny read permission to others $ chmod o-r dante $ ls -l dante -rw - user2 staff Jun 11 1:44 dante VÕ TẤN DŨNG Changing