[go: up one dir, main page]
Scribd
Upload
22 views26 pages

06-File Security and File Sharing

security and sharing unix

Uploaded by

sibihi2265
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views26 pages

06-File Security and File Sharing

security and sharing unix

Uploaded by

sibihi2265
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

File Security

 To show the three protection and security mechanisms that


UNIX provides
 To describe the types of users of a UNIX file
 To discuss the basic operations that can be performed on a
UNIX file
 To explain the concept of file access permissions/ privileges
in UNIX
 To discuss how a user can determine access privileges for a
file
 To describe how a user can set and change permissions for
a file
 To cover the commands and primitives
 ? , ~ , * , chmod, groups, ls – l, ls – ld, umask
Password-based Protection
 All login names are public knowledge and can be
found in the /etc/passwd file.
 Change password using:
passwd
 Discovering a user’s password:
 Find local user names using the following command:
cat /etc/passwd
 Find remote user names using the following
command:
getent passwd

1) You, as the owner of an account, inform others of your


password
2) a password can be guessed by another user
3) a user’s password can be extracted by “bruteforce”
Encryption-based Protection

There are several utilities for encryption commands:


gpg  Encrypt
openssl  Encrypt
bcrypt  Encrypt
ccrypt  Encrypt
7z  Encrypt + Compress
zip  Encrypt + Compress
Protection based on Access Permission

 Types of users
 User (owner), group, others
 A user with multiple groups

 Types of Access Permissions


 Read, write, and execute

 Access Permissions for Directories


 Directory search
Protection based on Access Permission
(Contd)
Protection based on Access
Permission (Contd)
Determining and Changing File
Access Privileges

 Determining File Access Privileges


 ls –l , ls –ld
Determining and Changing File Access
Privileges
• Determining File Access Privileges
Determining and Changing File Access
Privileges (Contd)
Determining and Changing File Access Privileges

 Changing File Access Privileges


 chmod [options] octal-mode file-list
 chmod [options] symbolic-mode file-list
Examples of chmod Command
Determining and Changing File Access
Privileges
Access Privileges for Directories
Access Privileges for Directories
Default file access privileges
 umask mask
The access permission value on executable
file or directory is computed by:
file access permission = 777 – mask

Current Value of the mask:


$ umask
777
$
Special Access Bits
Special Access Bits
 The Set-User-ID (SUID) Bit
 If this bit is set for a file containing an executable program for a command, the
command takes on the privileges of the owner of the file when it executes.
 chmod 4xxx file-list
 chmod u+s file-list
 The Set-Group-ID (SGID) Bit
 Causes the access permission of the process to take the group identity of the
group to which the owner of the file belongs.
 chmod 2xxx file-list
 chmod g+s file-list
 The Sticky Bit
 Can be set for a directory to ensure that an unprivileged user cannot remove or
rename files of other users in that directory.
 chmod 1xxx file-list
 chmod +t file-list
File Sharing via Links
Hard Links
ln [options] existing-file new-file
ln [options] existing-file-list directory
File Sharing via Links
(contd)
File Sharing via Links
(contd)
File Sharing via Links (contd)
File Sharing via Links (contd)

Characteristics of Hard Links


 No hard links across file systems
 Only superuser can create hard links to directories
Soft / Symbolic Links
Soft / Symbolic Links
Pros and Cons of Symbolic Links
Pros
 Can be establishes between files across file systems and to
directories.
 Files that symbolic links point to can be edited by any kind
of editor without any ill effects
Cons
 If the file that the symbolic link points to is moved from one
directory to another, it can no longer be accessed via the link
 UNIX has to support an additional file type (the link type)
and a new file has to be created for every link.
 Slow file operations because for every reference to the file,
the link file has to be opened and read in order to reach the
actual file
Reference
Unix: The Textbook 2nd Edition

You might also like