1 / 19

Understanding File Protection Schemes, Permissions, and Special Bits in Linux

This chapter delves into file security in Linux, covering login passwords, encryption, and file access privileges. It introduces the types of users (owner, group, others) and permissions (read, write, execute) associated with different files and directories. The significance of the umask value, which defines default permissions for new files, is explained. Special permission bits like SUID, SGID, and the Sticky Bit are described along with their commands and implications on security. This comprehensive overview enables users to manage file permissions effectively and securely.

eustacia-charisma
Télécharger la présentation

Understanding File Protection Schemes, Permissions, and Special Bits in Linux

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 8 File System Security

  2. File Protection Schemes • Login passwords • Encryption • File Access Privileges

  3. Figure 8.1 The process of encryption and decryption

  4. File Access Rights • Types of Users: • Owner • Group • All/Other • Types of Permissions: • Read • Write • Execute • Types of Files • Directories • Other files

  5. Table 8.1 Summary of File Permissions in LINUX

  6. Directory Permissions • read = list files in the directory • write = add new files to the directory • execute = access files in the directory

  7. Determining File Access Rights

  8. Table 8.2 Permission Values

  9. Table 8.3 Permissions for Access to courses, labs, and temp

  10. Changing the Access Rights Purpose – to set/change permissions in files • chmod [options] octal-mode filelist • chmod [options] symbolic-mode filelist Options • -R recursively process subdirectories

  11. Table 8.4 Values for Symbolic Mode Components

  12. Table 8.5 Examples of the chmod Commands and Their Purposes

  13. Table 8.5 Examples of the chmod Commands and Their Purposes

  14. Figure 8.2  Position of file type and access privilege bits for LINUX files(as seen by “ls –l” command)

  15. Figure 8.3  Position of access privilege bits for LINUX files as specified in the chmod command

  16. Default File Access Rights • umask is a bitmap which tells which permissions to deny by default on new files • 022 = 000 010 010 (deny write for g+o) rwx r-x r-x (new files permissions) • umask with no parameters returns the current mask value • umask newmask - sets new mask • umask command usually used in a startup file

  17. SUID Bit • A special permission bit that allows executable files to run using the privileges of the owner of the files rather than the user of the file • Can be set using commands: chmodu+sfilelist chmod 4xxx filelist • Shows up in ls - l in place of the user x bit as an s if the file is executable - (rwsrwxrwx) • Very dangerous to use

  18. SGID Bit • A special permission bit that allows executable files to run using the privileges of the owner’s group rather than the user of the file • Set using the commands chmod g+s filelist chmod 2xxx filelist

  19. Sticky Bit • A special bit that can be used as follows: • For a file: it directs the operating system to keep the program in memory if possible after it finishes execution (Early versions of UNIX) • For a directory: it sets it up such that only the owner of the directory can delete (or rename) files from the directory, even if other users have write privilege (tmp) • Can be set using the chmod command using the options:chmod +t filelist • Shows up in “ls –l” as a t - (rwxrwxrwt)

More Related