Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access...
-
Upload
antonia-strickland -
Category
Documents
-
view
223 -
download
0
Transcript of Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access...
![Page 1: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/1.jpg)
Chapter 8
File System Security
![Page 2: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/2.jpg)
File Protection Schemes
• Login passwords• Encryption• File Access Privileges
![Page 3: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/3.jpg)
Figure 8.1 The process of encryption and decryption
![Page 4: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/4.jpg)
File Access Rights• Types of Users:– Owner– Group– All/Other
• Types of Permissions:– Read– Write– Execute
• Types of Files– Directories– Other files
![Page 5: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/5.jpg)
Table 8.1 Summary of File Permissions in LINUX
![Page 6: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/6.jpg)
Directory Permissions
• read = list files in the directory• write = add new files to the directory • execute = access files in the directory
![Page 7: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/7.jpg)
Determining File Access Rights
![Page 8: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/8.jpg)
Table 8.2 Permission Values
![Page 9: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/9.jpg)
Table 8.3 Permissions for Access to courses, labs, and temp
![Page 10: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/10.jpg)
Changing the Access Rights
Purpose – to set/change permissions in files
• chmod [options] octal-mode filelist• chmod [options] symbolic-mode filelistOptions• -R recursively process subdirectories
![Page 11: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/11.jpg)
Table 8.4 Values for Symbolic Mode Components
![Page 12: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/12.jpg)
Table 8.5 Examples of the chmod Commands and Their Purposes
![Page 13: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/13.jpg)
Table 8.5 Examples of the chmod Commands and Their Purposes
![Page 14: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/14.jpg)
Figure 8.2 Position of file type and access privilege bits for LINUX files
(as seen by “ls –l” command)
![Page 15: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/15.jpg)
Figure 8.3 Position of access privilege bits for LINUX files as specified in the chmod
command
![Page 16: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/16.jpg)
Default File Access Rights
• umask is a bitmap which tells which permissions to deny by default on new files
• 022 = 000 010 010 (deny write for g+o) rwx r-x r-x (new files permissions)
• umask with no parameters returns the current mask value
• umask newmask - sets new mask• umask command usually used in a startup file
![Page 17: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/17.jpg)
SUID Bit
• A special permission bit that allows executable files to run using the privileges of the owner of the files rather than the user of the file
• Can be set using commands:chmod u+s filelist
chmod 4xxx filelist• Shows up in ls - l in place of the user x bit as an s
if the file is executable - (rwsrwxrwx) • Very dangerous to use
![Page 18: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/18.jpg)
SGID Bit
• A special permission bit that allows executable files to run using the privileges of the owner’s group rather than the user of the file
• Set using the commandschmod g+s filelistchmod 2xxx filelist
![Page 19: Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.](https://reader035.fdocuments.us/reader035/viewer/2022062301/5697bfb71a28abf838c9e96c/html5/thumbnails/19.jpg)
Sticky Bit• A special bit that can be used as follows:• For a file: it directs the operating system to keep the
program in memory if possible after it finishes execution (Early versions of UNIX)
• For a directory: it sets it up such that only the owner of the directory can delete (or rename) files from the directory, even if other users have write privilege (tmp)
• Can be set using the chmod command using the options:chmod +t filelist
• Shows up in “ls –l” as a t - (rwxrwxrwt)