CT320

CT320: Network and System Administration

Fall 2015

Access

See this page as a slide show

Access Control and Root

Original slides from Dr. James Walden at Northern Kentucky University. Access Control

Access Control

https://en.wikipedia.org/wiki/Access_control

Control Mechanisms

Control Mechanisms

System Access

Shadow passwords

Instead of keeping the encrypted passwords in the world-readable /etc/passwd, they can be kept in /etc/shadow.

Access Commands

Filesystem Protection

Access bits via ls

    lrwxrwxrwx  1 applin fac    22 Sep 22  2014 Cheating -> CSU/Cheating
    drwxr-xr-x 13 applin fac  4096 Aug 21 16:57 Documents
    -rw-------  1 applin fac   395 Aug 30 15:47 monster

Access bits

d or l or -rwxrwxrwx
directory or fileusergroupother

The permissions can be different for user, group and other (everyone else). Typically, the user gets the most permissions, and others get very little.

Permissions: What do they mean?

Note that w for a directory means that you can change the directory, not the files it contains. Changing the files underneath it depends on their w bits.

Removing a file depends upon the w permission of containing directory, not any permissions of the file itself. Think of it as changing a relationship—you don’t need someone’s consent to unfriend them.

Protection Commands

    chown applin Desktop
    chgrp fac Desktop
    chmod 755 foo
    chmod ug+rw bar

Symbolic vs. octal

Some hackers consider it impressive to interpret the permission bits as an octal number. These are the same morons who think that memorizing the ASCII chart improves their dating prospects.

    chmod u=rw foo
    chmod go-w bar
    chmod g+r baz
    chmod g=r zip
    chmod a=rwx foo.*

That said, I will occasionally chmod 400 or chmod 666 a file, but I feel guilty when I do it.

Protection Commands

umask: set up default privileges:

More on Permissions

ACLS

Features of an access control list (ACL)

Linux ACL support

Linux can support ACL mode

Process Ownership

    $ ls –l /bin/passwd
    -rwsr—xr—x 1 root root 25000 Feb 8 2011 passwd

Root Privileges

A special root account exists that represents the omnipotent administrative user, often called the superuser account, that can perform tasks that are restricted to other users:

Root Privileges

Several ways exist in which root privileges can be accessed, and a number of concerns should be taken into account when deciding which method to use:

Root

Access Control Problems

Common Extensions

Modified: 2015-08-30T16:48

User: Guest

Check: HTML CSS
Edit History Source
Apply to CSU | Contact CSU | Disclaimer | Equal Opportunity
Colorado State University, Fort Collins, CO 80523 USA
© 2015 Colorado State University
CS Building