USTM17
Explore the concepts of Linux file permissions, including read, write, and execute access, as well as advanced settings like setuid and setgid bits. Learn about user and group identifiers and how they control access to files in a Linux system.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
USTM17 Linux Network Administration Lesson 9: Miscellaneous Topics Peter CHUNG (cspeter@cse.ust.hk) USTM17 Linux Network Administration - Peter Chung (cspeter) 1
Linux Files Permission (Revisited) There are three types of access: Read, Write and eXecute We use letters (r, w, x) to represent read, write, and execute permissions Access to the files is controlled by three different roles: User (or Owner), Group, and Others USTM17 Linux Network Administration - Peter Chung (cspeter) 2
Demo Linux Files Permission (Revisited) Three 3-bit numbers are used to represent the permission setting of a file. Example: [root@localhost examples]# ls -l total 0 -rw-r--r--. 1 root root 0 Dec 29 23:33 hello.txt rw- r-- r-- User Group Others 6 4 4 USTM17 Linux Network Administration - Peter Chung (cspeter) 3
Advanced File Settings Besides the permission settings, each file has a hidden 3-bit number as an advanced setting: They are setuid, setgid and sticky bit For a normal file and directory, the hidden 3-bit number is 0 For example: - - - rw- r-- r-- setuid setgid sticky User Group Others 0 6 4 4 USTM17 Linux Network Administration - Peter Chung (cspeter) 4
User ID and Group ID UID (User ID) and GID (Group ID) They are unique identifiers of users and groups For example root account MUST have UID = 0 and GID = 0 student account may have any non-zero UID/GID Example: UID = 500 and GID = 500 USTM17 Linux Network Administration - Peter Chung (cspeter) 5
Demo What is setuid bit? setuid will be used on a file with Execute permission on Other role Usage of setuid When a user with Other role executes the file, the file will be temporary granted with the permission of the owner (i.e. user) Example: Users can temporarily gain root permission to reset his/her own password using passwd command s means that setuid bit is set # ls -l /usr/bin/passwd -rwsr-xr-x. 1 root root 22656 Aug 21 2010 /usr/bin/passwd USTM17 Linux Network Administration - Peter Chung (cspeter) 6
What is setgid bit? Similar to setuid, setgid bit will be used on a file with Execute permission on Other role Usage of setgid When a user with Other role executes the file, the file will be temporary granted with the permission of the group USTM17 Linux Network Administration - Peter Chung (cspeter) 7
Demo Cautions of using setuid and setgid Think carefully before using setuid and setgid bits due to the security issues Example: Setting UID on a file If test.sh (created by root) can delete all files starting from /, any user running it will delete all files because the root permission is granted! # touch test.sh ls -l -rwxrwxrwx. 1 root root 0 Dec 30 00:08 test.sh # chmod 4777 test.sh #ls -l -rwsrwxrwx. 1 root root 0 Dec 30 00:08 test.sh 1 0 0 setuid setgid sticky 4 USTM17 Linux Network Administration - Peter Chung (cspeter) 8
Demo What is Sticky bit? Sticky bit should be applied to directory instead of a normal file When a sticky bit is set on a directory Only root or the owner can delete the files and sub-directories created by that owner Example: (/tmp) d represents /tmp is a directory and t means the sticky bit is set # ls l / drwxrwxrwt. 27 root root 4096 Dec 29 23:33 tmp USTM17 Linux Network Administration - Peter Chung (cspeter) 9
Demo Linux find Command The find command search for files in a directory hierarchy Detailed usage: man find Example: Find all files or directories owned by root under the /home directory # find /home -uid 0 -gid 0 /home /home/lost+found # ls -l /home drwx------. 28 cspeter cspeter 4096 Dec 24 14:00 cspeter drwx------. 2 root root 16384 Dec 24 12:43 lost+found USTM17 Linux Network Administration - Peter Chung (cspeter) 10
Demo More examples of find command Starting from /home, find all files or directories owned by student find /home user student USTM17 Linux Network Administration - Peter Chung (cspeter) 11
What is umask command? umask sets the default permissions for any files or directories created by the user It defines the permission bits getting erased when a new file or directory is created Default file permission: 666 Default directory permission: 777 Default umask: 0022 Command to set a new umask, where the new mask is a 3-digit or a 4-digit number umask [new umask] USTM17 Linux Network Administration - Peter Chung (cspeter) 12
Demo A umask example # touch test.txt # ls -l -rw-r--r--. 1 root root 0 Dec 30 00:35 test.txt # umask 0022 # umask 0222 Replace the default umask=0022 with umask=0222 # touch test2.txt # ls -l -r--r--r--. 1 root root 0 Dec 30 00:36 test2.txt -rw-r--r--. 1 root root 0 Dec 30 00:35 test.txt USTM17 Linux Network Administration - Peter Chung (cspeter) 13
Any questions so far? USTM17 Linux Network Administration - Peter Chung (cspeter) 14
