Licão 04 permissions

download Licão 04 permissions

of 17

  • date post

    13-Jul-2015
  • Category

    Technology

  • view

    35
  • download

    2

Embed Size (px)

Transcript of Licão 04 permissions

PowerPoint Presentation

Lesson 4permissions on a scriptLearn Security Levels and File permissions/etc/passwd shadow and groupscreate, modify and delete users and groupsOwnership and PermissionsChmod

Learn Security Levels and File permissionsSecurity levels

Security Levels and File permissionsUser information is stored in two files:/etc/passwd/etc/shadow

Group information is stored in one file:/etc/group

Security Levels and File permissions/etc/passwd List of user records, one per line, with columns separated by colons. Format: login:x:userid:groupid:gecos:homedir:shellEx:root:x:0:0:root:/root:/bin/bashmysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash/etc/shadow Similar to passwd colon-separated-column list of records: Format: login:password:password aging fieldsaging fields track dates for password resets, locks, etcEx:root:pB8msP1fCbCqc:13904:0:99999:7:::nisburgh:vRoPw6a/jQsp.:14466:0:99999:7:::/etc/groups Same colon-separated-column list of records formatFormat: groupname:grouppassword:groupid:secondarymembersGroup passwords allow temporary access to a group, rarely used, not set up by defaultEx:daemon:x:2:root,bin,daemonapache:x:48:jack,nisburghmanage files with management commands For /etc/passwd shadow and groups While it is possible to edit the three files directly, its easier and safer to use:management commands to create, modify and delete users and groups

useradd, usermod, userdel, groupadd, groupmod, groupdelUseraddAdd a new user to the systemAccepts various arguments to control the settings on the user account. Most common is -g to specify primary group of user, and -G to list secondary group memberships. Ex: useradd lisauseradd -g clowns -G trouble bartsimpsonUsermodModify a users settings. Ex: usermod -G detention bartuserdel Remove a user from the system. Main option is -r, which tells userdel to remove the users home and spool directories. Ex:userdel moePasswordsPasswd Change login password.

Root can change the password for any user on the systemRoot can setup password aging, allowing timed password resets and account disablingpasswd is preferred way to lock user accountEx: passwd -l mary

PASSWORD AGING

To set maximum lifetime for a users password: passwd -x days login

When users password has expired, the number of days it can remain expired before disabling the account completely can be set: passwd -i days loginPermissionsLinux supports 3 main types of access on a file:read View the contentswriteModify the contents and metadataExecuteRun the contents

Actually, its different for files and directories

Files Directories

ReadView the contents List contents

WriteChange the contents/metadataCreate/delete entries, change metadata

ExecuteRun the contents Operate with directory as CWDCombining these permissions allows for the most common access levels:Read only; Read/Write; Execute; etcOwnership and PermissionsAll files are associated with one user and one group (ownership). This creates the foundation for the main security infrastructure in the Linux (Unix).

When a process attempts an operation on a file, the user and group of the process (every process is associated with one user and one group) are compared with the user and group of the file, which determines what level of permissions is granted or denied on the file.Every file has 3 levels of permissions:

UserGroupOther

When a process seeks access, the process user is compared to the file user - if they match, the process gets the User permissions. Next Group. If no match, Other level accessAll permission information is summarized with 9 characters:rwxrwxrwx

The presence of the letter indicates the permission is granted, a hyphen in its place indicates the permission is denied. Read only: r--r--r--Directory and File Permissions

Groups

chown

chgrp

chmod

chmod

chmod Symbolic codes

chmod octal commands

umask