Net prog1-filepermissions-6
-
Upload
maria-sawaby-nazehat -
Category
Technology
-
view
343 -
download
0
Transcript of Net prog1-filepermissions-6
Technical Foundation of Computer Science 5Network Programming I
Maria Sawaby
Department of Communication and Operating System
May 13, 2015
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 1 / 22
Contents
1 Understanding Linux File PermissionsLinux SecurityAdding a new userRemoving a userModifying a userThe /etc/group �leCreating new groupsModifying groups
2 �le permission
3 Changing Security SettingsChanging permissions
4 Summary
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 2 / 22
Linux Security
No system is complete without some form of security
The core of the Linux security system is the user account
The permissions users have to objects on the system depend on theuser account they log in with
User permissions are tracked using a user ID (often called a UID),which is assigned to an account when it's created
The Linux system uses special �les and utilities to manage useraccounts on the system
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 3 / 22
The /etc/passwd �le
The Linux system uses a special �le (/etc/passwd) to match the loginname to a corresponding UID valueThe /etc/passwd �le contains several pieces of information about theuser$cat /etc/passwd
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 4 / 22
The /etc/passwd �le
The root user account is the administrator for the Linux system and isalways assigned UID 0
each service that is running on the system has its own system account
The �elds of the /etc/passwd �le contain the following information:
maria:x:1000:1000:Maria� ,:/home/maria:/bin/bash
I The login usernameI The password for the userI The numerical UID of the user accountI The numerical group ID (GID) of the user accountI A text description of the user account (called the comment �eld)I The location of the HOME directory for the userI The default shell for the user
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 5 / 22
The /etc/shadow �le
The /etc/shadow �le provides more control over how the Linuxsystem manages passwords
Only the root user has access to the /etc/shadow �le, making it moresecure than the /etc/passwd �le
The /etc/shadow �le contains one record for each user account on thesystem. A record looks like this:
maria$6$eWEapZtj$MVB2utluvalkjBoRXi3icUDavTFRx9JdtrtHQkRi7j92Dq7NtSEQnhNAw5V9SOCRm4ft2IzAMVfh2ec.2r0:16190:0:99999:7:::
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 6 / 22
Adding a new user
The primary tool used to add new users to your Linux system isuseradd
To see the system default values use useradd command with -Doption
$useradd -D
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 7 / 22
Adding a new user
previous example shows the following default values:I new user will be added to a common group with group ID 100I new user will have a HOME account created in the directory
/home/loginnameI account will not be disabled when the password expiresI new account will not be set to expire at a set dateI new account will use the bash shell as the default shellI system will copy the contents of the /etc/skel directory to the user's
HOME directory.I system will not create a �le in the mail directory for the user account
to receive mail
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 8 / 22
Adding a new user
You can change the system default new user values by using the -Dparameter, along with a parameter representing the value you need tochange
for example you can change the default shell to bash by typing:
$useradd -D -s /bin/bash
adding a new user:
$useradd test
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 9 / 22
Removing a User
By default, the userdel command only removes the user informationfrom the /etc/passwd �le
It doesn't remove any �les the account owns on the system
If you use the -r parameter, userdel will remove the user's HOMEdirectory
$ sudo userdel -r test
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 10 / 22
Modifying a user
Linux provides a few di�erent utilities for modifying the informationfor existing user accounts
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 11 / 22
Modifying a user
create and modify account:
$sudo useradd test -p password
$sudo usermod -p testpass test
$sudo passwd test
Using chpasswd we can change lots of users's password followed byentering username:password pairsEnter ctrl+D when �nished
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 12 / 22
The /etc/group �le
The /etc/group �le contains information about each group used onthe system
Here are a few examples from the /etc/group �le on my system
$cat /etc/groupcdrom:x:24:maria�oppy:x:25:tape:x:26:sudo:x:27:mariaaudio:x:29:pulsedip:x:30:mariawww-data:x:33:
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 13 / 22
Creating new groups
The groupadd command allows you to create new groups on yoursystem:
usermod command with -G option lets you add users to the group
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 14 / 22
Modifying groups
The groupmod command allows you to change the GID (using the -gparameter) or the group name (using the -n parameter) of an existinggroup:
to change ownership of a �le:
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 15 / 22
�le permission
If a permission is denied, a dash appears in the location
The three sets relate the three levels of security for the object:I The owner of the objectI The group that owns the objectI Everyone else on the system
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 16 / 22
Changing permissions
The chmod command allows you to change the security settings for�les and directories
The format of the chmod command is:
chmod options mode �le
$chmod 760 new�le
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 18 / 22
changing permissions
symbolic mode permissions
[ugoa][[+-][rwx]
The �rst group of characters de�nes to whom the new permissionsapply:
I u for the userI g for the groupI o for others (everyone else)I a for all of the above
next is a symbol (+ or -) whether you want to add or remove apermission
the third part indicate which permission you want to setI r for readI w for writeI x for execute
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 19 / 22
changing �le permissions
examples:
$chmod o+r new�le
$chmod u-x new�le
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 20 / 22
Summary
in this lecture you learned commands to manage Linux security on thesystem
Linux uses a system of user IDs and group IDs to protect access to�les, directories, and devices
information about user accounts in the /etc/passwd �le
information about groups in the /etc/group �le
A group can contain one or more users to allowed shared access tosystem resources
useradd to create new user accounts
groupadd to create new group
To modify an existing user account, use the usermod command
the groupmod command is used to modify group account information
chmod command is used to change �le permissions
Lecture-6 (Network-Department) Net-Prog I May 13, 2015 21 / 22