Net prog1-filepermissions-6

Technical Foundation of Computer Science 5Network Programming I

Maria Sawaby

Department of Communication and Operating System

May 13, 2015

Lecture-6 (Network-Department) Net-Prog I May 13, 2015 1 / 22

Contents

1 Understanding Linux File PermissionsLinux SecurityAdding a new userRemoving a userModifying a userThe /etc/group �leCreating new groupsModifying groups

2 �le permission

3 Changing Security SettingsChanging permissions

4 Summary


Linux Security

No system is complete without some form of security

The core of the Linux security system is the user account

The permissions users have to objects on the system depend on theuser account they log in with

User permissions are tracked using a user ID (often called a UID),which is assigned to an account when it's created

The Linux system uses special �les and utilities to manage useraccounts on the system


The /etc/passwd �le

The Linux system uses a special �le (/etc/passwd) to match the loginname to a corresponding UID valueThe /etc/passwd �le contains several pieces of information about theuser$cat /etc/passwd


The /etc/passwd �le

The root user account is the administrator for the Linux system and isalways assigned UID 0

each service that is running on the system has its own system account

The �elds of the /etc/passwd �le contain the following information:

maria:x:1000:1000:Maria� ,:/home/maria:/bin/bash

I The login usernameI The password for the userI The numerical UID of the user accountI The numerical group ID (GID) of the user accountI A text description of the user account (called the comment �eld)I The location of the HOME directory for the userI The default shell for the user


The /etc/shadow �le

The /etc/shadow �le provides more control over how the Linuxsystem manages passwords

Only the root user has access to the /etc/shadow �le, making it moresecure than the /etc/passwd �le

The /etc/shadow �le contains one record for each user account on thesystem. A record looks like this:

maria$6$eWEapZtj$MVB2utluvalkjBoRXi3icUDavTFRx9JdtrtHQkRi7j92Dq7NtSEQnhNAw5V9SOCRm4ft2IzAMVfh2ec.2r0:16190:0:99999:7:::


Adding a new user

The primary tool used to add new users to your Linux system isuseradd

To see the system default values use useradd command with -Doption

$useradd -D


Adding a new user

previous example shows the following default values:I new user will be added to a common group with group ID 100I new user will have a HOME account created in the directory

/home/loginnameI account will not be disabled when the password expiresI new account will not be set to expire at a set dateI new account will use the bash shell as the default shellI system will copy the contents of the /etc/skel directory to the user's

HOME directory.I system will not create a �le in the mail directory for the user account

to receive mail


Adding a new user

You can change the system default new user values by using the -Dparameter, along with a parameter representing the value you need tochange

for example you can change the default shell to bash by typing:

$useradd -D -s /bin/bash

adding a new user:

$useradd test


Removing a User

By default, the userdel command only removes the user informationfrom the /etc/passwd �le

It doesn't remove any �les the account owns on the system

If you use the -r parameter, userdel will remove the user's HOMEdirectory

$ sudo userdel -r test


Modifying a user

Linux provides a few di�erent utilities for modifying the informationfor existing user accounts


Modifying a user

create and modify account:

$sudo useradd test -p password

$sudo usermod -p testpass test

$sudo passwd test

Using chpasswd we can change lots of users's password followed byentering username:password pairsEnter ctrl+D when �nished


The /etc/group �le

The /etc/group �le contains information about each group used onthe system

Here are a few examples from the /etc/group �le on my system

$cat /etc/groupcdrom:x:24:maria�oppy:x:25:tape:x:26:sudo:x:27:mariaaudio:x:29:pulsedip:x:30:mariawww-data:x:33:


Creating new groups

The groupadd command allows you to create new groups on yoursystem:

usermod command with -G option lets you add users to the group


Modifying groups

The groupmod command allows you to change the GID (using the -gparameter) or the group name (using the -n parameter) of an existinggroup:

to change ownership of a �le:


�le permission

If a permission is denied, a dash appears in the location

The three sets relate the three levels of security for the object:I The owner of the objectI The group that owns the objectI Everyone else on the system


�le permission


Changing permissions

The chmod command allows you to change the security settings for�les and directories

The format of the chmod command is:

chmod options mode �le

$chmod 760 new�le


changing permissions

symbolic mode permissions

[ugoa][[+-][rwx]

The �rst group of characters de�nes to whom the new permissionsapply:

I u for the userI g for the groupI o for others (everyone else)I a for all of the above

next is a symbol (+ or -) whether you want to add or remove apermission

the third part indicate which permission you want to setI r for readI w for writeI x for execute


changing �le permissions

examples:

$chmod o+r new�le

$chmod u-x new�le


Summary

in this lecture you learned commands to manage Linux security on thesystem

Linux uses a system of user IDs and group IDs to protect access to�les, directories, and devices

information about user accounts in the /etc/passwd �le

information about groups in the /etc/group �le

A group can contain one or more users to allowed shared access tosystem resources

useradd to create new user accounts

groupadd to create new group

To modify an existing user account, use the usermod command

the groupmod command is used to modify group account information

chmod command is used to change �le permissions


Net prog1-filepermissions-6

Technology

Transcript of Net prog1-filepermissions-6