Exercise 4: Access Control and Filesystem Security
|
|
- Marcia Norman
- 6 years ago
- Views:
Transcription
1 Exercise 4: Access Control and Filesystem Security Introduction Duration: 90 min Maximum Points: 30 Note: The solutions of theorethical assignments should be handed out before the practical part in the Lab starts! Access Control Concepts in Unix-Like Systems Users and Groups Like most other operating systems, Unix-like (e.g. Solaris [1], OpenBSD [2], GNU/Linux [3] etc.) systems are designed for multiple users and groups. A group on a Unix-like system is simply a set of users. A single user may be member of multiple groups. Read, Write and Execute Flags Files and directories in Unix-like systems can have zero to three of the following flags: Read - The user or group may read the contents of a file Write - The user or group may change the contents Execute - The user or group may execute the file Furthermore, access to files and directories is divided into three differnt levels: User (Owner) Group Everybody (others) A file or directory always belongs to one group and one user. Unlike on Windows, files cannot be owned by multiple groups or users. Flags in Detail When we sum up the amount of possible access flags above, we can see that there may be 2 3 different possibilities for the read, write and execute flags. The flags are actually translated into a bitwise representation as follows: Bit 0 Execute flag 1
2 Bit 1 Write flag Bit 2 Read flag These bits can be interpreted as a octal number. The flags for user, group and others can be concatenated into a 3-digit representation. E.g. the number 754 means that the owner has the rights to read, write and execute, the group has permission to execute and read, and everyone else may only read the file. Because the octal representation of access flags may be difficult to handle for many users, it has become common to use the letters r, w and x as representation for access rights. If more than one user has to access a file, users can be assigned to groups. That means if the two users U 0 and U 1 need to write to the file example.txt, one has to create a new group for these two users and set the group permissions for the file accordingly. Utilities The programs chmod, chgrp and chown can be used to modify access rights on most Unix-like systems. chmod changes the access flags of a file or directory, chgrp is used to change the group and chown changes the owner of a file. Examples chown user1 file.txt - Change the ownership of file.txt to the user user1. chmod 600 file.txt - Make the file file.txt read- and writeable exclusively to its owner (the digitwise binary representation of 600 is ). chmod 640 file.txt - Owner can read and write; members of the group can read the file file.txt and allow its owner to read and write (The digitwise binary representation of 640 is ). chgrp students file.txt - Change the group of file.txt to the group students. The setuid and setgid bits are special bits to change the user or group of an executable during runtime. When set, they allows other users to execute a program with the rights of its owner and or group. Access Control Lists The traditional access control model does not scale well on systems with a large amount of users. The so-called Access Control Lists (ACL) provide an extension to the traditional filesystem access model. Access control lists allow more fine-grained setups of access rights in contrast to the traditional Unix access control model. 2
3 Utilities The utilities setfacl and getfacl can be used to set and print the access control rights of a file. They have the following syntax: setfacl -m accessrights filename Modifies the permissions accessrights for a file or directory filename getfacl filename prints the permissions for a file or directory When using setfacl, the accessrights field must have a certain format which is described in the setfacl manpage 1. Enabling Access Control Lists Most of the GNU/Linux systems don t have ACL support enabled by default. You need to invoke mount with the additional argument (-o acl) to enable ACLs for a certain mountpoint. Access Control on Windows Vista In Windows environments, Active Directory (AD) [4] is used to arrange the networked entities such as accounts (users, groups), system resources (e.g. computers, servers, printers), and services (e.g. ) in a hierarchical structure. It is based on a central database which stores information and settings to control the working environment. AD provides flexible access control on the entities, which are also referred to as objects, and establishes security using rules and policies. To identify an object, Microsoft Windows allocates Security Identifiers (SIDs). SIDs allow unique identification of users and their group memberships. They are used by the access control lists (ACLs), which define the rights to the resources to be accessed. For any user action that requires a permissions check, Windows checks the SID to see if the action allowed. The SID is equivalent to the UID in UNIX. Objects for which access must be controlled are called securable objects. The security information for securable objects is contained in an associated security descriptor. Its structure is shown in Figure 1. The security descriptor can contain two types of ACLs: A discretionary access control list (DACL): specifies the access rights for a particular user or group, and a system access control list (SACL) that specifies which operations should be logged in the security audit log. The security descriptor also includes the SID for the owner and primary group of an object. If a new object is created, a security descriptor can be assigned to it. Otherwise the object gets assigned the same security desriptor as its parent object. If the security 1 man 1 setfacl 3
4 descriptor of an object contains no DACL, everyone has full access rights to the object. Figure 1: Example of an Access Request Windows uses access tokens to identify the security context of a process or thread when it interacts with a securable object or tries to perform a system task that requires elevated privileges. The security context stores information on the privileges, accounts and groups the process is associated with. Depending on the ordering of the access control entries (ACE) in the object s DACL that are compared with the user s access token, access is permitted or not. An example for granting or denying access to a file is shown in Figure 1. When a file is created within a directory having a set of access rights, these access rights are also applied (inherited) to the file. In contrast to GNU/Linux, there are more than 3 flags for access control rights. These flags are (at least) as follows: modify: read write execute full control Like Unix ACLs, these flags can be assigned to more than one user and/or group. For full list of possible access control flags and explanations see [5] Filesystems and Devices mount In contrast to Windows, filesystems in Unix-like systems are bound to a directory instead of special drive letters. This connection is called mount, the directory where a device or 4
5 partition is mounted is called mountpoint. The mount command can be used to show the current list of mounted devices and to mount or unmount partitions or whole devices. Example: The command mount /dev/hda1 /mnt/foobar mounts partition 1 of device hda to directory /mnt/foobar. Loop Devices A loop device is a virtual device that is on one hand connected to a file and on the other hand provides a device node (usually /dev/loopn) which then can be mounted like any other physical device or partition. In order to mount filesystem images 2, a loop device must be used. For using the mount command on filesystem images, you need to add a special option to the command s invocation -o loop. Example: The command mount -o loop /some/file /mnt/mountpoint mounts the filesystem image in /some/file to /mnt/mountpoint. Help on Commands Most standard distributions of Unix-like systems provide manuals for almost every command. These manuals are called manpages [6] and can be accessed with the command man. Example: The command man mount gives information about the mount command and all of its features. 2 Files that contain a filesystem structure 5
6 1 Theoretical Assignments (10 Points) 1.1 Access Control on Unix-Like Systems 1. Consider the following szenario: A company has some server with 100 users on it. All these users work in groups of two users per group. One day a manager decides to form groups with four users each. How many groups do you have in the end (assuming that the old groups are retained)? 2. (Bonus) Why is transferring the ownership right to another user not allowed for a normal user? 3. Write down the representation for the following access flag combinations in both octal form and with abbrevation letters (r,w,x): Read and Write No rights at all Read, Write and Execute 4. What is the meaning of the write-right if the object is a directory? 1.2 Access Control on Windows 1. Is there a flag that can be set in order to set some permissions for a file for every other user on the system? If not, explain what has to be done in order to allow every user on the system to access a file. 2. Explain the difference between the rights modify and write! 3. What right(s) is (are) neccessary in order to modify access control to a file or directory? 1.3 Disk Encryption 1. Block ciphers can be used in the so-called Cipher Block Chaining (CBC) mode. Explain the advantages and disadvantages of this mode. 2. Let a disk image be encrypted in CBC mode. The size of the disk fits into 100 blocks. What happens if a single bit in block 51 accidently flips? Can you recover all 99 other blocks? 3. (Bonus) Does the CBC mode have an impact on the performance of journaled filesystems? If so, why? 4. (Bonus) Why would it still be a good idea to prefer the CBC mode for filesystems? 6
7 2 Practical Assignments (20 Points) 2.1 Filesystem Images Create a file of 100 megabytes in size with the command head -c 100m /dev/zero > fsimage0. Create an ext3 filesystem in that file with the command mkfs.ext3 fsimage0. The program mkfs will warn you about creating a filesystem in a file, but you can answer that question with yes. Now mount the newly created image into the directory /mnt/fsimage0. Create the directory if neccessary. Create a file with the contents confidential information and write it to /mnt/fsimage0. Force the operating system to commit all changes to filesystems to the disk by invoking the command sync. Delete the file. Unmount the filesystem. Check if the contents of the file are still there utilizing a hex editor or any other program (for example grep). Questions 1. What was the output of the last step? Could you recover the file s contents? 2. Give a short explanation for this behavior and the output. 2.2 Device Encryption The program losetup can be used to create encrypted loop devices, meaning the data is en- or decrypted before it is written to or read from the file connected with the loop device. Losetup needs an additional parameter to function for our purpose: We need to specify the cipher with the option -e. The cipher can basically be any cipher that the Linux kernel provides. In this experiment we ll use AES with a keysize of 128 bits. Load the cryptoloop kernel module. Create a file of 100 megabytes in size with the command head -c 100m /dev/zero > fsimage1. Tell losetup to use fsimage1 as encrypted loop device with the command losetup -e aes /dev/loop4 fsimage1 Losetup will prompt for a passphrase. Remember that passphrase! 7
8 Create an ext3 filesystem in the loop device you just created. Mount the device in /mnt/cryptoimage. Create the directory if neccessary. Create again a file with the contents confidential information in /mnt/cryptoimage. Unmount /mnt/cryptoimage. See if you can read the contents of the created file as you did in the last step of exercise 1. Questions 1. What did you find after the last step? 2.3 Filesystem Forensics The tool foremost is one of many that tries to recover files from corrupted disks and can be used for forensic analysis. Foremost creates a directory named output and several subdirectories wherein it puts the recovered files. For example the directory output/png will contain files that were recognized as.png graphic files. We have placed a filesystem image from a used usbstick we bought in an internet auction into your home directory. That image is named usbstickimage. Please follow these instructions: Mount the image to /mnt/usbstick. Create the directory if neccessary. List the contents of that directory with ls -al /mnt/usbstick Unmount the image again Use foremost to analyze the image (foremost usbstickimage) Questions 1. What was (seemingly) on the usbstick after listing the files? Write down all file names (if any). 2. What else did you find after the last step? (You don t have to write down file names (if any), just give a short summary instead.) 8
9 2.4 Access Control Lists in UNIX 1. Write down the commands to Create a group named team0 Add the users user0 and user1 to that group Change the group of the file example.txt to the newly created group 2. Let G 0 be a group consisting of the users U 0 and U 1. Over time, the users U 0 and U 1 have created many files to which only they have access. One day a third user U 2 needs to have write access to a directory which is owned by the group G 0, but must not have access to other directories owned by the group (therefore adding the user to G 0 is not an option). Describe the steps neccessary to give U 2 write access to the directory without utilizing ACLs! 3. Describe the steps neccessary to give U 2 write access to the directory using ACLs: 4. Have a look at the access rights set for the program /bin/ping on your local system. What is different compared to other binaries like /bin/sleep for example? (use ls -l) 5. Who is the owner of /bin/ping? 6. Suppose there is an exploitable buffer-overflow in the ping program. What implications does this have on system security? 7. - Create a new (ext3) filesystem image as you did in the previous exercises and mount it with the additional argument for ACLs (mount -o acl...). - Add the user user2. - Create a file named example.txt in your newly created filesystem image. Use setfacl to grant write permissions to the user user2. - Create the group team0, add the users user0 and user1 to that group and change the group of the file to team0. - Run ls -l example.txt and then execute getfacl example.txt. What are the differences between the two outputs? Give a short explanation for the different behavior! 9
10 Appendix/Bibliography References [1] OpenSolaris [2] OpenBSD [3] Linux [4] Windows Active Directory technologies/directory/activedirectory/default.mspx [5] Windows Permissions Understanding-Windows-NTFS-Permissions.html [6] Linux Man Pages 10
TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control
TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control Version 1.0, Last Edited 09/20/2005 Name of Students: Date of Experiment: Part I: Objective The objective of the exercises
More informationOperating system security models
Operating system security models Unix security model Windows security model MEELIS ROOS 1 General Unix model Everything is a file under a virtual root diretory Files Directories Sockets Devices... Objects
More informationFiles (review) and Regular Expressions. Todd Kelley CST8207 Todd Kelley 1
Files (review) and Regular Expressions Todd Kelley kelleyt@algonquincollege.com CST8207 Todd Kelley 1 midterms (Feb 11 and April 1) Files and Permissions Regular Expressions 2 Sobel, Chapter 6 160_pathnames.html
More informationUser Commands chmod ( 1 )
NAME chmod change the permissions mode of a file SYNOPSIS chmod [-fr] absolute-mode file... chmod [-fr] symbolic-mode-list file... DESCRIPTION The chmod utility changes or assigns the mode of a file. The
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationGeneral Access Control Model for DAC
General Access Control Model for DAC Also includes a set of rules to modify access control matrix Owner access right Control access right The concept of a copy flag (*) Access control system commands General
More informationTEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control
TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control Version 2.0, Last Edited 10/1/2006 Students Name: Date of Experiment: Part I: Objective The objective of the exercises
More informationCS/CIS 249 SP18 - Intro to Information Security
Lab assignment CS/CIS 249 SP18 - Intro to Information Security Lab #2 - UNIX/Linux Access Controls, version 1.2 A typed document is required for this assignment. You must type the questions and your responses
More informationOperating system security
Operating system security Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 Outline Access control models in operating systems: 1. Unix 2. Windows Acknowledgements: This
More informationread: permitted to read the contents of directory ( view files and sub-directories in that directory ).
File permissions Three file permissions:- read: permitted to read the contents of file. write: permitted to write to the file. execute: permitted to execute the file as a program/script. Three directory
More informationUNIX File Hierarchy: Structure and Commands
UNIX File Hierarchy: Structure and Commands The UNIX operating system organizes files into a tree structure with a root named by the character /. An example of the directory tree is shown below. / bin
More information? Resource. Announcements. Access control. Access control in operating systems. References. u Homework Due today. Next assignment out next week
Announcements Access control John Mitchell u Homework Due today. Next assignment out next week u Graders If interested in working as grader, send email to Anupam u Projects Combine some of the project
More informationUser accounts and authorization
User accounts and authorization Authentication vs authorization Authentication: proving the identity of someone Authorization: allowing a user to access certain resources 1 Government authorization documents
More informationProtection. CSE473 - Spring Professor Jaeger. CSE473 Operating Systems - Spring Professor Jaeger
Protection CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ Protection Protect yourself from untrustworthy users in a common space They may try to access your resources Or modify
More informationWorking with Basic Linux. Daniel Balagué
Working with Basic Linux Daniel Balagué How Linux Works? Everything in Linux is either a file or a process. A process is an executing program identified with a PID number. It runs in short or long duration
More informationFile Systems. What do we need to know?
File Systems Chapter 4 1 What do we need to know? How are files viewed on different OS s? What is a file system from the programmer s viewpoint? You mostly know this, but we ll review the main points.
More informationbash startup files Linux/Unix files stty Todd Kelley CST8207 Todd Kelley 1
bash startup files Linux/Unix files stty Todd Kelley kelleyt@algonquincollege.com CST8207 Todd Kelley 1 midterms (Feb 27 and April 10) bash startup files More Linux Files review stty 2 We customize our
More informationDiscretionary Access Control
Operating System Security Discretionary Seong-je Cho ( 조성제 ) (sjcho at dankook.ac.kr) Fall 2018 Computer Security & Operating Systems Lab, DKU - 1-524870, F 18 Discretionary (DAC) Allows the owner of the
More informationOperating Systems, Unix Files and Commands SEEM
Operating Systems, Unix Files and Commands SEEM 3460 1 Major Components of Operating Systems (OS) Process management Resource management CPU Memory Device File system Bootstrapping SEEM 3460 2 Programs
More informationExample Implementations of File Systems
Example Implementations of File Systems Last modified: 22.05.2017 1 Linux file systems ext2, ext3, ext4, proc, swap LVM Contents ZFS/OpenZFS NTFS - the main MS Windows file system 2 Linux File Systems
More informationA Survey of Access Control Policies. Amanda Crowell
A Survey of Access Control Policies Amanda Crowell What is Access Control? Policies and mechanisms that determine how data and resources can be accessed on a system. The Players Subjects Objects Semi-objects
More informationFreeBSD Advanced Security Features
FreeBSD Advanced Security Features Robert N. M. Watson Security Research Computer Laboratory University of Cambridge 19 May, 2007 Introduction Welcome! Introduction to some of the advanced security features
More informationWindows Access Control List (ACL) 2
What do we have in this session? Windows Access Control List (ACL) 2 1. Access Control Lists (ACLs) 2. Object-specific ACEs 3. Trustees 4. Access Rights and Access Masks 5. ACCESS_MASK 6. Access Mask format
More informationCSE543 - Introduction to Computer and Network Security. Module: Operating System Security
CSE543 - Introduction to Computer and Network Security Module: Operating System Security Professor Trent Jaeger 1 OS Security An secure OS should provide (at least) the following mechanisms Memory protection
More informationFile Access Control Lists (ACLs)
File Access Control Lists (ACLs) Exercise Setup These exercises assume you are using RHEL 7.2 or CentOS 7.2 Create the following users and assignment passwords if these users do not already exist on your
More informationModule 4: Access Control
Module 4: Access Control Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University, Jackson, MS 39232 E-mail: natarajan.meghanathan@jsums.edu Access Control In general,
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationCapability and System Hardening
P a g e 1 Date Assigned: mm/dd/yyyy Date Due: mm/dd/yyyy by hh:mm Educational Objectives Capability and System Hardening This lab is designed to help you gain a better understanding of system hardening
More informationOutline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components
UNIX security Ulf Larson (modified by Erland Jonsson/Magnus Almgren) Computer security group Dept. of Computer Science and Engineering Chalmers University of Technology, Sweden Outline UNIX security ideas
More informationChapter Two. Lesson A. Objectives. Exploring the UNIX File System and File Security. Understanding Files and Directories
Chapter Two Exploring the UNIX File System and File Security Lesson A Understanding Files and Directories 2 Objectives Discuss and explain the UNIX file system Define a UNIX file system partition Use the
More information: the User (owner) for this file (your cruzid, when you do it) Position: directory flag. read Group.
CMPS 12L Introduction to Programming Lab Assignment 2 We have three goals in this assignment: to learn about file permissions in Unix, to get a basic introduction to the Andrew File System and it s directory
More information8 MANAGING SHARED FOLDERS & DATA
MANAGING SHARED FOLDERS & DATA STORAGE.1 Introduction to Windows XP File Structure.1.1 File.1.2 Folder.1.3 Drives.2 Windows XP files and folders Sharing.2.1 Simple File Sharing.2.2 Levels of access to
More informationSecure Architecture Principles
CS 155 Spring 2017 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Secure Architecture Principles Isolation
More informationFaculty of Engineering Computer Engineering Department Islamic University of Gaza Network Lab # 7 Permissions
Faculty of Engineering Computer Engineering Department Islamic University of Gaza 2012 Network Lab # 7 Permissions Objective: Network Lab # 7 Permissions Define permissions. Explain the characteristics
More informationProject 5 File System Protection
Project 5 File System Protection Introduction This project will implement simple protection in the xv6 file system. Your goals are to: 1. Implement protection in the xv6 file system. 2. Understand how
More informationcommandname flags arguments
Unix Review, additional Unix commands CS101, Mock Introduction This handout/lecture reviews some basic UNIX commands that you should know how to use. A more detailed description of this and other commands
More informationCS197U: A Hands on Introduction to Unix
CS197U: A Hands on Introduction to Unix Lecture 3: UNIX Operating System Organization Tian Guo CICS, Umass Amherst 1 Reminders Assignment 2 is due THURSDAY 09/24 at 3:45 pm Directions are on the website
More informationProject 5 File System Protection
Project 5 File System Protection Introduction This project will implement simple protection in the xv6 file system. Your goals are to: 1. Implement protection in the xv6 file system. 2. Understand how
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationWindows Server 2008 Active Directory Resource Kit
Windows Server 2008 Active Directory Resource Kit Stan Reimer, Mike Mulcare, Conan Kezema, Byron Wright w MS AD Team PREVIEW CONTENT This excerpt contains uncorrected manuscript from an upcoming Microsoft
More informationFile systems security: Shared folders & NTFS permissions, EFS Disk Quotas
File systems security: Shared folders & NTFS permissions, EFS Disk Quotas (March 23, 2016) Abdou Illia, Spring 2016 1 Learning Objective Understand Shared Folders Assign Shared Folder permissions NTFS
More informationCST8207: GNU/Linux Operating Systems I Lab Nine Disks, Partitions, and File Systems Part 2. Disks, Partitions, and File Systems - Part 2 of 2
Student Name: Lab Section: Disks, Partitions, and File Systems - Part 2 of 2 1 Due Date - Upload to Blackboard by 8:30am Monday April 9, 2012 Submit the completed lab to Blackboard following the Rules
More informationIntroduction to Computer Security
Introduction to Computer Security UNIX and Windows Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Genesis: UNIX vs. MULTICS MULTICS (Multiplexed Information and Computing Service)
More informationCSE 390a Lecture 3. Multi-user systems; remote login; editors; users/groups; permissions
CSE 390a Lecture 3 Multi-user systems; remote login; editors; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1
More information5/8/2012. Encryption-based Protection. Protection based on Access Permission (Contd) File Security, Setting and Using Permissions Chapter 9
File Security, Setting and Using Permissions Chapter 9 To show the three protection and security mechanisms that UNIX provides To describe the types of users of a UNIX file To discuss the basic operations
More informationFiles & I/O. Today. Comp 104: Operating Systems Concepts. Operating System An Abstract View. Files and Filestore Allocation
Comp 104: Operating Systems Concepts Files and Filestore Allocation Today Files Introduction Filestore allocation policies Contiguous allocation Linked allocation File allocation table Indexed allocation
More informationLinux Command Line Primer. By: Scott Marshall
Linux Command Line Primer By: Scott Marshall Draft: 10/21/2007 Table of Contents Topic Page(s) Preface 1 General Filesystem Background Information 2 General Filesystem Commands 2 Working with Files and
More informationFILESYSTEMS. Mmmm crunchy
FILESYSTEMS Mmmm crunchy PURPOSE So all this data... How to organize? Whose job? Filesystems! PERMISSIONS Linux supports 3 main types of access on a file: read: View the contents write: Modify the contents
More informationLPI LPI Level Junior Level Linux Certification Part 1 of 2. Download Full Version :
LPI 101-400 LPI Level 1 101 Junior Level Linux Certification Part 1 of 2 Download Full Version : http://killexams.com/pass4sure/exam-detail/101-400 Answer: B QUESTION: 102 How many fields are in a syntactically
More informationCENG200 - Lab 2: Security, Simple Web Pages
Out: Sept 12, 2016 Due: Sept 26, 2016 (start of lecture) Preliminary Steps CENG200 - Lab 2: Security, Simple Web Pages A. When you log in for this lab, perform the following actions (one time only) chmod
More informationChapter 4: Access Control
(DAC) Chapter 4: Comp Sci 3600 Security Outline (DAC) 1 2 (DAC) 3 4 5 Attribute-based control (DAC) The prevention of unauthorized use of a resource, including the prevention of use of a resource in an
More informationProcesses are subjects.
Identification and Authentication Access Control Other security related things: Devices, mounting filesystems Search path TCP wrappers Race conditions NOTE: filenames may differ between OS/distributions
More informationFile Services. Chapter 5. Topics in this Chapter: Understanding Windows File Systems. Understanding Linux File Systems
Chapter 5 File Services Topics in this Chapter: Understanding Windows File Systems Understanding Linux File Systems Understanding Permissions Management (Access Control) Understanding File Backup, Restore,
More informationLinux System Administration, level 1. Lecture 4: Partitioning and Filesystems Part II: Tools & Methods
Linux System Administration, level 1 Lecture 4: Partitioning and Filesystems Part II: Tools & Methods The sequence 1. Create one or more empty partitions 1a. (optional) Arrange them into a RAID or LVM
More informationUnix Filesystem. January 26 th, 2004 Class Meeting 2
Unix Filesystem January 26 th, 2004 Class Meeting 2 * Notes adapted by Christian Allgood from previous work by other members of the CS faculty at Virginia Tech Unix Filesystem! The filesystem is your interface
More informationIntroduction to Unix May 24, 2008
Introduction to Unix May 24, 2008 Exercises: Privileges REFERENCE Reference: Shah, Steve, "Linux Administration: A Beginner's Guide", 2nd. ed., Osborne press, New York, NY. If you look at files in a directory
More informationFile Systems: Interface and Implementation
File Systems: Interface and Implementation CSCI 315 Operating Systems Design Department of Computer Science File System Topics File Concept Access Methods Directory Structure File System Mounting File
More informationFile Systems: Interface and Implementation
File Systems: Interface and Implementation CSCI 315 Operating Systems Design Department of Computer Science Notice: The slides for this lecture have been largely based on those from an earlier edition
More informationFile Systems: Interface and Implementation
File Systems: Interface and Implementation CSCI 315 Operating Systems Design Department of Computer Science Notice: The slides for this lecture have been largely based on those from an earlier edition
More informationUnderstanding NFSv4 ACL s
Understanding NFSv4 ACL s John Hixson john@ixsystems.com ixsystems, Inc. 1 Introduction Traditional UNIX permissions are very limited in the security they can provide. UNIX permissions can only be set
More informationCSCI 2132 Software Development. Lecture 5: File Permissions
CSCI 2132 Software Development Lecture 5: File Permissions Instructor: Vlado Keselj Faculty of Computer Science Dalhousie University 14-Sep-2018 (5) CSCI 2132 1 Files and Directories Pathnames Previous
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Race Conditions Secure Software Programming 2 Overview Parallel execution
More informationChapter 8: Security under Linux
Chapter 8: Security under Linux 8.1 File and Password security Linux security may be divided into two major parts: a) Password security b) File security 8.1.1 Password security To connect to a Linux system
More informationPrivileges: who can control what
Privileges: who can control what Introduction to Unix May 24, 2008, Morocco Hervey Allen Goal Understand the following: The Unix security model How a program is allowed to run Where user and group information
More informationAccess Control. Steven M. Bellovin September 13,
Access Control Steven M. Bellovin September 13, 2016 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationWe ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?
We ve seen: Protection: ACLs, Capabilities, and More Some cryptographic techniques Encryption, hashing, types of keys,... Some kinds of attacks Viruses, worms, DoS,... And a distributed authorization and
More informationThe Unix Shell & Shell Scripts
The Unix Shell & Shell Scripts You should do steps 1 to 7 before going to the lab. Use the Linux system you installed in the previous lab. In the lab do step 8, the TA may give you additional exercises
More informationPESIT Bangalore South Campus
INTERNAL ASSESSMENT TEST - 2 Date : 20/09/2016 Max Marks : 0 Subject & Code : Unix Shell Programming (15CS36) Section : 3 rd Sem ISE/CSE Name of faculty : Prof Ajoy Time : 11:30am to 1:00pm SOLUTIONS 1
More informationUNIX File System. UNIX File System. The UNIX file system has a hierarchical tree structure with the top in root.
UNIX File System UNIX File System The UNIX file system has a hierarchical tree structure with the top in root. Files are located with the aid of directories. Directories can contain both file and directory
More informationWhat does a file system do?
System files What does a file system do? A file system is a method for storing and organizing computer files and the data they contain to make it easy to find and access them. File systems exist on hard
More informationUnix File System. Class Meeting 2. * Notes adapted by Joy Mukherjee from previous work by other members of the CS faculty at Virginia Tech
Unix File System Class Meeting 2 * Notes adapted by Joy Mukherjee from previous work by other members of the CS faculty at Virginia Tech Unix File System The file system is your interface to: physical
More informationExam Linux-Praxis - 1 ( From )
Exam Linux-Praxis - 1 ( From http://www.linux-praxis.de ) (1)Which of the following commands results in mailing the content of the current directory to Bob? A. mail Bob < ls B. ls > mail Bob C. ls mail
More informationPermission and Ownership
Permission and Ownership 1. Understanding file and directory ownership Every file on your Linux system, including directories, is owned by a specific user and group. Therefore, file permissions are defined
More informationDATA STRUCTURES USING C
DATA STRUCTURES USING C File Management Chapter 9 2 File Concept Contiguous logical address space Types: Data numeric character binary Program 3 File Attributes Name the only information kept in human-readable
More informationThis is Worksheet and Assignment 12. Disks, Partitions, and File Systems
This is Worksheet and Assignment 12 This is a combined Worksheet and Assignment.. Quizzes and tests may refer to work done in this Worksheet and Assignment; save your answers. You will use a checking program
More informationFile Security Lock Down Your Data. Brian Reames January 22, 2012
File Security Lock Down Your Data Brian Reames January 22, 2012 Table of Contents 1.0 Basic Linux Permissions...4 1.1 Determining Permissions... 5 1.2 File Permissions vs. Directory Permissions... 6 1.3
More informationUnix, History
Operating systems Examples from Unix, VMS, Windows NT on user authentication, memory protection and file and object protection. Trusted Operating Systems, example from PitBull Unix, History Unix, History
More informationPermissions User and Administrator Guide
Permissions User and Administrator Guide Table of contents 1 Overview...2 2 User Identity...2 3 Understanding the Implementation...3 4 Changes to the File System API... 3 5 Changes to the Application Shell...4
More informationAccess Control. Steven M. Bellovin September 2,
Access Control Steven M. Bellovin September 2, 2014 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationFile Properties and Permissions
File Properties and Permissions Managing File Access in Linux Peter Perry July 2009 What is it about? Open a shell (terminal) and type ls -l You get quite a bit of information about each file. Tonight,
More informationProtection Kevin Webb Swarthmore College April 19, 2018
Protection Kevin Webb Swarthmore College April 19, 2018 xkcd #1200 Before you say anything, no, I know not to leave my computer sitting out logged in to all my accounts. I have it set up so after a few
More informationCSE 390a Lecture 4. Persistent shell settings; users/groups; permissions
CSE 390a Lecture 4 Persistent shell settings; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1 2 Lecture summary
More informationCSE II-Sem)
a) Write a shell script that displays a list of all the files in the current directory to which the user has read, write and execute permissions. b) Develop an interactive script that asks for a word and
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationCSE 390a Lecture 4. Persistent shell settings; users/groups; permissions
CSE 390a Lecture 4 Persistent shell settings; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1 2 Lecture summary
More informationEssential Unix and Linux! Perl for Bioinformatics, ! F. Pineda
Essential Unix and Linux! Perl for Bioinformatics, 140.636! F. Pineda Generic computer architecture Memory Storage Fig. 1.2 From Designing Embedded Hardware, 2 nd Ed. by John Catsoulis OS concepts Shell
More informationTECH 4272 Operating Systems
TECH 4272 Lecture 3 2 Todd S. Canaday Adjunct Professor Herff College of Engineering sudo sudo is a program for Unix like computer operating systems that allows users to run programs with the security
More informationIS 2150 / TEL 2810 Information Security and Privacy
IS 2150 / TEL 2810 Information Security and Privacy James Joshi Professor, SIS Access Control OS Security Overview Lecture 2, Sept 6, 2016 1 Objectives Understand the basics of access control model Access
More informationFull file at https://fratstock.eu
Guide to UNIX Using Linux Fourth Edition Chapter 2 Solutions Answers to the Chapter 2 Review Questions 1. Your company is discussing plans to migrate desktop and laptop users to Linux. One concern raised
More informationCS Unix Tools. Lecture 2 Fall Hussam Abu-Libdeh based on slides by David Slater. September 10, 2010
Lecture 2 Fall 2010 Hussam Abu-Libdeh based on slides by David Slater September 10, 2010 Last Time We had a brief discussion On The Origin of Species *nix systems Today We roll our sleeves and get our
More informationOperating Systems 2015 Assignment 4: File Systems
Operating Systems 2015 Assignment 4: File Systems Deadline: Tuesday, May 26 before 23:59 hours. 1 Introduction A disk can be accessed as an array of disk blocks, often each block is 512 bytes in length.
More informationUnix Introduction to UNIX
Unix Introduction to UNIX Get Started Introduction The UNIX operating system Set of programs that act as a link between the computer and the user. Developed in 1969 by a group of AT&T employees Various
More informationChapter 1 - Introduction. September 8, 2016
Chapter 1 - Introduction September 8, 2016 Introduction Overview of Linux/Unix Shells Commands: built-in, aliases, program invocations, alternation and iteration Finding more information: man, info Help
More informationCSC209. Software Tools and Systems Programming. https://mcs.utm.utoronto.ca/~209
CSC209 Software Tools and Systems Programming https://mcs.utm.utoronto.ca/~209 What is this Course About? Software Tools Using them Building them Systems Programming Quirks of C The file system System
More information(32 KB) 216 * 215 = 231 = 2GB
The Microsoft FAT 16 file system (supported by all of Microsoft's operating systems from latter versions of MS-DOS through Windows8, as well as all Linux versions) is an example of a file allocation table
More informationOperating Systems. Copyleft 2005, Binnur Kurt
3 Operating Systems Copyleft 2005, Binnur Kurt Content The concept of an operating system. The internal architecture of an operating system. The architecture of the Linux operating system in more detail.
More informationOperating Systems 3. Operating Systems. Content. What is an Operating System? What is an Operating System? Resource Abstraction and Sharing
Content 3 Operating Systems The concept of an operating system. The internal architecture of an operating system. The architecture of the Linux operating system in more detail. How to log into (and out
More informationOperating Systems 2014 Assignment 4: File Systems
Operating Systems 2014 Assignment 4: File Systems Deadline: Sunday, May 25 before 23:59 hours. 1 Introduction A disk can be accessed as an array of disk blocks, often each block is 512 bytes in length.
More information8. Files and File Systems
8. Files and File Systems 8. Files and File Systems File Storage Structure File System Implementation Kernel Abstraction Communication Through a Pipe 146 / 303 8. Files and File Systems Disk Operation
More informationExercise Sheet 2. (Classifications of Operating Systems)
Exercise Sheet 2 Exercise 1 (Classifications of Operating Systems) 1. At any given moment, only a single program can be executed. What is the technical term for this operation mode? 2. What are half multi-user
More information