Access Control Lists. Beyond POSIX permissions Campus-Booster ID : **XXXXX. Copyright SUPINFO. All rights reserved
|
|
- Dennis Carson
- 6 years ago
- Views:
Transcription
1 Access Control Lists Beyond POSIX permissions Campus-Booster ID : **XXXXX Copyright SUPINFO. All rights reserved
2 Access Control Lists Your trainer Presenter s Name Title: **Enter title or job role. Accomplishments: **What makes the presenter qualified to present this course. Education: **List degrees if important. Publications: **Writings by the presenter on the subject of the course or presentation. Contact: **Campus-Booster ID: presenter@supinfo.com
3 Access Control Lists Course objectives By completing this course, you will: n Know what ACL s really are. Fine-grained permissions model. n Define complex permission schemes. When POSIX permissions are helpless. n Create inherited entries. Using default ACL s.
4 Access Control Lists Course topics Course s plan : n About ACL's. Overcome POSIX permissions limitations. n ACL structure. How do it looks like? n Working with ACL's. Create, Retrieve, Update, Delete.
5 Access Control Lists About ACL s When POSIX permissions aren t enough
6 About ACL s Access Control Lists Extended permission sets. n POSIX Permissions n User n Groups n Others n ACL s n Same permissions n Extended control set n List of trustees n Any group(s) n Any user(s)
7 About ACL's Why use ACL s? A real-life example: n users group n Amanda n Bridget n John n John wants to share a document n Amanda rw- n Bridget --- n POSIX Limitation n Use ACL s to circumvent
8 About ACL s Enable ACL s ACL support needs to be enabled. n Kernel support n CONFIG_FS_POSIX_ ACL n Enabled in most(all) distros n Filesystem support n Native support n Most fs do n Mount option
9 About ACL's Enable ACL s To enable ACL support: n Install acl and libacl packages n Mount your filesystem with the acl option # mount / -o remount,acl
10 About ACL's Stop-and-think Do you have any questions?
11 About ACL's Stop-and-think ACLs are actived by default in your filesystem. True False
12 About ACL's Stop-and-think ACLs are active by default in your filesystem. True False
13 Access Control Lists ACL structure How do it looks like?
14 ACLs structure ACL Entries ACL entries format. n Regular n user:user:mode n user:sarah:rw- n group:group:mode n Default n Mask n group:uucp:r-- n default Prefix n default:group:u ucp:r n mask::mode
15 ACLs structure ACL Entries Access Control List example: $ getfacl afile.txt # file: afile.txt # owner: sarah # group: users user::rwuser:john:rwuser:bill:rwgroup::r group:headquarters:rwmask::rwother::r
16 ACLs structure Stop-and-think Do you have any questions?
17 Access Control Lists Working with ACL s CRUD on ACL s
18 Working with ACL's Setfacl invocation Setting ACL s [user@linux ~]$ setfacl [options] file or directory Options Definitions -m u:user:mode Add a user ACL -m g:group:mode -R Add a group ACL Apply operations to all files and directories recursively -b Remove (blank) all ACL entries -x aclspec Delete a specific entry
19 Working with ACL's Default ACL s Inherited ACL s. n On directories only n Inherited n New files n New subdirs n Implement a policy n Webmasters n rw- on any file n Prepend d: to ACL spec
20 Working with ACL's Mask Limitative permission set. n Set an arbitrary limit n No one can have more than r-x n Even if trustee has explicit entry n Effective permission set: trustee mode AND mask n Doesn t apply to owner (as well as ACL s) n Set: m::mode
21 Access Control Lists Effective = Mask & Mode Permissions Objects Read Write Execute User/Group X X Mask X X Effective X
22 Access Control Lists Setfacl examples setfacl -m u:supinfo:rw \ /var/www/index.php root@localhost:~# setfacl -m g:labmembers:rw \ /var/www/index.php root@localhost:~# setfacl -x u:supinfo \ /var/www/index.php root@localhost:~# setfacl -b /var/www/index.php root@localhost:~# setfacl -m d:g:webmaster:rw \ /var/www root@localhost:~# setfacl -m m::rw- /var/www
23 Working with ACL's Getfacl invocation Using getfacl ~]$ getfacl [options] file or directory Options Definitions -a -d Display the file Access Control List only (no default) Display the default Access Control List only -R List the ACL of all files and directories recursively
24 Access Control Listss Getfacl examples n List the whole ACLs recursively from user s home: # getfacl -R /home/user/ n Display the file ACL of /var/www: # getfacl -a /var/www n Display the default ACL of /var/www: # getfacl -d /var/www
25 Working with ACL's Stop-and-think Do you have any questions?
26 Working with ACL's Stop-and-think Setfacl options: Match options and their definition. -m -b -R Apply recursivly Add ACL entrie Delete all ACLs
27 Working with ACL's Stop-and-think Setfacl options: Match options and their definition. -m -b -R Apply recursivly Add ACL entrie Delete all ACLs
28 **SUPINFO Module title Course summary Default ACL s What ACL are? Mask Extended permission model ACL structure
29 Access Control Lists For more If you want to go into these subjects more deeply, Publications Courses Linux Technologies: Edge Computing Linux system administration Web sites Conferences FOSDEM RMLL Solutions Linux
30 Congratulations You have successfully completed the SUPINFO course module n 08 Access Control Lists
31 Access Control Lists The end n ACL don t work without acl mount option n Some filesystems don t have ACL support (vfat, )
Sudo: Switch User Do. Administrative Privileges Delegation Campus-Booster ID : **XXXXX. Copyright SUPINFO. All rights reserved
Sudo: Switch User Do Administrative Privileges Delegation Campus-Booster ID : **XXXXX www.supinfo.com Copyright SUPINFO. All rights reserved Sudo: Switch User Do Your trainer Presenter s Name Title: **Enter
More informationArchives. Gather and compress Campus-Booster ID : **XXXXX. Copyright SUPINFO. All rights reserved
Archives Gather and compress Campus-Booster ID : **XXXXX www.supinfo.com Copyright SUPINFO. All rights reserved Archives Your trainer Presenter s Name Title: **Enter title or job role. Accomplishments:
More informationYour daily cup of CLI
Your daily cup of CLI Powerful Unix tools Campus-Booster ID : **XXXXX www.supinfo.com Copyright SUPINFO. All rights reserved Your daily cup of CLI Your trainer Presenter s Name Title: **Enter title or
More informationFilesystem and common commands
Filesystem and common commands Unix computing basics Campus-Booster ID : **XXXXX www.supinfo.com Copyright SUPINFO. All rights reserved Filesystem and common commands Your trainer Presenter s Name Title:
More informationProcesses. System tasks Campus-Booster ID : **XXXXX. Copyright SUPINFO. All rights reserved
Processes System tasks Campus-Booster ID : **XXXXX www.supinfo.com Copyright SUPINFO. All rights reserved Processes Your trainer Presenter s Name Title: **Enter title or job role. Accomplishments: **What
More informationFile Access Control Lists (ACLs)
File Access Control Lists (ACLs) Exercise Setup These exercises assume you are using RHEL 7.2 or CentOS 7.2 Create the following users and assignment passwords if these users do not already exist on your
More informationHDP HDFS ACLs 3. Apache HDFS ACLs. Date of Publish:
3 Apache HDFS ACLs Date of Publish: 2018-07-15 http://docs.hortonworks.com Contents Apache HDFS ACLs... 3 Configuring ACLs on HDFS... 3 Using CLI Commands to Create and List ACLs... 3 ACL Examples... 4
More informationAccess Control Lists. Don Porter CSE 506
Access Control Lists Don Porter CSE 506 Background (1) ò If everything in Unix is a file ò Everything in Windows is an object ò Why not files? ò Not all OS abstractions make sense as a file ò Examples:
More informationIntroduction to Computer Security
Introduction to Computer Security UNIX Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Genesis: UNIX vs. MULTICS MULTICS (Multiplexed Information and Computing Service) a high-availability,
More informationOperating system security models
Operating system security models Unix security model Windows security model MEELIS ROOS 1 General Unix model Everything is a file under a virtual root diretory Files Directories Sockets Devices... Objects
More informationUser Commands chmod ( 1 )
NAME chmod change the permissions mode of a file SYNOPSIS chmod [-fr] absolute-mode file... chmod [-fr] symbolic-mode-list file... DESCRIPTION The chmod utility changes or assigns the mode of a file. The
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationExercise 4: Access Control and Filesystem Security
Exercise 4: Access Control and Filesystem Security Introduction Duration: 90 min Maximum Points: 30 Note: The solutions of theorethical assignments should be handed out before the practical part in the
More informationProtection Kevin Webb Swarthmore College April 19, 2018
Protection Kevin Webb Swarthmore College April 19, 2018 xkcd #1200 Before you say anything, no, I know not to leave my computer sitting out logged in to all my accounts. I have it set up so after a few
More informationFreeBSD Advanced Security Features
FreeBSD Advanced Security Features Robert N. M. Watson Security Research Computer Laboratory University of Cambridge 19 May, 2007 Introduction Welcome! Introduction to some of the advanced security features
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.2: OS Security Access Control Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Bogdan Carbunar (FIU)
More information1.3 What does Ctrl-D, Ctrl-A, Ctrl-F and Ctrl-T do in terms of command line editing? (6)
Question 1 2 ICT2631 1.1 How do you switch between virtual consoles? (3) Hold down CTRL and ALT keys and press F1 through F7 to switch between consoles. 1.2 Give three reasons why you may opt to use a
More informationAccess Control. Steven M. Bellovin September 13,
Access Control Steven M. Bellovin September 13, 2016 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationGeneral Access Control Model for DAC
General Access Control Model for DAC Also includes a set of rules to modify access control matrix Owner access right Control access right The concept of a copy flag (*) Access control system commands General
More informationUnderstanding NFSv4 ACL s
Understanding NFSv4 ACL s John Hixson john@ixsystems.com ixsystems, Inc. 1 Introduction Traditional UNIX permissions are very limited in the security they can provide. UNIX permissions can only be set
More informationVTrak A-Class Mac OS X or macos SAN Client
VTrak A-Class Mac OS X or macos SAN Client VTrak Mac OS X Client Package 1.4.2 (build 54047) Release Notes. (Mac OS X/macOS Clients only) This Mac Client Package Requires VTrak A-Class firmware SR3.3 Version
More informationAccess Control. Steven M. Bellovin September 2,
Access Control Steven M. Bellovin September 2, 2014 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationFile Security Lock Down Your Data. Brian Reames January 22, 2012
File Security Lock Down Your Data Brian Reames January 22, 2012 Table of Contents 1.0 Basic Linux Permissions...4 1.1 Determining Permissions... 5 1.2 File Permissions vs. Directory Permissions... 6 1.3
More informationUsing ACLs with Fedora Core 2 (Linux Kernel 2.6.5)
Using ACLs with Fedora Core 2 (Linux Kernel 2.6.5) Back to Index By Van Emery Table of Contents Introduction Assumptions Getting Started Using ACLs More setfacl Details and Examples Example Scenario The
More informationAn Overview of Security in the FreeBSD Kernel. Brought to you by. Dr. Marshall Kirk McKusick
An Overview of Security in the FreeBSD Kernel Brought to you by Dr. Marshall Kirk McKusick 2013 BSDCan Conference May 17, 2013 University of Ottawa Ottawa, Canada Copyright 2013 Marshall Kirk McKusick.
More informationA Survey of Access Control Policies. Amanda Crowell
A Survey of Access Control Policies Amanda Crowell What is Access Control? Policies and mechanisms that determine how data and resources can be accessed on a system. The Players Subjects Objects Semi-objects
More informationOutline. Last time. (System) virtual machines. Virtual machine technologies. Virtual machine designs. Techniques for privilege separation
Outline CSci 5271 Introduction to Computer Security Day 9: OS security basics Stephen McCamant University of Minnesota, Computer Science & Engineering Last time (System) virtual machines Restrict languages,
More informationRHCE BOOT CAMP. Filesystem Administration. Wednesday, November 28, 12
RHCE BOOT CAMP Filesystem Administration PARTITIONING What is partitioning? Splitting up a hard drive into organizable chunks Why? Isolates filesystem corruption Simplifies/speeds backups Allows optimizing
More informationEmulating Windows file serving on POSIX. Jeremy Allison Samba Team
Emulating Windows file serving on POSIX Jeremy Allison Samba Team jra@samba.org But isn't it easy? Just take a kernel, add your own file system and.. Not if you don't own your own kernel or file system.
More informationAdministration Guide
Administration Guide This guide will cover how to customize and lock down the SCOM 2012 Maintenance Mode Scheduler for your end users. Table of Contents Customize Look and Feel... 2 Enable Auditing of
More informationrpaths Documentation Release 0.2 Remi Rampin
rpaths Documentation Release 0.2 Remi Rampin June 09, 2014 Contents 1 Introduction 1 2 Classes 3 2.1 Abstract classes............................................. 3 2.2 Concrete class Path............................................
More informationFind out where you currently are in the path Change directories to be at the root of your home directory (/home/username) cd ~
CIS 105 Working with directories You have using directories in a Windows environment extensively. Often in Windows we are calling them folders. They are important in order to organize our files. It is
More informationCS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching
CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring 2004 Lecture 18: Naming, Directories, and File Caching 18.0 Main Points How do users name files? What is a name? Lookup:
More informationImproving User Accounting and Isolation with Linux Kernel Features. Brian Bockelman Condor Week 2011
Improving User Accounting and Isolation with Linux Kernel Features Brian Bockelman Condor Week 2011 Case Study: MPD The MPICH2 library is a common implementation of the MPI interface, a popular parallel
More informationCS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring Lecture 18: Naming, Directories, and File Caching
CS 162 Operating Systems and Systems Programming Professor: Anthony D. Joseph Spring 2002 Lecture 18: Naming, Directories, and File Caching 18.0 Main Points How do users name files? What is a name? Lookup:
More informationOverlayfs And Containers. Miklos Szeredi, Red Hat Vivek Goyal, Red Hat
Overlayfs And Containers Miklos Szeredi, Red Hat Vivek Goyal, Red Hat Introduction to overlayfs Union or? Union: all layers made equal How do you take the union of two files? Or a file and a directory?
More informationProcess Time. Steven M. Bellovin January 25,
Multiprogramming Computers don t really run multiple programs simultaneously; it just appears that way Each process runs to completion, but intermixed with other processes Process 1 6 ticks Process 2 Process
More informationCOS 318: Operating Systems. NSF, Snapshot, Dedup and Review
COS 318: Operating Systems NSF, Snapshot, Dedup and Review Topics! NFS! Case Study: NetApp File System! Deduplication storage system! Course review 2 Network File System! Sun introduced NFS v2 in early
More informationcconfig 0.1 Nico Schottelius (nico-linux-cconfig ((at)) schottelius.org)
0.1 (nico-linux-cconfig ((at)) schottelius.org) 2005-08-28 1 Contents 1 Introduction 3 2 Layout 3 2.1 Objects.............................. 3 2.2 Attributes............................. 3 2.3 Links................................
More informationOS Security. Authorization. Radboud University Nijmegen, The Netherlands. Winter 2015/2016
OS Security Authorization Radboud University Nijmegen, The Netherlands Winter 2015/2016 A short recap Authentication establishes a mapping between entities (users) and intended operations Typical approach:
More informationDiscretionary Access Control
Operating System Security Discretionary Seong-je Cho ( 조성제 ) (sjcho at dankook.ac.kr) Fall 2018 Computer Security & Operating Systems Lab, DKU - 1-524870, F 18 Discretionary (DAC) Allows the owner of the
More informationFile System Interface. ICS332 Operating Systems
File System Interface ICS332 Operating Systems Files and Directories Features A file system implements the file abstraction for secondary storage It also implements the directory abstraction to organize
More informationCS 390 Chapter 2 Homework Solutions
CS 390 Chapter 2 Homework Solutions 2.1 What is the purpose of... System calls are used by user-level programs to request a service from the operating system. 2.5 What is the purpose of... The purpose
More informationCSE 390a Lecture 3. Multi-user systems; remote login; editors; users/groups; permissions
CSE 390a Lecture 3 Multi-user systems; remote login; editors; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1
More information12- File system and access rights
12- File system and access rights File properties under Linux vs. Other systems File types (-) Regular files...(s) is unknow to me till now (eg. /dev/gpmctl) (l) Symbolic Links (eg. /sbin/init.d/rc2.d...all
More information4 RHCSA-Level Security Options
4 RHCSA-Level Security Options CERTIFICATION OBJECTIVES 4.01 Basic File Permissions 4.02 Access Control Lists and More 4.03 Basic Firewall Control 4.04 A Security-Enhanced Linux Primer Two-Minute Drill
More informationRHCSA BOOT CAMP. Filesystem Administration
RHCSA BOOT CAMP Filesystem Administration PARTITIONING What is partitioning? Splitting up a hard drive into organizable chunks Why? Isolates filesystem corruption Simplifies/speeds backups Allows optimizing
More informationWhy secure the OS? Operating System Security. Privilege levels in 80X86 processors. The basis of protection: Seperation. Privilege levels - A problem
Why secure the OS? Operating System Security Works directly on the hardware but can be adapted during runtime Data and process are directly visible Application security can be circumvented from lower layers
More informationWhat s new in control groups (cgroups) v2
Open Source Summit Europe 2018 What s new in control groups (cgroups) v2 Michael Kerrisk, man7.org c 2018 mtk@man7.org Open Source Summit Europe 21 October 2018, Edinburgh, Scotland Outline 1 Introduction
More informationOutline. Cgroup hierarchies
Outline 15 Cgroups 15-1 15.1 Introduction to cgroups v1 and v2 15-3 15.2 Cgroups v1: hierarchies and controllers 15-17 15.3 Cgroups v1: populating a cgroup 15-24 15.4 Cgroups v1: a survey of the controllers
More informationOS Security III: Sandbox and SFI
1 OS Security III: Sandbox and SFI Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 VMs on lab machine Extension? 3 Users and processes FACT: although ACLs use users as subject, the OS
More informationITDumpsKR. IT 인증시험한방에패스시키는최신버전시험대비덤프
ITDumpsKR http://www.itdumpskr.com IT 인증시험한방에패스시키는최신버전시험대비덤프 Exam : EX200 Title : Red Hat Certified System Administrator - RHCSA Vendor : RedHat Version : DEMO Get Latest & Valid EX200 Exam's Question
More informationProposals in Project Server 2007
Proposals in Project Server 2007 Summary: In Project Server 2007, users with the correct security permission can create a Proposal. Proposals enable a user to establish a rough project outline. A Proposal
More informationFile systems and Filesystem quota
File systems and Filesystem quota 8.1 Unit objectives After completing this unit, you should be able to: Describe what a file is Describe what a file system is List possible file systems Describe i-nodes
More informationTEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control
TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control Version 1.0, Last Edited 09/20/2005 Name of Students: Date of Experiment: Part I: Objective The objective of the exercises
More informationNetwork Administration/System Administration (NTU CSIE, Spring 2015) Homework #1. Homework #1
Submission Homework #1 Due Time: 2015/3/16 (Mon.) 17:00 Contact TAs: vegetable@csie.ntu.edu.tw Compress all your files into a file named StudentID.zip, which contains two folders named StudentID NA and
More informationFILESYSTEMS. Mmmm crunchy
FILESYSTEMS Mmmm crunchy PURPOSE So all this data... How to organize? Whose job? Filesystems! PERMISSIONS Linux supports 3 main types of access on a file: read: View the contents write: Modify the contents
More informationRemoving files and directories, finding files and directories, controlling programs
Removing files and directories, finding files and directories, controlling programs Laboratory of Genomics & Bioinformatics in Parasitology Department of Parasitology, ICB, USP Removing files Files can
More informationLinux Nuts and Bolts
Linux Nuts and Bolts David Morgan At the command line Cursor control type to insert del/ctrl-d to delete home/end for endpoints Filename completion tab after initial characters Command repetition uparrow
More informationCSE 390a Lecture 4. Persistent shell settings; users/groups; permissions
CSE 390a Lecture 4 Persistent shell settings; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1 2 Lecture summary
More informationSAMPLE CHAPTER SECOND EDITION. Don Jones Jeffery Hicks Richard Siddaway MANNING
SAMPLE CHAPTER SECOND EDITION Don Jones Jeffery Hicks Richard Siddaway MANNING PowerShell in Depth by Don Jones Jeffery Hicks Richard Siddaway Chapter 1 Copyright 2015 Manning Publications brief contents
More informationHow To Upload Your Newsletter
How To Upload Your Newsletter Using The WS_FTP Client Copyright 2005, DPW Enterprises All Rights Reserved Welcome, Hi, my name is Donna Warren. I m a certified Webmaster and have been teaching web design
More informationOutline. Cgroup hierarchies
Outline 4 Cgroups 4-1 4.1 Introduction 4-3 4.2 Cgroups v1: hierarchies and controllers 4-16 4.3 Cgroups v1: populating a cgroup 4-24 4.4 Cgroups v1: a survey of the controllers 4-38 4.5 Cgroups /proc files
More informationIntel Transactional Synchronization Extensions (Intel TSX) Linux update. Andi Kleen Intel OTC. Linux Plumbers Sep 2013
Intel Transactional Synchronization Extensions (Intel TSX) Linux update Andi Kleen Intel OTC Linux Plumbers Sep 2013 Elision Elision : the act or an instance of omitting something : omission On blocking
More informationFile access-control per container with Landlock
File access-control per container with Landlock Mickaël Salaün ANSSI February 4, 2018 1 / 20 Secure user-space software How to harden an application? secure development follow the least privilege principle
More informationFilename encoding. and case-insensitive filesystems. Gabriel Krisman Bertazi
Filename encoding and case-insensitive filesystems Gabriel Krisman Bertazi Why an encoding-aware FS? Traditional UNIX-like approach: Opaque byte sequences. Because the other kids
More informationFilesystem Hierarchy and Permissions
and Linux Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1/15 Multiuser and Server Operating System Linux systems are commonly used as a multi-user system E.g.
More informationModeling Access Rights Using the CRUD Security Cube: An Extension Incorporating Time
Modeling Access Rights Using the CRUD Security Cube: An Extension Incorporating Time Michael R. Collins, Ph.D., mcollins@highpoint.edu Department of Management Phillips School of Business High Point University
More informationLab #9: Configuring A Linux File Server
Lab #9 Page 1 of 6 Theory: Lab #9: Configuring A Linux File Server The Network File System (NFS) feature provides a means of sharing Linux file systems and directories with other Linux and UNIX computers
More informationNLUUG, Bunnik CloudABI: safe, testable and maintainable software for UNIX Speaker: Ed Schouten,
NLUUG, Bunnik 2015-05-28 CloudABI: safe, testable and maintainable software for UNIX Speaker: Ed Schouten, ed@nuxi.nl Programme What is wrong with UNIX? What is CloudABI? Use cases for CloudABI Links 2
More informationFile Services. Chapter 5. Topics in this Chapter: Understanding Windows File Systems. Understanding Linux File Systems
Chapter 5 File Services Topics in this Chapter: Understanding Windows File Systems Understanding Linux File Systems Understanding Permissions Management (Access Control) Understanding File Backup, Restore,
More informationSecure Architecture Principles
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel 1 Secure
More informationUser accounts and authorization
User accounts and authorization Authentication vs authorization Authentication: proving the identity of someone Authorization: allowing a user to access certain resources 1 Government authorization documents
More informationCSE 390a Lecture 4. Persistent shell settings; users/groups; permissions
CSE 390a Lecture 4 Persistent shell settings; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller and Ruth Anderson http://www.cs.washington.edu/390a/ 1 2 Lecture summary
More informationStatus of the Linux NFS client
Status of the Linux NFS client Introduction - aims of the Linux NFS client General description of the current status NFS meets the Linux VFS Peculiarities of the Linux VFS vs. requirements of NFS Linux
More informationBEST PRACTICES FOR DOCKER
BEST PRACTICES FOR DOCKER DG-08863-001 _v001 December 2018 Best Practices TABLE OF CONTENTS Chapter 1. NVIDIA Container Best Practices...1 1.1. Hello World For Containers... 1 1.2. Logging Into Docker...
More informationNPTEL Course Jan K. Gopinath Indian Institute of Science
Storage Systems NPTEL Course Jan 2012 (Lecture 24) K. Gopinath Indian Institute of Science FS semantics Mostly POSIX notions But not really fixed Many impl flexibilities/dependencies allowed Atomicity
More informationTMQL issues. October 14, slide 1
TMQL issues October 14, 2007 http://www.isotopicmaps.org slide 1 Support for transitive closures We think TMQL needs to support transitive closures on query expressions Something like root-node (
More informationCENG200 - Lab 2: Security, Simple Web Pages
Out: Sept 12, 2016 Due: Sept 26, 2016 (start of lecture) Preliminary Steps CENG200 - Lab 2: Security, Simple Web Pages A. When you log in for this lab, perform the following actions (one time only) chmod
More informationHIGH PERFORMANCE COMPUTING (PLATFORMS) SECURITY AND OPERATIONS
HIGH PERFORMANCE COMPUTING (PLATFORMS) SECURITY AND OPERATIONS AT PITT Kim F. Wong Center for Research Computing SAC-PA, June 22, 2017 Our service The mission of the Center for Research Computing is to
More informationrpaths Documentation Release 0.13 Remi Rampin
rpaths Documentation Release 0.13 Remi Rampin Aug 02, 2018 Contents 1 Introduction 1 2 Classes 3 2.1 Abstract classes............................................. 3 2.2 Concrete class Path............................................
More information1 / 23. CS 137: File Systems. General Filesystem Design
1 / 23 CS 137: File Systems General Filesystem Design 2 / 23 Promises Made by Disks (etc.) Promises 1. I am a linear array of fixed-size blocks 1 2. You can access any block fairly quickly, regardless
More informationProfessor: Kyle Jepson
CLASS 01 Introduction to Contacts, Filters, and Views Professor: Kyle Jepson HubSpot Sales Software Certification Brought to you by HubSpot Academy EVERYTHING YOU DO INSIDE HUBSPOT SALES WILL REVOLVE AROUND
More informationData Security and Privacy. Unix Discretionary Access Control
Data Security and Privacy Unix Discretionary Access Control 1 Readings for This Lecture Wikipedia Filesystem Permissions Other readings UNIX File and Directory Permissions and Modes http://www.hccfl.edu/pollock/aunix1/filepermissions.htm
More informationCS 200. User IDs, Passwords, Permissions & Groups. User IDs, Passwords, Permissions & Groups. CS 200 Spring 2017
CS 200 User IDs, Passwords, Permissions & Groups 1 Needed to control access to sharepoints and their contents Because Macs & PCs now support multiple accounts, user IDs and passwords are also needed on
More informationConnecting to a Tactical Subject Using The F-Response Accelerator on Linux
Mission Guide: TACTICAL v7 Connecting to a Tactical Subject Using The F-Response Accelerator on Linux Overview Step 1: Start the Tactical Subject... 1 Step 2: Mount the Tactical Examiner USB... 2 Step
More informationOptimizes the navigation and lets visitors search by categories, price ranges, color, and other product attributes.
Documentation / Documentation Home Layered Navigation Created by Unknown User (bondarev), last modified by Malynow, Alexey on Feb 22, 2016 Installation Set up cron Configuration Basic Configuration Filters
More informationYou can access data using the FTP/SFTP protocol. This document will guide you in the procedures for configuring FTP/SFTP access.
You can access data using the FTP/SFTP protocol. This document will guide you in the procedures for configuring FTP/SFTP access. Overview of Configuring FTP/SFTP Access In order to access data using the
More informationCephFS A Filesystem for the Future
CephFS A Filesystem for the Future David Disseldorp Software Engineer ddiss@suse.com Jan Fajerski Software Engineer jfajerski@suse.com Introduction to Ceph Distributed storage system based on RADOS Scalable
More informationLinux System Administration, level 1. Lecture 4: Partitioning and Filesystems Part II: Tools & Methods
Linux System Administration, level 1 Lecture 4: Partitioning and Filesystems Part II: Tools & Methods The sequence 1. Create one or more empty partitions 1a. (optional) Arrange them into a RAID or LVM
More informationEffective Visualization of File System Access-Control
Effective Visualization of File System Access-Control Alex Heitzmann Charalampos Papamanthou Roberto Tamassia CSI Brown University, RI, USA Bernardo Palazzi DIA Roma Tre University, IT ISCOM Ministry of
More informationThis section discusses the protocols available for volumes on Nasuni Filers.
Nasuni Corporation Boston, MA Introduction The Nasuni Filer provides efficient and convenient global access to your data. Nasuni s patented file system, UniFS, combines the performance and consistency
More informationThis lecture is covered in Section 4.1 of the textbook.
This lecture is covered in Section 4.1 of the textbook. A Unix process s address space appears to be three regions of memory: a read-only text region (containing executable code); a read-write region consisting
More informationIntroduction to Computer Security
Introduction to Computer Security UNIX and Windows Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Genesis: UNIX vs. MULTICS MULTICS (Multiplexed Information and Computing Service)
More informationSingularity in CMS. Over a million containers served
Singularity in CMS Over a million containers served Introduction The topic of containers is broad - and this is a 15 minute talk! I m filtering out a lot of relevant details, particularly why we are using
More informationTrust Separation on the XC40 using PBS Pro
Trust Separation on the XC40 using PBS Pro Sam Clarke May 2017 Overview About the Met Office workload Trust zone design Node configuration Lustre implementation PBS Implementation Use of hooks Placement
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationOS security mechanisms:
OS security mechanisms: Memory Protection: One of the important aspects of Operating system security is Memory Protection. Memory provides powerful indirect way for an attacker to circumvent security mechanism,
More informationDiscretionary Access Control (DAC)
CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 7 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 Authentication, Authorization, Audit AAA
More informationRESOURCE MANAGEMENT MICHAEL ROITZSCH
Department of Computer Science Institute for System Architecture, Operating Systems Group RESOURCE MANAGEMENT MICHAEL ROITZSCH AGENDA done: time, drivers today: misc. resources architectures for resource
More information