CS/CIS 249 SP18 - Intro to Information Security

Similar documents
TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control

TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control

Hands-on Keyboard: Cyber Experiments for Strategists and Policy Makers

CST8207: GNU/Linux Operating Systems I Lab Six Linux File System Permissions. Linux File System Permissions (modes) - Part 1

Commands are in black

CST Lab 2 Review #1

Lab 2A> ADDING USERS in Linux

Unix Filesystem. January 26 th, 2004 Class Meeting 2

Lab Working with Linux Command Line

Working with Basic Linux. Daniel Balagué

5/8/2012. Encryption-based Protection. Protection based on Access Permission (Contd) File Security, Setting and Using Permissions Chapter 9

Introduction to the UNIX command line

Welcome to getting started with Ubuntu Server. This System Administrator Manual. guide to be simple to follow, with step by step instructions

Filesystem Hierarchy and Permissions

Filesystem Hierarchy and Permissions

Unix File System. Class Meeting 2. * Notes adapted by Joy Mukherjee from previous work by other members of the CS faculty at Virginia Tech

Operating systems fundamentals - B10

Files (review) and Regular Expressions. Todd Kelley CST8207 Todd Kelley 1

Introduction to Linux

CSE 390a Lecture 3. Multi-user systems; remote login; editors; users/groups; permissions

INTRODUCTION TO LINUX

Assume that username is cse. The user s home directory will be /home/cse. You may remember what the relative pathname for users home directory is: ~

Operating Systems. Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) alphapeeler.sf.net/pubkeys/pkey.htm

Chapter 8: Security under Linux

Files and Directories

Operating Systems. Copyleft 2005, Binnur Kurt

Chapter Two. Lesson A. Objectives. Exploring the UNIX File System and File Security. Understanding Files and Directories

Operating Systems 3. Operating Systems. Content. What is an Operating System? What is an Operating System? Resource Abstraction and Sharing

UNIX File Hierarchy: Structure and Commands

Unix Introduction to UNIX

Linux Kung-Fu. James Droste UBNetDef Fall 2016

CSE 303 Lecture 4. users/groups; permissions; intro to shell scripting. read Linux Pocket Guide pp , 25-27, 61-65, , 176

Course 144 Supplementary Materials. UNIX Fundamentals

Contents. Note: pay attention to where you are. Note: Plaintext version. Note: pay attention to where you are... 1 Note: Plaintext version...

Outline. Structure of a UNIX command

CST8207: GNU/Linux Operating Systems I Lab Seven Linux User and Group Management. Linux User and Group Management

Perl and R Scripting for Biologists

CST8207: GNU/Linux Operating Systems I Lab Seven Linux User and Group Management. Linux User and Group Management

Introduction to Linux. Woo-Yeong Jeong Computer Systems Laboratory Sungkyunkwan University

CSE 390a Lecture 4. Persistent shell settings; users/groups; permissions

Introduction to Unix May 24, 2008

Processes are subjects.

Overview LEARN. History of Linux Linux Architecture Linux File System Linux Access Linux Commands File Permission Editors Conclusion and Questions

NETW 110 Lab 5 Creating and Assigning Users and Groups Page 1

Practical Session 0 Introduction to Linux

Overview of the UNIX File System. Navigating and Viewing Directories

h/w m/c Kernel shell Application s/w user

commandname flags arguments

Due: February 26, 2014, 7.30 PM

CSE 390a Lecture 4. Persistent shell settings; users/groups; permissions

Processes are subjects.

Lab Authentication, Authorization, and Accounting

Linux Systems Administration Getting Started with Linux

Linux/Cygwin Practice Computer Architecture

CSCI 2132 Software Development. Lecture 5: File Permissions

The kernel is the low-level software that manages hardware, multitasks programs, etc.

Overview of the UNIX File System

Introduction to Linux

bash startup files Linux/Unix files stty Todd Kelley CST8207 Todd Kelley 1

Chapter-3. Introduction to Unix: Fundamental Commands

FILESYSTEMS. Mmmm crunchy

Capability and System Hardening

Session 1: Accessing MUGrid and Command Line Basics

INF322 Operating Systems

1 Installation (briefly)

CSCI 2132 Software Development. Lecture 4: Files and Directories

A Big Step. Shell Scripts, I/O Redirection, Ownership and Permission Concepts, and Binary Numbers

LAB #7 Linux Tutorial

PESIT Bangalore South Campus

Exercise Sheet 2. (Classifications of Operating Systems)

Linux Operating System Environment Computadors Grau en Ciència i Enginyeria de Dades Q2

Introduction to Linux

This lab exercise is to be submitted at the end of the lab session! passwd [That is the command to change your current password to a new one]

CS Fundamentals of Programming II Fall Very Basic UNIX

CENG 334 Computer Networks. Laboratory I Linux Tutorial

Linux Essentials. Programming and Data Structures Lab M Tech CS First Year, First Semester

: the User (owner) for this file (your cruzid, when you do it) Position: directory flag. read Group.

Operating Systems Lab 1 (Users, Groups, and Security)

5/8/2012. Creating and Changing Directories Chapter 7

Intro to Linux. this will open up a new terminal window for you is super convenient on the computers in the lab

Unix/Linux Basics. Cpt S 223, Fall 2007 Copyright: Washington State University

Operating Systems Lab

Exercise 4: Access Control and Filesystem Security

1. Open VirtualBox and start your linux VM. Boot the machine and log in with the user account you created in Lab #1. Open the Terminal application.

Basic Survival UNIX.

CS 215 Fundamentals of Programming II Spring 2019 Very Basic UNIX

CS4350 Unix Programming. Outline

User & Group Administration

User accounts and authorization

Exploring UNIX: Session 3

Essential Unix and Linux! Perl for Bioinformatics, ! F. Pineda

UNIT 10 Ubuntu Security

Presented by Bill Genske Gary Jackson

Lec 1 add-on: Linux Intro

CSE 303 Lecture 2. Introduction to bash shell. read Linux Pocket Guide pp , 58-59, 60, 65-70, 71-72, 77-80

A Brief Introduction to the Command Line. Hautahi Kingi

Using the aregcmd Commands

Mills HPC Tutorial Series. Linux Basics I

CSI 402 Lecture 11 (Unix Discussion on Files continued) 11 1 / 19

Scripting. Shell Scripts, I/O Redirection, Ownership and Permission Concepts, and Binary Numbers

Transcription:

Lab assignment CS/CIS 249 SP18 - Intro to Information Security Lab #2 - UNIX/Linux Access Controls, version 1.2 A typed document is required for this assignment. You must type the questions and your responses in your favorite word processor or text editor. Be sure to put your name, date, and the phrase UNIX/Linux Access Controls on the top of the first page of your document. Submit your completed document to Canvas. UNIX/Linux File hierarchy The UNIX/Linux file system is organized as a hierarchy with the root (/) at the highest level. The hierarchy may be visualized as a tree with the root at the top and branches extending downward. This hierarchical scheme is common to many systems including MS-Windows, Apple, Android, and UNIX/Linux. Typically, some of the directories that may occur under the root in UNIX/Linux are usr, bin, sbin, home, var, boot, dev, and etc. In the figure shown below, user1 and user2 are sub-directories under home. hello.txt is a plain-text file and link hello is a link that points to hello.txt. Ownership and Permissions Ownership of files in UNIX/Linux can be granted in three categories: owner (creator), group, or others. Using this simple notion of ownership access to files can be controlled associating unique user ID (UID) and group ID (GID) with twelve permission bits for each file. Typically these bits are divided into three sets of three bits and three extra bits as shown in table below. r, w and x bits stand for read, write and execute bits for each of the owner, group and others permissions. su, sg and t stand for set user id, set group id and sticky bit. These 4 sets of bits are often represented as octal digits. For example the binary setting 100 111 101 101 is 4755 in octal notation. When the su bit is set the UID of the process will be the owner of the file. Similarly, if sg is set, the GID of the process will be the group of the file. 1

Getting help on UNIX/Linux commands UNIX/Linux has an extensive online documentation for system commands. The system software documentation is organized in a set of manual pages called man pages. The manuals are arranged into sections as follows: 1 General commands (tools and utilities) 2 System calls and error numbers 3 Library functions for programmers 3p perl programmer s reference 4 Device drivers 5 File formats 6 Games 7 Miscellaneous information 8 System maintenance and operation commands 9 Kernel internals You may search the man pages with the apropos command. For example, to search man pages for help on setting up and maintaining users you would type apropos users and the command prompt. To read a particular man page, for example the useradd page, type man useradd at the command prompt. Th navigate the man page use the PAGE UP and PAGE DOWN keys or the and keys. Type q to quit (exit) the man page or scroll all the way to the bottom to automatically exit. 2

Lab activity Exercise 1.1: Setting up File Structure and User space The objective of this first exercise is to setup the file hierarchy structure shown in the figure above and the user accounts that are required for the remaining exercises. The su command is used to switch users. After you su to a user, perform the required actions and then type exit to return to the root user. Typically, su is used to temporarily elevate your privileges from a regular (restricted) user to the administrator in order to perform some administrative task. However, it can also be used to temporarily become another user to complete a task. You may learn more about the su command and the sudo command by reading the respective manual pages. Note that our VM, OpenBSD, has replaced sudo with a command called doas. The MS-Windows equivalent of su is called runas. These exercises will introduce several new UNIX/Linux commands. You may wish to read the system manual (help) on the commands in order to understand what each command does. To read the man page for a command, type man followed by the name of the command. For example to read about the switch user command su, type man su. You may use the arrow keys or the Page-Up and Page-Down keys to navigate the man page. When you want exit the man page, type the letter q. Complete the following tasks to create the environment: 1. Login to the VM with the username root and the password infosec2016. Note that no text will appear as you are typing the password. Think about why a login would be designed this way. 2. Use the useradd command to create two new users, user1 and user2 as follows: a. useradd -m -G users user1 b. useradd -m -G users user2 The G option adds a secondary group to the user and the m option creates the user s home directory. The new user won t be able to login yet though because they don t have a password. 3. Use the passwd command to set the password for the users you created (required in the case you want to log in). For convenience, set both passwords to the same value MyUserPass88. You need to retype the passwords and ignore any password warnings (note: no text will appear as you type): a. passwd user1 b. passwd user2 4. Check user information with the id command. Note the uid, gid for each output. a. id user1 b. id user2 5. Create the following directory structure: a. mkdir /test b. mkdir /test/temp (Hint: read the man page for how to create both directories in one step) 3

Next, we ll switch between users and check what privileges we have. To switch users use th esu command. The dash following the command means we want to niherit the user s full environment just the same as if we logged in as that user. You may find out more about the su command by typing man su at the command prompt. 6. Switch user roles to user1 and then back to root using the su command: a. whoami b. id c. su - user1 d. whoami e. id f. exit g. whoami h. id Notice that the prompt changes between a # and $. 7. Create a new file as the root user: a. touch /home/user2/helloworld b. ls -l /home/user2/helloworld What is the owner (UID) and group (GID) of the new file? The utility ls is used to list files. To see the privileges, owner, group, and other information about each file or directory use a long listing by typing ls -l (ell ess followed by a space, a dash, and a lower case ell). Note the parameter is not the digit one (1), it is a lower case L. 8. Change the group ownership and the user ownership of the file: a. chgrp users /home/user2/helloworld b. chown user2 /home/user2/helloworld c. ls -l /home/user2/helloworld What is the owner (UID) and group (GID) of the file now? 4

Exercise 1.2: Differences in File and Folder Permissions The objective of the following exercise is to observe the differences between file and folder (directory) permissions. The chmod command will be used to change file and directory permission to demonstrate the differences in permission bits for files and directories. 1. Observe the result of ls and cd commands: a. cd / b. ls -l c. ls -al /home What are the permissions for user1, user2 and test directories? Next, we ll use the pwd command to determine our present working directory and the shell s cd command to change directory. Use the man pages to find out more with man pwd. 2. Observe the result of ls and cd commands: a. su - user1 b. pwd c. ls -al /home/user2 d. cd /home/user2 e. pwd f. ls -al /home/user2 g. exit Could you list the /home/user2 directory as user1? Could you change to the /home/user2 directory as user1? To change the permissions on a file, use the chmod change mode command. The permissions may be described in several formats. We ll use the octal format described on page 1. 3. Change directory permissions of user2 directory and try again as user1 : a. chmod 740 /home/user2 b. Repeat steps 2a to 2g (Can you list or change directory now?) c. chmod 750 /home/user2 d. Repeat steps 2a to 2g (Can you list or change directory?) e. chgrp users /home/user2 f. Repeat steps 2a to 2g (Can you list or change directory?) g. chgrp user2 /home/user2 h. chmod 755 /home/user2 5

4. Create a file in another user s home folder. 1. su - user1 2. touch /home/user2/hello12.txt (Can you create new file? What are the rights?) 3. exit 4. chmod 777 /home/user2 5. su - user1 6. Repeat step 4b. (Can you create new file? What are the rights?) 7. ls -l /home/user2 8. exit 9. chmod 755 /home/user2 Alternative syntax for chmod command Suppose we want to set the access permissions for the file hello.txt to: set the su bit only, allow all access permissions to the owner, read and execute rights to the group, and only read rights to others. In other words, the 12 bit permission setting on the file hello.txt in binary would be 100 111 101 100. We can set these permissions many different ways according to the chmod man page: 1. chmod 4754 hello.txt 2. chmod u+srwx,g+rx,o+r hello.txt 3. chmod u=srwx,g=rx,o=r hello.txt If you want to try these settings be sure to cd /home/user2 first, then touch hello.txt to create the file. Use ls -l to see the change in permissions. When you re done, change back to the root directory by typing cd (cd without a path returns the user to their home folder). 6

Exercise 1.3: New text files and linking files In order to understand how links work in UNIX/Linux we need to know just a bit about files and directories. The information about every file or directory is kept in a data structure called an inode. Data such as file name, access privileges, timestamps, and where the file is located on the media are all stored in the inode. The stat utility displays information about a file. UNIX/Linux supports two kinds of link files a hard link and a symbolic link. A hard link is a file that points to another file s inode. A symbolic link is a reference to another file, not the inode. Links are used for maintaining the appearance of multiple copies of a file without actually storing duplicates of the file. 1. In the /test/temp directory create a new text file named hello.txt and fill it with some random text. cat /dev/urandom tr -dc a-za-z0-9 fold -w 64 head -n 1 > /test/temp/hello.txt 2. Create a link named link hello in the test folder pointing to hello.txt in the temp folder (refer to file hierarchy above): a. cd / b. ln -s /test/temp/hello.txt /test/link hello c. ls -l /test/temp d. cat /test/temp Is there any difference in the file permissions of link hello and hello.txt? a. ls -l /test b. cat /test/link hello What is the output from the cat command? Is the output the same as cat /test/temp or different? 7

Exercise 1.4: Default file permissions and Group access control Whenever a new file is created a default set of permissions is assigned to it. Whatever the permissions are, UNIX/Linux systems allow the user to change the permissions set by default. This default setting can be set by the user using the umask command. Some common umask values are 077 (only user has permissions), 022 (only owner can write), 002 (only owner and group members can write), etc. To determine the default file or directory mode from the umask do the following: file: subtract the umask value from 666 to obtain the mode directory: subtract the umask value from 777 to obtain the mode 1. Use the umask command to check the current mask permission and assign a new mask. Execute the umask command. What is the current mask? How is it interpreted? Execute the following commands: a. cd /test b. touch testmask1 c. ls -l What are the permissions of the file testmask1? Execute the following commands: a. umask 0077 b. touch testmask2 c. ls -l What are the permissions of the file testmask2 Reset the umask to the default: a. umask 0022 What does it mean if the umask is set to 0000? The risk of setting the 3 most significant bits (MSB) of the umask will be discussed in the next exercise. What should the umask be to insure that the 3 MSB are unset? 8

Exercise 1.5: The setuid bit, setgid bit and sticky bit As explained in the ownership and permission section, the highest three bits (3 MSB) of the permission value of a file represent the setuid bit, setgid bit and the sticky bit. If the setuid bit is set then the uid will always be set to the owner of the file during execution. If the setuid bit is not set then the uid will be the user who executes the process. Similarly, if the setgid bit is set then the gid will be set to the group that owns the file during execution. If the setgid bit is not set then the gid will be the group that executes the process. The original meaning of the sticky bit was to keep processes in main memory when the bit was set. This meaning has been abandoned in nearly all variants of UNIX/Linux and now the sticky bit means that only the owner or root can delete the file regardless of other permissions. When the sticky bit is set, only the owner or root can rename or delete the file regardless of the directory permissions. If the sticky bit is unset, any user with write and execute permissions on the directory can rename or delete file, regardless of the file s owner. In the following exercise, the objective is to demonstrate how processes are affected when the setuid bit is set. Execute the following commands and answer the associated questions: a. which touch b. ls -l /usr/bin/touch c. chmod 4555 /usr/bin/touch d. ls -l /usr/bin/touch e. ls -l /home/user2 f. chmod 700 /home/user2/helloworld g. ls -l /home/user2 (observe timestamp and permissions) h. su - user1 i. touch /home/user2/helloworld j. ls -l /home/user2 (observe timestamp, is it updated?) k. exit l. chmod 0555 /usr/bin/touch m. su - user1 n. touch /home/user2/helloworld (explain why you receive a permission denied error?) o. exit If you do not want to keep the changes you ve made to your VM in this lab, just delete it and re-import the original VM. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback