#7 linux tutorial for beginners-Unix Security Model and Utilities-II. linux tutorial for beginners 6 Unix Security Model and Utilities-II. To Learn or Teach Linux visit www.theskillpedia.com, A Marketplace for Learners and Trainers. For Corporate Training Requirements Visit My Website www.rnsangwan.com
The Linux Security Model
Users and groups are used to control access to files and resources.
User log in to the system by supplying their user name and password.
Every file on the system is owned by a user and associated with a group.
Every process has a owner and group affiliation, and can only access the resources it’s owner or group can access.
Every user of the system is assigned a unique User ID number.
Users’ names and uids are stored in /etc/passwd
Users are assigned a home directory and a program that is run when they log on.
User cannot read, write or execute each others’ files without permission.
Users are assigned to groups with unique group ID numbers.
gids are stored in /etc/group.
Each user is given their own private group.
They can also be added to other groups to gain additional access.
All users in a group can share files that belong to the group.
The primary group can be changed using the newgrp command.
The root user
The root user: a special administrative account.
Sometimes called the superuser.
root has complete control over the system.
An ultimate capacity to damage the system.
You should not log in as root without a very good reason.
Normal users’ potential to do a damage is limited.
Linux File Security
Every file and directory has permissions set that determine who can access it.
Permission are set for:
The owner of the file
The group members
Permissions that are set are called read, write, and execute permissions.
Four symbols are used when displaying permissions:
r permission to read a file or list a directory’s content
w permission to write to a file or create of remove files from a directory.
x permission to execute a program or change into a directory and do a long listing of the directory.
- no permission
A file may be removed by anyone who has write permission to the directory in which the file resides regardless of the ownership or permissions on the file itself.
The first character of the long listing is the file type.
Linux Process Security
When a process accesses a file the user and the group of the process are compared with the user and group of the file.
If the user matches, the user permission apply.
If the group matches, but the user doesn’t, the group permission apply.
If neither match, the other permissions apply.
Every process runs as a under the authority of a particular user and with the authority of one or more groups, this is called the process’s security context.
Changing Permissions- Symbolic Method
To change access modes:
chmod -R mode file…
Where mode is:
u,g or o a : for user, group and other
+ or – : for grand or deny
r,w or x : for read, write and execute
ugo+r Grant read access to all.
o-wx Deny write and execute to others.
Multiple comma separated operations can be give in a single command
Changing permissions- Numeric Method
Uses a three-digit mode number.
First digit specifies owner’s permissions.
Second digit specifies group permissions.
Third digit represents other’s permissions.
Permissions are calculated by adding:
4 for read
2 for write
1 for execute
chmod 640 sangwan.dat
Configuring the Bash Shell
The Shell is configured through a variety of mechanisms:
Aliases and functions
The set and shopt commands
The shell can also configure other commands or applications through environment variables.
A variable is a label that has a value.
Used to configure the shell or other programs.
Variables are resident in memory.
Two types: local and environment
Local Variables are used only by the shell.
Environment variables are passed onto other commands.
Display variables and values using:
set to display all variables.
env to display environment variables.
The set, env and echo commands can be used to display all variables, environment variables, and a single variable value, respectively.
$ set | more
$ env | less
$ echo $HOME
$ HOME=/home/abi; export HOME
$ echo $HOME
Configure the Shell: Local Variables
Data in Shell scripts and environment settings stored in variables.
Conventionally all upper-case.
Setting variable value:
To retrieve variable value, use $ before the variable name
For a list of variables that configure the shell, see the Shell Variables section of the bash man page.
Common Local Variables
Tags: #7 linux tutorial for beginners-Unix Security Model and Utilities-II, Unix (Operating System), Unix Security, GNU/Linux (Operating System), Software (Industry), Linux Security Model, Unix File Permissions, Sticky Bit, Unix Utilities, RHEL Security, Tutorial, RHEL File Permissions