linux file permissions
play

Linux File Permissions Engineering Secure Software Last Revised: - PowerPoint PPT Presentation

Apr 21, 2023 •167 likes •459 views

Linux File Permissions Engineering Secure Software Last Revised: August 26, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Review: Principle of Least Privilege Every user, thread, process, module needs permissions to run

  1. Linux File Permissions Engineering Secure Software Last Revised: August 26, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1

  2. Review: Principle of Least Privilege Every user, thread, process, module needs permissions to run ● Give the least amount of privilege necessary to function ● Dangers of sudo ● e.g. secretary vs. custodian vs. salesperson vs. developer ● SWEN-331: Engineering Secure Software Benjamin S Meyers 2

  3. Linux File Permissions Each file and directory has bits for: ● Read: r ○ Write: w ○ Execute: x ○ Bits work like you expect for files ● For directories: ● r → “can list files in a directory” (but not read a given file) ○ w → “can create, change, delete files in a directory” ○ x → “cannot cd (change directory) to that directory” ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 3

  4. Linux File Permissions Thus, you may only read a file IFF you: ● Have read ( r ) permissions to the file AND ○ Have execute ( x ) permissions to that file’s directory ○ Files and directories have 3 levels of permissions: ● Owner, Group, and Everyone Else ○ aka: User ( u ), Group ( g ), Other ( o ) ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 4

  5. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb SWEN-331: Engineering Secure Software Benjamin S Meyers 5

  6. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb . (one dot) → current directory ● .. (two dots) → parent directory ● SWEN-331: Engineering Secure Software Benjamin S Meyers 6

  7. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb d → directory ● - → regular file ● l → symlink (that’s a lowercase “L”, not the number “1”) ● SWEN-331: Engineering Secure Software Benjamin S Meyers 7

  8. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Octets ● user/owner permissions ○ group permissions ○ other permissions ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 8

  9. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Can andy execute myprog.py ? ● SWEN-331: Engineering Secure Software Benjamin S Meyers 9

  10. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Can andy execute myprog.py ? ● No, andy is not the owner of myprog.py , and the faculty group ○ (which andy is a member of) does not have permission to execute ( x ) myprog.py SWEN-331: Engineering Secure Software Benjamin S Meyers 10 10

  11. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Can both kal and andy execute ourprog.rb ? ● SWEN-331: Engineering Secure Software Benjamin S Meyers 11 11

  12. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Can both kal and andy execute ourprog.rb ? ● Yes, everyone in the faculty group can execute ( x ) ourprog.rb ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 12 12

  13. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Can andy read ourprog.rb ? ● SWEN-331: Engineering Secure Software Benjamin S Meyers 13 13

  14. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Can andy read ourprog.rb ? ● Yes, because andy has read ( r ) permissions to the ourprog.rb ○ and execute ( x ) permissions to ourprog.rb ’s parent directory SWEN-331: Engineering Secure Software Benjamin S Meyers 14 14

  15. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Can andy change directory ( cd ) into mydir ? ● SWEN-331: Engineering Secure Software Benjamin S Meyers 15 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017

Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017

Linux Filesystem Hierarchy inodes Permissions Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1/15 Linux Multiuser and Server Operating System

195 views • 15 slides
More Linux Piping and Redirection Fundamentals of Computer Science Outline File and

More Linux Piping and Redirection Fundamentals of Computer Science Outline File and

More Linux Piping and Redirection Fundamentals of Computer Science Outline File and Directory Permissions File Content Finding Files Sorting Files File Compression Processes Pipes Input/Output Redirection

562 views • 21 slides
The chmod Command By: Nic Stephens and Kelly OLeary S What is it? S A Unix/Linux

The chmod Command By: Nic Stephens and Kelly OLeary S What is it? S A Unix/Linux

The chmod Command By: Nic Stephens and Kelly OLeary S What is it? S A Unix/Linux command S Ch ange Mod e S Changes permissions of a given file Symbolic Mode Type of User Letter/Operator User who owns it u Users in the

238 views • 10 slides
Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux

Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux

Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux History Linux Architecture Logging in to Linux Command Format Linux Filesystem Directory and File Commands Wildcard Characters

686 views • 19 slides
Linux File Systems Adrien schischi Schildknecht July 18, 2014 Why FS matters Linux File

Linux File Systems Adrien schischi Schildknecht July 18, 2014 Why FS matters Linux File

Linux File Systems Adrien schischi Schildknecht Linux File Systems Adrien schischi Schildknecht July 18, 2014 Why FS matters Linux File Systems Adrien schischi Schildknecht Overhead: non-volatile memory is often the

621 views • 42 slides
Taking Linux File and Storage Systems into the Future Ric Wheeler Director Kernel File and

Taking Linux File and Storage Systems into the Future Ric Wheeler Director Kernel File and

Taking Linux File and Storage Systems into the Future Ric Wheeler Director Kernel File and Storage Team Red Hat, Incorporated 1 1 Overview Going Bigger Going Faster Support for New Hardware Current Areas of Focus

703 views • 37 slides
CSCI 2132 Software Development Lecture 5: File Permissions Instructor: Vlado Keselj Faculty of

CSCI 2132 Software Development Lecture 5: File Permissions Instructor: Vlado Keselj Faculty of

CSCI 2132 Software Development Lecture 5: File Permissions Instructor: Vlado Keselj Faculty of Computer Science Dalhousie University 14-Sep-2018 (5) CSCI 2132 1 Previous Lecture Files and Directories Pathnames Commands for

571 views • 25 slides
A Study of Linux File System Evolution Lanyue Lu Andrea C. Arpaci-Dusseau Remzi H.

A Study of Linux File System Evolution Lanyue Lu Andrea C. Arpaci-Dusseau Remzi H.

A Study of Linux File System Evolution Lanyue Lu Andrea C. Arpaci-Dusseau Remzi H. Arpaci-Dusseau Shan Lu University of Wisconsin - Madison Local File Systems Are Important Local File Systems Are Important Windows Mac Linux Local File

1.77k views • 159 slides
Linux file paths (Nearly?) anyplace you can specify a file or directory you can also include

Linux file paths (Nearly?) anyplace you can specify a file or directory you can also include

Linux file paths (Nearly?) anyplace you can specify a file or directory you can also include the path to that file or directory Paths can be expressed as absolute paths or relative paths Relative paths are evaluated using your current

400 views • 5 slides
Directories & Continuation This Week: How to program with directories more Reading:

Directories & Continuation This Week: How to program with directories more Reading:

Overview Last Week: Efficiency read/write The File File pointer Unix System Programming File control/access Permissions, Meta Data, Ownership, umask, holes Directories & Continuation This Week: How to program with

518 views • 9 slides
$ linux 101 Presented by: Shanelle Ileto $ what are we learning today? An introduction to

$ linux 101 Presented by: Shanelle Ileto $ what are we learning today? An introduction to

$ linux 101 Presented by: Shanelle Ileto $ what are we learning today? An introduction to Linux Linux filesystem The terminal Basic Linux commands Some tips and tricks User and group management File and owner

1.26k views • 72 slides
Internal Roles Internal features: privileged mode, memory protection, file access permissions,

Internal Roles Internal features: privileged mode, memory protection, file access permissions,

Internal Roles Internal features: privileged mode, memory protection, file access permissions, etc. What do they accomplish? What is the real goal? Whom do we protect Internal features protect the operating system against users

536 views • 26 slides
COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne Outline Permissions: Part 2 umask - Set Default Permissions Special Permissions Changing Identities su - Run a New Shell as Another

288 views • 11 slides
Teaching Acknowledgement & Permissions Acknowledgement & Permissions Reading/Language

Teaching Acknowledgement & Permissions Acknowledgement & Permissions Reading/Language

Teaching Acknowledgement & Permissions Acknowledgement & Permissions Reading/Language Arts to Several of the slides used in this presentation All Students were originally created by one or more of the following individuals and are

526 views • 26 slides
Basics of C Programming file and directory operations file/dir permissions and changing

Basics of C Programming file and directory operations file/dir permissions and changing

CSC 4304 - Systems Programming Summary of Last Class Fall 2010 Basics of UNIX: logging in , changing password Lecture - II text editing with vi, emacs and pico Basics of C Programming file and directory operations

413 views • 5 slides
Set-UID Privileged Programs Need for Privileged Programs Password Dilemma Permissions of

Set-UID Privileged Programs Need for Privileged Programs Password Dilemma Permissions of

Set-UID Privileged Programs Need for Privileged Programs Password Dilemma Permissions of /etc/shadow File: How would normal users change their password? Two-Tier Approach Implementing fine-grained access control in operating

576 views • 31 slides
Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC Is the

Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC Is the

Bypassing the Android Permission Model Georgia Weidman Founder and CEO, Bulb Security LLC Is the permission model working? Are users making good decisions? Most Popular Android App Demo App abusing permissions Demo explained Permissions:

819 views • 43 slides
Ticketing System - migration to RT Iwo Olszewski, PSNC iwo@man.poznan.pl 7th TF-NOC meeting,

Ticketing System - migration to RT Iwo Olszewski, PSNC iwo@man.poznan.pl 7th TF-NOC meeting,

Ticketing System - migration to RT Iwo Olszewski, PSNC iwo@man.poznan.pl 7th TF-NOC meeting, December 13, 2012 Agenda Migration background Request Tracker PSNC installation Migration Lessons learnt Migration

468 views • 11 slides
polymake 2.12 (and beyond) GTS 2012 Michael Joswig w/ Ewgenij Gawrilow and many others TU

polymake 2.12 (and beyond) GTS 2012 Michael Joswig w/ Ewgenij Gawrilow and many others TU

polymake 2.12 (and beyond) GTS 2012 Michael Joswig w/ Ewgenij Gawrilow and many others TU Darmstadt Chapel Hill, June 19, 2012 The polymake System software for research in: geometric combinatorics: convex polytopes algebraic geometry

294 views • 10 slides
CSCI 4152/6509 Natural Language Processing Lab 3: Perl Tutorial 3 Lab Instructor: Dijana

CSCI 4152/6509 Natural Language Processing Lab 3: Perl Tutorial 3 Lab Instructor: Dijana

CSCI 4152/6509 Natural Language Processing Lab 3: Perl Tutorial 3 Lab Instructor: Dijana Kosmajac, Tukai Pain Faculty of Computer Science Dalhousie University 29/31-Jan-2020 (3) CSCI 4152/6509 1 Lab Overview We will continue with the

260 views • 25 slides
: Programming with Typestates and Permissions Jonathan Aldrich 15-214 December 2013 School of

: Programming with Typestates and Permissions Jonathan Aldrich 15-214 December 2013 School of

: Programming with Typestates and Permissions Jonathan Aldrich 15-214 December 2013 School of Computer Science APIs Define Protocols APIs often define object protocols Protocols restrict possible orderings of method calls

417 views • 24 slides
On Permissions, Inheritance and Role Hierarchies Jason Crampton Information Security Group

On Permissions, Inheritance and Role Hierarchies Jason Crampton Information Security Group

On Permissions, Inheritance and Role Hierarchies Jason Crampton Information Security Group Royal Holloway, University of London Introduction The role hierarchy is central to most RBAC models Modelled as a partially ordered set R

834 views • 25 slides
Role-Based Access Control CS461/ECE422 Spring 2012 Reading

Role-Based Access Control CS461/ECE422 Spring 2012 Reading

Role-Based Access Control CS461/ECE422 Spring 2012 Reading Material Chapter 4, sec?ons 4.5 and 4.6 [SFK00] DAC vs RBAC DAC Users, Groups

415 views • 25 slides
Hardware Supported Permission Checks On Persistent Objects for Performance and Programmability

Hardware Supported Permission Checks On Persistent Objects for Performance and Programmability

Hardware Supported Permission Checks On Persistent Objects for Performance and Programmability Tiancong Wang, Sakthikumaran Sambasivam, James Tuck twang14@ncsu.edu or jtuck@ncsu.edu 1 NVM Programming 2 NVM Programming

1.67k views • 98 slides

More recommend