Chapter 8 File System Security File Protection Schemes

  • Slides: 19
Download presentation
Chapter 8 File System Security

Chapter 8 File System Security

File Protection Schemes • Login passwords • Encryption • File Access Privileges

File Protection Schemes • Login passwords • Encryption • File Access Privileges

Figure 8. 1 The process of encryption and decryption

Figure 8. 1 The process of encryption and decryption

File Access Rights • Types of Users: – Owner – Group – All/Other •

File Access Rights • Types of Users: – Owner – Group – All/Other • Types of Permissions: – Read – Write – Execute • Types of Files – Directories – Other files

Table 8. 1 Summary of File Permissions in LINUX

Table 8. 1 Summary of File Permissions in LINUX

Directory Permissions • read = list files in the directory • write = add

Directory Permissions • read = list files in the directory • write = add new files to the directory • execute = access files in the directory

Determining File Access Rights

Determining File Access Rights

Table 8. 2 Permission Values

Table 8. 2 Permission Values

Table 8. 3 Permissions for Access to courses, labs, and temp

Table 8. 3 Permissions for Access to courses, labs, and temp

Changing the Access Rights Purpose – to set/change permissions in files • chmod [options]

Changing the Access Rights Purpose – to set/change permissions in files • chmod [options] octal-mode filelist • chmod [options] symbolic-mode filelist Options • -R recursively process subdirectories

Table 8. 4 Values for Symbolic Mode Components

Table 8. 4 Values for Symbolic Mode Components

Table 8. 5 Examples of the chmod Commands and Their Purposes

Table 8. 5 Examples of the chmod Commands and Their Purposes

Table 8. 5 Examples of the chmod Commands and Their Purposes

Table 8. 5 Examples of the chmod Commands and Their Purposes

Figure 8. 2 Position of file type and access privilege bits for LINUX files

Figure 8. 2 Position of file type and access privilege bits for LINUX files (as seen by “ls –l” command)

Figure 8. 3 Position of access privilege bits for LINUX files as specified in

Figure 8. 3 Position of access privilege bits for LINUX files as specified in the chmod command

Default File Access Rights • umask is a bitmap which tells which permissions to

Default File Access Rights • umask is a bitmap which tells which permissions to deny by default on new files • 022 = 000 010 (deny write for g+o) rwx r-x (new files permissions) • umask with no parameters returns the current mask value • umask newmask - sets new mask • umask command usually used in a startup file

SUID Bit • A special permission bit that allows executable files to run using

SUID Bit • A special permission bit that allows executable files to run using the privileges of the owner of the files rather than the user of the file • Can be set using commands: chmod u+s filelist chmod 4 xxx filelist • Shows up in ls - l in place of the user x bit as an s if the file is executable - (rwsrwxrwx) • Very dangerous to use

SGID Bit • A special permission bit that allows executable files to run using

SGID Bit • A special permission bit that allows executable files to run using the privileges of the owner’s group rather than the user of the file • Set using the commands chmod g+s filelist chmod 2 xxx filelist

Sticky Bit • A special bit that can be used as follows: • For

Sticky Bit • A special bit that can be used as follows: • For a file: it directs the operating system to keep the program in memory if possible after it finishes execution (Early versions of UNIX) • For a directory: it sets it up such that only the owner of the directory can delete (or rename) files from the directory, even if other users have write privilege (tmp) • Can be set using the chmod command using the options: chmod +t filelist • Shows up in “ls –l” as a t - (rwxrwxrwt)

Communication Aided Protection Schemes Pilot Relay Schemes TribhuwanCommunication Aided Protection Schemes Pilot Relay Schemes Tribhuwan
Module 4 File Security File Security Security OverviewModule 4 File Security File Security Security Overview
File System A Ferrari File System Il fileFile System A Ferrari File System Il file
UNIX File System File System The UNIX fileUNIX File System File System The UNIX file
Google file System Google file System Google fileGoogle file System Google file System Google file
Recitation File IO File IO File in FileRecitation File IO File IO File in File
FILE 25 FILE 100 FILE 25 FILE 10FILE 25 FILE 100 FILE 25 FILE 10
Operating Systems Protection Security Protection Security Topics GoalsOperating Systems Protection Security Protection Security Topics Goals
Protection and Security 1 Protection and Security OperatingProtection and Security 1 Protection and Security Operating
Protection and Security 1 Protection and Security OperatingProtection and Security 1 Protection and Security Operating
Protection and Security 1 Protection and Security OperatingProtection and Security 1 Protection and Security Operating
Security Protection Mechanisms Security File systems generally containSecurity Protection Mechanisms Security File systems generally contain
Financial Scams Schemes Financial Scams Schemes Scam FraudulentFinancial Scams Schemes Financial Scams Schemes Scam Fraudulent
Classic Subdivision Schemes Schemes CatmullClark 1978 DooSabin 1978Classic Subdivision Schemes Schemes CatmullClark 1978 DooSabin 1978
ALTERNATIVES LOTSIZING SCHEMES Alternatives LotSizing Schemes The silvermealALTERNATIVES LOTSIZING SCHEMES Alternatives LotSizing Schemes The silvermeal
Channel Utilization Schemes 1 Introduction n Multiplexing schemesChannel Utilization Schemes 1 Introduction n Multiplexing schemes
Schemes and Tropes Stylistics 551 Lecture 24 SchemesSchemes and Tropes Stylistics 551 Lecture 24 Schemes
Schemes and Topes Stylistics 551 Lecture 22 SchemesSchemes and Topes Stylistics 551 Lecture 22 Schemes