linux file permissions
play

Linux File Permissions Engineering Secure Software Last Revised: - PowerPoint PPT Presentation

Apr 21, 2023 •167 likes •459 views

Linux File Permissions Engineering Secure Software Last Revised: August 26, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Review: Principle of Least Privilege Every user, thread, process, module needs permissions to run

  1. Linux File Permissions Engineering Secure Software Last Revised: August 26, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1

  2. Review: Principle of Least Privilege Every user, thread, process, module needs permissions to run ● Give the least amount of privilege necessary to function ● Dangers of sudo ● e.g. secretary vs. custodian vs. salesperson vs. developer ● SWEN-331: Engineering Secure Software Benjamin S Meyers 2

  3. Linux File Permissions Each file and directory has bits for: ● Read: r ○ Write: w ○ Execute: x ○ Bits work like you expect for files ● For directories: ● r → “can list files in a directory” (but not read a given file) ○ w → “can create, change, delete files in a directory” ○ x → “cannot cd (change directory) to that directory” ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 3

  4. Linux File Permissions Thus, you may only read a file IFF you: ● Have read ( r ) permissions to the file AND ○ Have execute ( x ) permissions to that file’s directory ○ Files and directories have 3 levels of permissions: ● Owner, Group, and Everyone Else ○ aka: User ( u ), Group ( g ), Other ( o ) ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 4

  5. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb SWEN-331: Engineering Secure Software Benjamin S Meyers 5

  6. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb . (one dot) → current directory ● .. (two dots) → parent directory ● SWEN-331: Engineering Secure Software Benjamin S Meyers 6

  7. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb d → directory ● - → regular file ● l → symlink (that’s a lowercase “L”, not the number “1”) ● SWEN-331: Engineering Secure Software Benjamin S Meyers 7

  8. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Octets ● user/owner permissions ○ group permissions ○ other permissions ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 8

  9. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Can andy execute myprog.py ? ● SWEN-331: Engineering Secure Software Benjamin S Meyers 9

  10. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Can andy execute myprog.py ? ● No, andy is not the owner of myprog.py , and the faculty group ○ (which andy is a member of) does not have permission to execute ( x ) myprog.py SWEN-331: Engineering Secure Software Benjamin S Meyers 10 10

  11. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Can both kal and andy execute ourprog.rb ? ● SWEN-331: Engineering Secure Software Benjamin S Meyers 11 11

  12. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Can both kal and andy execute ourprog.rb ? ● Yes, everyone in the faculty group can execute ( x ) ourprog.rb ○ SWEN-331: Engineering Secure Software Benjamin S Meyers 12 12

  13. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Can andy read ourprog.rb ? ● SWEN-331: Engineering Secure Software Benjamin S Meyers 13 13

  14. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Can andy read ourprog.rb ? ● Yes, because andy has read ( r ) permissions to the ourprog.rb ○ and execute ( x ) permissions to ourprog.rb ’s parent directory SWEN-331: Engineering Secure Software Benjamin S Meyers 14 14

  15. Output of ls List permissions of a file/directory: ls -l ● permissions user group file/dir name drwxr-x--- [...] kal faculty [...] . drwx------ [...] kal faculty [...] .. -rwxrwxrwx [...] kal faculty [...] allopen.sh drwx------ [...] kal faculty [...] mydir -rw------- [...] kal faculty [...] myfile.txt -rwx------ [...] kal faculty [...] myprog.py drwxrwx--- [...] kal faculty [...] ourdir -rwxrwx--- [...] andy faculty [...] ourprog.rb Can andy change directory ( cd ) into mydir ? ● SWEN-331: Engineering Secure Software Benjamin S Meyers 15 15

Recommend

Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017

Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017

Linux Filesystem Hierarchy inodes Permissions Filesystem Hierarchy and Permissions Linux Prepared by Steven Gordon on 19 April 2017 Common/Reports/linux-file-permissions.tex, r1417 1/15 Linux Multiuser and Server Operating System

195 views • 15 slides
More Linux Piping and Redirection Fundamentals of Computer Science Outline File and

More Linux Piping and Redirection Fundamentals of Computer Science Outline File and

More Linux Piping and Redirection Fundamentals of Computer Science Outline File and Directory Permissions File Content Finding Files Sorting Files File Compression Processes Pipes Input/Output Redirection

562 views • 21 slides
The chmod Command By: Nic Stephens and Kelly OLeary S What is it? S A Unix/Linux

The chmod Command By: Nic Stephens and Kelly OLeary S What is it? S A Unix/Linux

The chmod Command By: Nic Stephens and Kelly OLeary S What is it? S A Unix/Linux command S Ch ange Mod e S Changes permissions of a given file Symbolic Mode Type of User Letter/Operator User who owns it u Users in the

238 views • 10 slides
Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux

Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux

Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux History Linux Architecture Logging in to Linux Command Format Linux Filesystem Directory and File Commands Wildcard Characters

686 views • 19 slides
Linux File Systems Adrien schischi Schildknecht July 18, 2014 Why FS matters Linux File

Linux File Systems Adrien schischi Schildknecht July 18, 2014 Why FS matters Linux File

Linux File Systems Adrien schischi Schildknecht Linux File Systems Adrien schischi Schildknecht July 18, 2014 Why FS matters Linux File Systems Adrien schischi Schildknecht Overhead: non-volatile memory is often the

621 views • 42 slides
Taking Linux File and Storage Systems into the Future Ric Wheeler Director Kernel File and

Taking Linux File and Storage Systems into the Future Ric Wheeler Director Kernel File and

Taking Linux File and Storage Systems into the Future Ric Wheeler Director Kernel File and Storage Team Red Hat, Incorporated 1 1 Overview Going Bigger Going Faster Support for New Hardware Current Areas of Focus

703 views • 37 slides
CSCI 2132 Software Development Lecture 5: File Permissions Instructor: Vlado Keselj Faculty of

CSCI 2132 Software Development Lecture 5: File Permissions Instructor: Vlado Keselj Faculty of

CSCI 2132 Software Development Lecture 5: File Permissions Instructor: Vlado Keselj Faculty of Computer Science Dalhousie University 14-Sep-2018 (5) CSCI 2132 1 Previous Lecture Files and Directories Pathnames Commands for

571 views • 25 slides
A Study of Linux File System Evolution Lanyue Lu Andrea C. Arpaci-Dusseau Remzi H.

A Study of Linux File System Evolution Lanyue Lu Andrea C. Arpaci-Dusseau Remzi H.

A Study of Linux File System Evolution Lanyue Lu Andrea C. Arpaci-Dusseau Remzi H. Arpaci-Dusseau Shan Lu University of Wisconsin - Madison Local File Systems Are Important Local File Systems Are Important Windows Mac Linux Local File

1.77k views • 159 slides
Linux file paths (Nearly?) anyplace you can specify a file or directory you can also include

Linux file paths (Nearly?) anyplace you can specify a file or directory you can also include

Linux file paths (Nearly?) anyplace you can specify a file or directory you can also include the path to that file or directory Paths can be expressed as absolute paths or relative paths Relative paths are evaluated using your current

400 views • 5 slides
Directories & Continuation This Week: How to program with directories more Reading:

Directories & Continuation This Week: How to program with directories more Reading:

Overview Last Week: Efficiency read/write The File File pointer Unix System Programming File control/access Permissions, Meta Data, Ownership, umask, holes Directories & Continuation This Week: How to program with

518 views • 9 slides
$ linux 101 Presented by: Shanelle Ileto $ what are we learning today? An introduction to

$ linux 101 Presented by: Shanelle Ileto $ what are we learning today? An introduction to

$ linux 101 Presented by: Shanelle Ileto $ what are we learning today? An introduction to Linux Linux filesystem The terminal Basic Linux commands Some tips and tricks User and group management File and owner

1.26k views • 72 slides
Internal Roles Internal features: privileged mode, memory protection, file access permissions,

Internal Roles Internal features: privileged mode, memory protection, file access permissions,

Internal Roles Internal features: privileged mode, memory protection, file access permissions, etc. What do they accomplish? What is the real goal? Whom do we protect Internal features protect the operating system against users

536 views • 26 slides
COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne

COMP 2718: Permissions: Part 2 By: Dr. Andrew Vardy Adapted from the notes of Dr. Rod Byrne Outline Permissions: Part 2 umask - Set Default Permissions Special Permissions Changing Identities su - Run a New Shell as Another

288 views • 11 slides
Teaching Acknowledgement & Permissions Acknowledgement & Permissions Reading/Language

Teaching Acknowledgement & Permissions Acknowledgement & Permissions Reading/Language

Teaching Acknowledgement & Permissions Acknowledgement & Permissions Reading/Language Arts to Several of the slides used in this presentation All Students were originally created by one or more of the following individuals and are

526 views • 26 slides
Basics of C Programming file and directory operations file/dir permissions and changing

Basics of C Programming file and directory operations file/dir permissions and changing

CSC 4304 - Systems Programming Summary of Last Class Fall 2010 Basics of UNIX: logging in , changing password Lecture - II text editing with vi, emacs and pico Basics of C Programming file and directory operations

413 views • 5 slides
Set-UID Privileged Programs Need for Privileged Programs Password Dilemma Permissions of

Set-UID Privileged Programs Need for Privileged Programs Password Dilemma Permissions of

Set-UID Privileged Programs Need for Privileged Programs Password Dilemma Permissions of /etc/shadow File: How would normal users change their password? Two-Tier Approach Implementing fine-grained access control in operating

576 views • 31 slides
STORAGE CONTENT PROVIDER Storage File System Linux OS Internal External (Flash Memory) (SD

STORAGE CONTENT PROVIDER Storage File System Linux OS Internal External (Flash Memory) (SD

STORAGE CONTENT PROVIDER Storage File System Linux OS Internal External (Flash Memory) (SD card) ..\AppData\Local\Android\sdk\platform-tools\adb Exploring the file system File System Android allows to persists application data via the

560 views • 31 slides
PORTING THE HAMMER FILE SYSTEM TO LINUX Daniel Lorch June 10, 2009 Outline 2/13 Motivation 1.

PORTING THE HAMMER FILE SYSTEM TO LINUX Daniel Lorch June 10, 2009 Outline 2/13 Motivation 1.

Porting the HAMMER File System to Linux Daniel Lorch 1/13 PORTING THE HAMMER FILE SYSTEM TO LINUX Daniel Lorch June 10, 2009 Outline 2/13 Motivation 1. A Hammer File System Walkthrough 2. Tool Evaluation 3. Porting Work 4. Demo 5.

174 views • 13 slides
Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich

Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich

Abstract Read Permissions Fractional Permissions without the Fractions Alex Summers ETH Zurich Joint work with : Stefan Heule, Rustan Leino, Peter Mller ETH Zurich Microsoft Research ETH Zurich Overview Verification of

436 views • 42 slides
Linux Filesystem Hierarchy Linux Filesystem Hierarchy and Hard Disk Partitioning and Hard Disk

Linux Filesystem Hierarchy Linux Filesystem Hierarchy and Hard Disk Partitioning and Hard Disk

Linux Filesystem Hierarchy Linux Filesystem Hierarchy and Hard Disk Partitioning and Hard Disk Partitioning Moreno Baricevic CNR-IOM DEMOCRITOS Trieste, ITAL Y File System File System A fjle system is a set of methods and data structures

652 views • 28 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
One Billion Files: Scalability Limits in Linux File Systems Ric Wheeler Architect & Manager,

One Billion Files: Scalability Limits in Linux File Systems Ric Wheeler Architect & Manager,

One Billion Files: Scalability Limits in Linux File Systems Ric Wheeler Architect & Manager, Red Hat August 10, 2010 Overview Why Worry about 1 Billion Files? Storage Building Blocks Things File Systems Do & Performance

743 views • 25 slides
All About Apps Well cover... Whats an app? What are app permissions? What do

All About Apps Well cover... Whats an app? What are app permissions? What do

All About Apps Well cover... Whats an app? What are app permissions? What do companies gain by getting your permission? Typical permissions requested by apps How to check up on apps already on your phone App safety

134 views • 11 slides
Network File System (NFS) Nima Honarmand Fall 2017 :: CSE 306 A Typical Storage Stack (Linux)

Network File System (NFS) Nima Honarmand Fall 2017 :: CSE 306 A Typical Storage Stack (Linux)

Fall 2017 :: CSE 306 Network File System (NFS) Nima Honarmand Fall 2017 :: CSE 306 A Typical Storage Stack (Linux) User Kernel VFS (Virtual File System) ext4 btrfs fat32 nfs Page Cache Block Device Layer Network IO Scheduler Disk

266 views • 24 slides

More recommend