Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Unix Security
Special Forums UNIX Desktop Questions & Answers Unix Security Post 18042 by PxT on Friday 22nd of March 2002 11:41:23 AM
Old 03-22-2002
Here are the basics, you may want to check out the "FAQ" section for recommendations on beginners books that will provide a lot more information.

Every file on the system has an "owner" and a "group" that it belongs to. These are stored on disk as integers, and are mapped to human readable names using the /etc/passwd file and /etc/group file. Each file also has a set of permissions controlling who can access it. There are three sets of permissions for each file: user, group, and world (everyone else). For each set there are three (not strictly accurate, but I'm sticking to basics here) attributes that can be set: read permission, write permission, and execute permission. These are displayed when you do a long listing with "ls -l".

example:

$ ls -l test
-rwxrwxr-x 1 foo users 13780 Mar 13 13:18 test

So the permissions on this file grant read, write and execute to the user (foo) and group (users), and read & execute to anyone else.

You modify these file attributes using the "chmod", "chown" and "chgrp" commands. Please refer to the respective man pages for details.
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

Unix Security and auditing

I am starting an audit of unix security within our company and am looking for any information that may assist me with this. I am looking for any tips or pointers that I should be aware of when looking at unix. I am very new to unix so any help will do. Maybe there is someone out the that has had... (3 Replies)
Discussion started by: GW01
3 Replies

2. UNIX Desktop Questions & Answers

Basic Unix Security

Has anyone got any info on Unix security - I'm after the very basics as I'm a complete beginner (OS level) Thanks Dutt'O (2 Replies)
Discussion started by: DuttO
2 Replies

3. HP-UX

unix security

Was wondering if anyone could answer two quick questions... 1) What is the best way to impliment password triviality checking and also checking to make sure a user does not use the same password twice. 2) is there any nice software out there to manage users on multiple machine as far as security... (6 Replies)
Discussion started by: breigner
6 Replies

4. UNIX for Dummies Questions & Answers

Security in Unix - Documentation

Hello, I'm trying to find a Unix documentation about security! I mean I nead something very complex and complete, not just a document about kerberos, a document about securing against atack ... or others like those. I woulde like if exists, a documentation based on levels of security and expanding... (1 Reply)
Discussion started by: octav
1 Replies

5. UNIX for Dummies Questions & Answers

Unix/Linux security

Hi all. I'm so new to Linux I don't even know where to start. I'm running sles 9 and I've had it up for 2 days now. I'd like to start with information on how to secure my server. I want to use it for hosting my personal web site and email eventually. Does anyone know of a good site that will... (2 Replies)
Discussion started by: jreid08
2 Replies

6. UNIX for Dummies Questions & Answers

Unix vs Windows security

Hi to all, Asking which of the Unix and Windows platform is better may sound stupid...! But may I know what are the major differences between Unix and Windows in terms of security (authentication, access control, and complexity vs simplicit)? In which ways Unix does better than windows and... (1 Reply)
Discussion started by: heroine
1 Replies

7. Cybersecurity

Unix Security

this is a pretty good article that is a little dated, but still very informative at freeos.com. since this is Network Security for Dummies Q&A, maybe this should be the first step for unix.com users to check for general and more specific info on how to 'harden' their linux box. some of this... (8 Replies)
Discussion started by: norsk hedensk
8 Replies

8. HP-UX

Unix security

Is there anyway to trace where a user has logged in from. Someone this morning deleted some data but I only have the following info from the last command cromread pts/ta Wed Jul 22 06:55 - 06:57 (00:02) cromread pts/ta Wed Jul 22 06:43 - 06:46 (00:02) cromread pts/ta ... (3 Replies)
Discussion started by: spiers
3 Replies

9. Solaris

Unix/Solaris security?

Hello Admins, I just have a curious question on unix passwords... As unix passwords are encrypted, so any hacker can took those passwds from etc/shadow and decrypt them using any algorithms....and using decryption, he can get the passwd and easily get into the system..... so how can... (4 Replies)
Discussion started by: snchaudhari2
4 Replies

LEARN ABOUT POSIX

getfacl

getfacl(1)							   User Commands							getfacl(1)

NAME

       getfacl - display discretionary file information

SYNOPSIS

       getfacl [-ad] file...

DESCRIPTION

       For  each  argument  that is a regular file, special file, or named pipe, the getfacl utility displays the owner, the group, and the Access
       Control List (ACL).  For each directory argument, getfacl displays the owner, the group, and the ACL and/or the default ACL. Only  directo-
       ries contain default ACLs.

       The getfacl utility may be executed on a file system that does not support ACLs. It reports the ACL based on the base permission bits.

       With no options specified, getfacl displays the filename, the file owner, the file group owner, and both the ACL and the default ACL, if it
       exists.

OPTIONS

       The following options are supported:

       -a	Displays the filename, the file owner, the file group owner, and the ACL of the file.

       -d	Displays the filename, the file owner, the file group owner, and the default ACL of the file, if it exists.

OPERANDS

       The following operands are supported:

       file	The path name of a regular file, special file, or named pipe.

OUTPUT

       The format for ACL output is as follows:

       # file: filename
       # owner: uid
       # group: gid
       user::perm
       user:uid:perm
       group::perm
       group:gid:perm
       mask:perm
       other:perm
       default:user::perm
       default:user:uid:perm
       default:group::perm
       default:group:gid:perm
       default:mask:perm
       default:other:perm

       When multiple files are specified on the command line, a blank line separates the ACLs for each file.

       The ACL entries are displayed in the order in which they are evaluated when an access check is performed. The default ACL entries that  may
       exist on a directory have no effect on access checks.

       The  first three lines display the filename, the file owner, and the file group owner. Notice that when only the -d option is specified and
       the file has no default ACL, only these three lines are displayed.

       The user entry without a user ID indicates the permissions that	are granted to the file owner. One or more additional user  entries  indi-
       cate the permissions that are granted to the specified users.

       The  group  entry  without  a  group  ID  indicates the permissions that  are granted to the file group owner. One or more additional group
       entries indicate the permissions that  are granted to the specified groups.

       The mask entry indicates the ACL mask permissions. These are the maximum permissions allowed to any user entries except the file owner, and
       to any group entries, including the file group owner. These permissions restrict the permissions specified in other entries.

       The other entry indicates the permissions that are granted to others.

       The  default entries may exist only for directories. These entries indicate the default entries that are added to a file created within the
       directory.

       The uid is a login name or a user ID if there is no entry for the uid in the system password file, /etc/passwd. The gid is a group name	or
       a group ID if there is no entry for the gid in the system group file, /etc/group. The perm is a three character string composed of the let-
       ters representing the separate discretionary access rights: r (read), w (write), x (execute/search), or the place holder character  -.  The
       perm is displayed in the following order: rwx. If a permission is not granted by an ACL entry, the place holder character appears.

       If   you  use the chmod(1) command to change the file group owner permissions on a file with ACL entries, both the file group owner permis-
       sions and the ACL mask are changed to the new permissions. Be aware that the new ACL mask permissions may change the effective  permissions
       for additional users and groups who have ACL entries on the file.

       In  order  to  indicate	that  the  ACL mask  restricts an ACL entry, getfacl displays an additional tab character, pound sign (#), and the
       actual permissions granted, following the entry.

EXAMPLES

       Example 1: Displaying file information

       Given file foo, with an ACL six entries long, the command

       host% getfacl foo

       would print:

       # file: foo
       # owner: shea
       # group: staff
       user::rwx
       user:spy:---
       user:mookie:r--
       group::r--
       mask::rw-
       other::---

       Example 2: Displaying information after chmod command

       Continue with the above example, after chmod 700 foo was issued:

       host% getfacl foo

       would print:

       # file: foo
       # owner: shea
       # group: staff
       user::rwx
       user:spy:---
       user:mookie:r--	   #effective:---
       group::---
       mask::---
       other::---

       Example 3: Displaying information when ACL contains default entries

       Given directory doo, with an ACL containing default entries, the command

       host% getfacl -d doo

       would print:

       # file: doo
       # owner: shea
       # group: staff
       default:user::rwx
       default:user:spy:---
       default:user:mookie:r--
       default:group::r--
       default:mask::---
       default:other::---

FILES

       /etc/passwd     system password file

       /etc/group      group file

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       chmod(1), ls(1), setfacl(1), acl(2), aclsort(3SEC), group(4), passwd(4), attributes(5)

NOTES

       The output from getfacl is in the correct format for input to the setfacl -f command. If the output from getfacl is redirected to  a  file,
       the file may be used as input to setfacl. In this way, a user may easily assign one file's ACL to another file.

SunOS 5.10							    5 Nov 1994								getfacl(1)
All times are GMT -4. The time now is 11:22 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy