Chapter 8
Download
1 / 19

Chapter 8 - PowerPoint PPT Presentation


  • 111 Views
  • Uploaded on

Chapter 8. File System Security. File Protection Schemes. Login passwords Encryption File Access Privileges. Figure 8.1 The process of encryption and decryption. File Access Rights. Types of Users: Owner Group All/Other Types of Permissions: Read Write Execute Types of Files

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Chapter 8' - early


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Chapter 8

Chapter 8

File System Security


File protection schemes
File Protection Schemes

  • Login passwords

  • Encryption

  • File Access Privileges


Figure 8 1 the process of encryption and decryption
Figure 8.1 The process of encryption and decryption


File access rights
File Access Rights

  • Types of Users:

    • Owner

    • Group

    • All/Other

  • Types of Permissions:

    • Read

    • Write

    • Execute

  • Types of Files

    • Directories

    • Other files


Table 8 1 summary of file permissions in linux
Table 8.1 Summary of File Permissions in LINUX


Directory permissions
Directory Permissions

  • read = list files in the directory

  • write = add new files to the directory

  • execute = access files in the directory



Table 8 2 permission values
Table 8.2 Permission Values


Table 8 3 permissions for access to courses labs and temp
Table 8.3 Permissions for Access to courses, labs, and temp


Changing the access rights
Changing the Access Rights

Purpose – to set/change permissions in files

  • chmod [options] octal-mode filelist

  • chmod [options] symbolic-mode filelist

    Options

  • -R recursively process subdirectories


Table 8 4 values for symbolic mode components
Table 8.4 Values for Symbolic Mode Components


Table 8 5 examples of the chmod commands and their purposes
Table 8.5 Examples of the chmod Commands and Their Purposes


Table 8 5 examples of the chmod commands and their purposes1
Table 8.5 Examples of the chmod Commands and Their Purposes


Figure 8 2 position of file type and access privilege bits for linux files as seen by ls l command
Figure 8.2  Position of file type and access privilege bits for LINUX files(as seen by “ls –l” command)


Figure 8 3 position of access privilege bits for linux files as specified in the chmod command
Figure 8.3  Position of access privilege bits for LINUX files as specified in the chmod command


Default file access rights
Default File Access Rights

  • umask is a bitmap which tells which permissions to deny by default on new files

  • 022 = 000 010 010 (deny write for g+o) rwx r-x r-x (new files permissions)

  • umask with no parameters returns the current mask value

  • umask newmask - sets new mask

  • umask command usually used in a startup file


Suid bit
SUID Bit

  • A special permission bit that allows executable files to run using the privileges of the owner of the files rather than the user of the file

  • Can be set using commands:

    chmodu+sfilelist

    chmod 4xxx filelist

  • Shows up in ls - l in place of the user x bit as an s if the file is executable - (rwsrwxrwx)

  • Very dangerous to use


Sgid bit
SGID Bit

  • A special permission bit that allows executable files to run using the privileges of the owner’s group rather than the user of the file

  • Set using the commands

    chmod g+s filelist

    chmod 2xxx filelist


Sticky bit
Sticky Bit

  • A special bit that can be used as follows:

  • For a file: it directs the operating system to keep the program in memory if possible after it finishes execution (Early versions of UNIX)

  • For a directory: it sets it up such that only the owner of the directory can delete (or rename) files from the directory, even if other users have write privilege (tmp)

  • Can be set using the chmod command using the options:chmod +t filelist

  • Shows up in “ls –l” as a t - (rwxrwxrwt)


ad