SlideShare a Scribd company logo

Linux permissions

Download as ODP, PDF
C
Celsius A T

Linux permissions have some shortcomings like only allowing one user and group owner per file/directory. Access Control Lists (ACLs) address these issues by allowing multiple users and groups to have permissions on an object. ACLs can be used to set permissions for specific users and groups, inherited permissions, and backed up/restored easily. While not default in Linux, ACLs provide more flexible access control than standard permissions alone.

Technology
1 of 13
LINUX PERMISSIONS CELSIUS A T (atcelsius97@gmail.com)
2 SHORT COMINGS OF LINUX PERMISSIONS:- 1) FILES & DIRECTORIES CAN ONLY BELONG TO ONE USER FILES & DIRECTORIES CAN ONLY BELONG TO ONE GROUP 2) inheritance only supports group ownership & not permissions 3) a child file/ directory can inherit parent directories group owner and not permissions 4) no easy way to backup and restore permissions
3 UMASK DEFAULT PERMISSIONS can be seen via the command umask UMASK VALUE DIFFERENT FOR DIFFERENT USERS Maximum initial permissions:- 777 - Directories 666 - Files
4 SUID:- RUNS AS THE ROOT USER s ===> execute permission is set S ===> execute permission is not set finding suid:- sudo find / -perm -4000 suid - 4 ex:- chmod u+s /bin/su
5 SGID SGID:- sgid bits on directories represent only inheritance in standard linux permissions & ownership all files and directories created inside sgid dir will inherit group owner sgid -2 sgid runs as the group owner chmod 2755 /usr/bin/screen chmod g+s /usr/bin/screen finding SGID:- sudo find / -perm -2000 Finding both suid & sgid:- find / ( -perm -4000 -o -perm -2000 ) -perm -1 -type f
6 ACLS /reports GROUP PERMISSIONS accounting rwx marketing rx -rwxrwxr-x 1 root accounting 2375 sep 12 14:39 reports problem is that everyone will be able to access reports not just marketing group
7 WHY ACLS ? 1) permissions can be set for multiple users,groups 2) user and group permissions can be inherited 3) easy backup and restoring of permissions 4) easy temporary restriction of permissions marketing rx
8 ACL CONS ? 1) Not always installed 2) not built into linux 3) can be turned off
9 MASK maximum allowable permissions for temporarily limiting access - take permissions from mask squashing user rights without destroying ACLS -use mask setfacl -m mask::- dir1 setfacl -m mask::rwx dir1
10 SETTING ACLS setfacl -m user: <username> : <permissions> file EX:- setfacl -m user:root:rwx sss setfacl -m user:bob:rwx /home/file.txt setfacl -m group:accounting:rx file.txt setfacl -R -m user:bob:rwx ~/bob
11 DEFAULT ACLS if you want a user to access a directory -set regular ACL on it first. if you want that user to access new(created) files and folders inside it set default ACL. what about copied files ????? Default ACLS provide inheritance Ex:- setfacl -d -m user:sally:rwx dir1
12 DELETING ACLS -x remove specific ACL -k remove all default ACLS -b remove all ACLS EX:- setfacl -x user:root acldirname setfacl -x default:user:root acldir setfacl -k acldir (Remove default ACLs) setfacl -b acldir ( Remove all ACLs)
13 MISC getfacl file1.txt | setfacl --set-file=- file2.txt getfacl -c file1.txt > acls.txt setfacl -M acls.txt file1.txt getfacl -R dir1 > dirtree.facl setfacl --restore dirtree.facl getfacl dir1 | setfacl -d -M dir1

Recommended

Linux day 2.ppt
Linux day 2.pptLinux day 2.ppt
Linux day 2.ppt
Kalkey
 
Server hardening methedologies
Server hardening methedologies Server hardening methedologies
Server hardening methedologies
Shreya Pohekar
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linux
Gourav Varma
 
Introduction to linux day1
Introduction to linux day1Introduction to linux day1
Introduction to linux day1
UtpalenduChakrobortt1
 
Introduction to linux1
Introduction to linux1Introduction to linux1
Introduction to linux1
Gourav Varma
 
Introduction To Unix
Introduction To UnixIntroduction To Unix
Introduction To UnixCTIN
 
Unix fundamentals
Unix fundamentalsUnix fundamentals
Unix fundamentalsDima Gomaa
 
Basics of Linux
Basics of LinuxBasics of Linux
Basics of Linux
SaifUrRahman180
 

Recommended

Linux day 2.ppt
Linux day 2.pptLinux day 2.ppt
Linux day 2.ppt
Kalkey
 
Server hardening methedologies
Server hardening methedologies Server hardening methedologies
Server hardening methedologies
Shreya Pohekar
 
Introduction to linux
Introduction to linuxIntroduction to linux
Introduction to linux
Gourav Varma
 
Introduction to linux day1
Introduction to linux day1Introduction to linux day1
Introduction to linux day1
UtpalenduChakrobortt1
 
Introduction to linux1
Introduction to linux1Introduction to linux1
Introduction to linux1
Gourav Varma
 
Introduction To Unix
Introduction To UnixIntroduction To Unix
Introduction To UnixCTIN
 
Unix fundamentals
Unix fundamentalsUnix fundamentals
Unix fundamentalsDima Gomaa
 
Basics of Linux
Basics of LinuxBasics of Linux
Basics of Linux
SaifUrRahman180
 
File permission in Linux
File permission in LinuxFile permission in Linux
File permission in Linux
KrutikMandre1
 
Linuxppt
LinuxpptLinuxppt
LinuxpptTSUBHASHRI
 
Rhce syllabus
Rhce syllabusRhce syllabus
Rhce syllabus
shushanto
 
Operating Systems 1
Operating Systems 1Operating Systems 1
Operating Systems 1
hutchison
 
Writing flexible filesystems in FUSE-Python
Writing flexible filesystems in FUSE-PythonWriting flexible filesystems in FUSE-Python
Writing flexible filesystems in FUSE-Python
Anurag Patel
 
SOL.docx
SOL.docxSOL.docx
SOL.docx
TanishaKochak
 
Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...wensheng wei
 
Operating Systems 2
Operating Systems 2Operating Systems 2
Operating Systems 2
hutchison
 
Building File Systems with FUSE
Building File Systems with FUSEBuilding File Systems with FUSE
Building File Systems with FUSEelliando dias
 
gcis-zenworks7.2
gcis-zenworks7.2gcis-zenworks7.2
gcis-zenworks7.2KARLY21
 
Linux command line cheatsheet
Linux command line cheatsheetLinux command line cheatsheet
Linux command line cheatsheet
We Ihaveapc
 
Python & FUSE
Python & FUSEPython & FUSE
Python & FUSE
Joseph Scott
 
3. introduction of centos
3. introduction of centos3. introduction of centos
3. introduction of centosMohd yasin Karim
 
Linux cheat-sheet
Linux cheat-sheetLinux cheat-sheet
Linux cheat-sheetCraig Cannon
 
Linux local
Linux localLinux local
Linux local
yarden hanan
 
Linux administration training from hyderabad
Linux administration training from hyderabadLinux administration training from hyderabad
Linux administration training from hyderabadFuturePoint Technologies
 
Restricting unix users
Restricting unix usersRestricting unix users
Restricting unix users
Muqthiyar Pasha
 
Introduction to FreeBSD commands(beta)
Introduction to FreeBSD commands(beta)Introduction to FreeBSD commands(beta)
Introduction to FreeBSD commands(beta)郁凱 黃
 
Getting Started on Packaging Apps with Open Build Service
Getting Started on Packaging Apps with Open Build ServiceGetting Started on Packaging Apps with Open Build Service
Getting Started on Packaging Apps with Open Build Service
Andi Sugandi
 
Fuse- Filesystem in User space
Fuse- Filesystem in User space Fuse- Filesystem in User space
Fuse- Filesystem in User space
Danny Tseng
 
Linux Security
Linux SecurityLinux Security
Linux Security
Mahdi Cherif
 
Rhel1
Rhel1Rhel1
Rhel1
Yash Gulati
 

More Related Content

What's hot

File permission in Linux
File permission in LinuxFile permission in Linux
File permission in Linux
KrutikMandre1
 
Rhce syllabus
Rhce syllabusRhce syllabus
Rhce syllabus
shushanto
 
Operating Systems 1
Operating Systems 1Operating Systems 1
Operating Systems 1
hutchison
 
Writing flexible filesystems in FUSE-Python
Writing flexible filesystems in FUSE-PythonWriting flexible filesystems in FUSE-Python
Writing flexible filesystems in FUSE-Python
Anurag Patel
 
Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...wensheng wei
 
Operating Systems 2
Operating Systems 2Operating Systems 2
Operating Systems 2
hutchison
 
Building File Systems with FUSE
Building File Systems with FUSEBuilding File Systems with FUSE
Building File Systems with FUSEelliando dias
 
gcis-zenworks7.2
gcis-zenworks7.2gcis-zenworks7.2
gcis-zenworks7.2KARLY21
 
Linux command line cheatsheet
Linux command line cheatsheetLinux command line cheatsheet
Linux command line cheatsheet
We Ihaveapc
 
Python & FUSE
Python & FUSEPython & FUSE
Python & FUSE
Joseph Scott
 
Linux local
Linux localLinux local
Linux local
yarden hanan
 
Linux administration training from hyderabad
Linux administration training from hyderabadLinux administration training from hyderabad
Linux administration training from hyderabadFuturePoint Technologies
 
Restricting unix users
Restricting unix usersRestricting unix users
Restricting unix users
Muqthiyar Pasha
 
Introduction to FreeBSD commands(beta)
Introduction to FreeBSD commands(beta)Introduction to FreeBSD commands(beta)
Introduction to FreeBSD commands(beta)郁凱 黃
 
Getting Started on Packaging Apps with Open Build Service
Getting Started on Packaging Apps with Open Build ServiceGetting Started on Packaging Apps with Open Build Service
Getting Started on Packaging Apps with Open Build Service
Andi Sugandi
 
Fuse- Filesystem in User space
Fuse- Filesystem in User space Fuse- Filesystem in User space
Fuse- Filesystem in User space
Danny Tseng
 

What's hot (20)

File permission in Linux
File permission in LinuxFile permission in Linux
File permission in Linux
 
Linuxppt
LinuxpptLinuxppt
Linuxppt
 
Rhce syllabus
Rhce syllabusRhce syllabus
Rhce syllabus
 
Operating Systems 1
Operating Systems 1Operating Systems 1
Operating Systems 1
 
Writing flexible filesystems in FUSE-Python
Writing flexible filesystems in FUSE-PythonWriting flexible filesystems in FUSE-Python
Writing flexible filesystems in FUSE-Python
 
SOL.docx
SOL.docxSOL.docx
SOL.docx
 
Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...Installation of Subversion on Ubuntu,...
Installation of Subversion on Ubuntu,...
 
Operating Systems 2
Operating Systems 2Operating Systems 2
Operating Systems 2
 
Building File Systems with FUSE
Building File Systems with FUSEBuilding File Systems with FUSE
Building File Systems with FUSE
 
gcis-zenworks7.2
gcis-zenworks7.2gcis-zenworks7.2
gcis-zenworks7.2
 
Linux command line cheatsheet
Linux command line cheatsheetLinux command line cheatsheet
Linux command line cheatsheet
 
Python & FUSE
Python & FUSEPython & FUSE
Python & FUSE
 
3. introduction of centos
3. introduction of centos3. introduction of centos
3. introduction of centos
 
Linux cheat-sheet
Linux cheat-sheetLinux cheat-sheet
Linux cheat-sheet
 
Linux local
Linux localLinux local
Linux local
 
Linux administration training from hyderabad
Linux administration training from hyderabadLinux administration training from hyderabad
Linux administration training from hyderabad
 
Restricting unix users
Restricting unix usersRestricting unix users
Restricting unix users
 
Introduction to FreeBSD commands(beta)
Introduction to FreeBSD commands(beta)Introduction to FreeBSD commands(beta)
Introduction to FreeBSD commands(beta)
 
Getting Started on Packaging Apps with Open Build Service
Getting Started on Packaging Apps with Open Build ServiceGetting Started on Packaging Apps with Open Build Service
Getting Started on Packaging Apps with Open Build Service
 
Fuse- Filesystem in User space
Fuse- Filesystem in User space Fuse- Filesystem in User space
Fuse- Filesystem in User space
 

Similar to Linux permissions

Linux Security
Linux SecurityLinux Security
Linux Security
Mahdi Cherif
 
Rhel1
Rhel1Rhel1
Rhel1
Yash Gulati
 
Solaris basics
Solaris basicsSolaris basics
Solaris basics
Ashwin Pawar
 
Course 102: Lecture 14: Users and Permissions
Course 102: Lecture 14: Users and PermissionsCourse 102: Lecture 14: Users and Permissions
Course 102: Lecture 14: Users and Permissions
Ahmed El-Arabawy
 
Basic Linux
Basic LinuxBasic Linux
Basic Linux
Tan Huynh Cong
 
Lession1 Linux Preview
Lession1 Linux PreviewLession1 Linux Preview
Lession1 Linux Previewleminhvuong
 
Unixcommandsinetltesting 130712050932-phpapp01
Unixcommandsinetltesting 130712050932-phpapp01Unixcommandsinetltesting 130712050932-phpapp01
Unixcommandsinetltesting 130712050932-phpapp01Gyanendra Kumar
 
Unix commands in etl testing
Unix commands in etl testingUnix commands in etl testing
Unix commands in etl testing
Garuda Trainings
 
Root file system for embedded systems
Root file system for embedded systemsRoot file system for embedded systems
Root file system for embedded systems
alok pal
 
06 users groups_and_permissions
06 users groups_and_permissions06 users groups_and_permissions
06 users groups_and_permissions
Shay Cohen
 
Linux basics part 1
Linux basics part 1Linux basics part 1
Linux basics part 1
Lilesh Pathe
 
Unix Security
Unix SecurityUnix Security
Unix Security
replay21
 
Basic Unix
Basic UnixBasic Unix
Basic Unix
Rajesh Kumar
 
18 LINUX OS.pptx Linux command is basic isma
18 LINUX OS.pptx Linux command is basic isma18 LINUX OS.pptx Linux command is basic isma
18 LINUX OS.pptx Linux command is basic isma
perweeng31
 
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security FrameworkLecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Mohammed Farrag
 
Common linux ubuntu commands overview
Common linux ubuntu commands overviewCommon linux ubuntu commands overview
Common linux ubuntu commands overview
Ameer Sameer
 
Introduction to linux day-3
Introduction to linux day-3Introduction to linux day-3
Introduction to linux day-3
Gourav Varma
 
Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)
Ralf Dannert
 
Advanced file permissions in linux
Advanced file permissions in linuxAdvanced file permissions in linux
Advanced file permissions in linuxMohit Singh
 

Similar to Linux permissions (20)

Linux Security
Linux SecurityLinux Security
Linux Security
 
Rhel1
Rhel1Rhel1
Rhel1
 
Solaris basics
Solaris basicsSolaris basics
Solaris basics
 
Course 102: Lecture 14: Users and Permissions
Course 102: Lecture 14: Users and PermissionsCourse 102: Lecture 14: Users and Permissions
Course 102: Lecture 14: Users and Permissions
 
Linux ppt
Linux pptLinux ppt
Linux ppt
 
Basic Linux
Basic LinuxBasic Linux
Basic Linux
 
Lession1 Linux Preview
Lession1 Linux PreviewLession1 Linux Preview
Lession1 Linux Preview
 
Unixcommandsinetltesting 130712050932-phpapp01
Unixcommandsinetltesting 130712050932-phpapp01Unixcommandsinetltesting 130712050932-phpapp01
Unixcommandsinetltesting 130712050932-phpapp01
 
Unix commands in etl testing
Unix commands in etl testingUnix commands in etl testing
Unix commands in etl testing
 
Root file system for embedded systems
Root file system for embedded systemsRoot file system for embedded systems
Root file system for embedded systems
 
06 users groups_and_permissions
06 users groups_and_permissions06 users groups_and_permissions
06 users groups_and_permissions
 
Linux basics part 1
Linux basics part 1Linux basics part 1
Linux basics part 1
 
Unix Security
Unix SecurityUnix Security
Unix Security
 
Basic Unix
Basic UnixBasic Unix
Basic Unix
 
18 LINUX OS.pptx Linux command is basic isma
18 LINUX OS.pptx Linux command is basic isma18 LINUX OS.pptx Linux command is basic isma
18 LINUX OS.pptx Linux command is basic isma
 
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security FrameworkLecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
 
Common linux ubuntu commands overview
Common linux ubuntu commands overviewCommon linux ubuntu commands overview
Common linux ubuntu commands overview
 
Introduction to linux day-3
Introduction to linux day-3Introduction to linux day-3
Introduction to linux day-3
 
Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)Linux containers-namespaces(Dec 2014)
Linux containers-namespaces(Dec 2014)
 
Advanced file permissions in linux
Advanced file permissions in linuxAdvanced file permissions in linux
Advanced file permissions in linux
 

Recently uploaded

Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 

Recently uploaded (20)

Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 

Linux permissions

  • 1. LINUX PERMISSIONS CELSIUS A T (atcelsius97@gmail.com)
  • 2. 2 SHORT COMINGS OF LINUX PERMISSIONS:- 1) FILES & DIRECTORIES CAN ONLY BELONG TO ONE USER FILES & DIRECTORIES CAN ONLY BELONG TO ONE GROUP 2) inheritance only supports group ownership & not permissions 3) a child file/ directory can inherit parent directories group owner and not permissions 4) no easy way to backup and restore permissions
  • 3. 3 UMASK DEFAULT PERMISSIONS can be seen via the command umask UMASK VALUE DIFFERENT FOR DIFFERENT USERS Maximum initial permissions:- 777 - Directories 666 - Files
  • 4. 4 SUID:- RUNS AS THE ROOT USER s ===> execute permission is set S ===> execute permission is not set finding suid:- sudo find / -perm -4000 suid - 4 ex:- chmod u+s /bin/su
  • 5. 5 SGID SGID:- sgid bits on directories represent only inheritance in standard linux permissions & ownership all files and directories created inside sgid dir will inherit group owner sgid -2 sgid runs as the group owner chmod 2755 /usr/bin/screen chmod g+s /usr/bin/screen finding SGID:- sudo find / -perm -2000 Finding both suid & sgid:- find / ( -perm -4000 -o -perm -2000 ) -perm -1 -type f
  • 6. 6 ACLS /reports GROUP PERMISSIONS accounting rwx marketing rx -rwxrwxr-x 1 root accounting 2375 sep 12 14:39 reports problem is that everyone will be able to access reports not just marketing group
  • 7. 7 WHY ACLS ? 1) permissions can be set for multiple users,groups 2) user and group permissions can be inherited 3) easy backup and restoring of permissions 4) easy temporary restriction of permissions marketing rx
  • 8. 8 ACL CONS ? 1) Not always installed 2) not built into linux 3) can be turned off
  • 9. 9 MASK maximum allowable permissions for temporarily limiting access - take permissions from mask squashing user rights without destroying ACLS -use mask setfacl -m mask::- dir1 setfacl -m mask::rwx dir1
  • 10. 10 SETTING ACLS setfacl -m user: <username> : <permissions> file EX:- setfacl -m user:root:rwx sss setfacl -m user:bob:rwx /home/file.txt setfacl -m group:accounting:rx file.txt setfacl -R -m user:bob:rwx ~/bob
  • 11. 11 DEFAULT ACLS if you want a user to access a directory -set regular ACL on it first. if you want that user to access new(created) files and folders inside it set default ACL. what about copied files ????? Default ACLS provide inheritance Ex:- setfacl -d -m user:sally:rwx dir1
  • 12. 12 DELETING ACLS -x remove specific ACL -k remove all default ACLS -b remove all ACLS EX:- setfacl -x user:root acldirname setfacl -x default:user:root acldir setfacl -k acldir (Remove default ACLs) setfacl -b acldir ( Remove all ACLs)
  • 13. 13 MISC getfacl file1.txt | setfacl --set-file=- file2.txt getfacl -c file1.txt > acls.txt setfacl -M acls.txt file1.txt getfacl -R dir1 > dirtree.facl setfacl --restore dirtree.facl getfacl dir1 | setfacl -d -M dir1