Control Access to Files - RHCSA (RH124).pdf
support8872
1,005 views
21 slides
Sep 19, 2024
Slide 1 of 21
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
About This Presentation
Slides on how to control access to files - Part of RHCSA (RH124) syllabus
Slide Content
Control Access to Files
File Permissions
●Safeguard data from unauthorized access or modification
●Use "-l" option in "ls" command to display detailed
information about files and directories.
●Safeguard data from unauthorized access or modification
●Use "-l" option in "ls" command to display detailed
information about files and directories.
●Access controls:
○Who can access a file or directory.
○What actions they can perform on them.
○Who can access a file or directory.
○What actions they can perform on them.
●Changes the permissions (r,w,x) of files and directories.
●Syntax: chmod [options] permissions file(s)
Change permission in symbolic mode
○Command: chmod u+x books.txt
Change permission in numeric mode
○Command: chmod 755 library
chmod
●Syntax: chmod [options] permissions file(s)
Change permission in symbolic mode
○Command: chmod u+x books.txt
Change permission in numeric mode
○Command: chmod 755 library
chmod
●Changes the owner and group ownership of files and
directories.
●Syntax: chown [options] new_owner file(s)
●‘-R’ option on a directory changes ownership of all the files
in the directory.
Change ownership of a file
○Command: chown user1 file.txt
Transfer ownership and group ownsership
○Command: chown user2:group2 demoFile.txt
chown
directories.
●Syntax: chown [options] new_owner file(s)
●‘-R’ option on a directory changes ownership of all the files
in the directory.
Change ownership of a file
○Command: chown user1 file.txt
Transfer ownership and group ownsership
○Command: chown user2:group2 demoFile.txt
chown
●Changes the group ownership of files and directories.
●Syntax: chgrp [options] new_group file(s)
Change group ownership
○chgrp group2 file.txt
●The -R option makes the command recursive.
chgrp
●Syntax: chgrp [options] new_group file(s)
Change group ownership
○chgrp group2 file.txt
●The -R option makes the command recursive.
chgrp
●Set default permissions for newly created
files and directories in Linux
●umask values are 4 digit octal numbers
●umask values (umask 0022) are
subtracted from default permissions
●Default permission: 666 for files & 777 for
directories
●1
st
digit in umask represents additional
attributes (sticky bit, setuid, & setgid)
umask
files and directories in Linux
●umask values are 4 digit octal numbers
●umask values (umask 0022) are
subtracted from default permissions
●Default permission: 666 for files & 777 for
directories
●1
st
digit in umask represents additional
attributes (sticky bit, setuid, & setgid)
umask
Get umask value
○ Command: umask
Set umask value
○Command: umask 0000
○ Command: umask
Set umask value
○Command: umask 0000
●Every application runs on Linux in the context of a specific
user.
●Some applications may need higher privileges.
●Linux provides 3 special permissions:
○setuid
○setgid
○sticky bit
Special Permissions
user.
●Some applications may need higher privileges.
●Linux provides 3 special permissions:
○setuid
○setgid
○sticky bit
Special Permissions
●Used only for binary files (applications)
●Application with setuid bit set, runs with the effective UID
of the file owner
●Indicated by ‘s’ in place of ‘x’
●Set setuid bit
○Command: chmod u+s uidDemo
setuid
●Application with setuid bit set, runs with the effective UID
of the file owner
●Indicated by ‘s’ in place of ‘x’
●Set setuid bit
○Command: chmod u+s uidDemo
setuid
○If user doesn’t have execute ‘x’ permission, setting
setuid its represented by ‘S’ symbol
Remove setuid
○Command: chmod u-s uidDemo
setuid its represented by ‘S’ symbol
Remove setuid
○Command: chmod u-s uidDemo
●Used primarily for binary files (applications)
●File runs with permissions of group owning it.
●setgid is indicated by ‘s’ in place of ‘x’
●When applied on directories, files created are owned by
directory owner.
●Set setgid bit
○Command: chmod g+s uidDemo
setgid
●File runs with permissions of group owning it.
●setgid is indicated by ‘s’ in place of ‘x’
●When applied on directories, files created are owned by
directory owner.
●Set setgid bit
○Command: chmod g+s uidDemo
setgid
Remove getuid
○Command: chmod g-s uidDemo
○Command: chmod g-s uidDemo
●If owner group doesn’t have execute ‘x’ permission it is
represented by ‘S’ symbol
represented by ‘S’ symbol
●Used primarily on directories.
●When set, files created can only be deleted by user who
created it.
●Indicated by ‘t’ in place of ‘x’ in the everyone category.
●In RHEL, sticky bit is set by default on /tmp/
●Set sticky bit
○Command: chmod +t /documents
sticky bit
●When set, files created can only be deleted by user who
created it.
●Indicated by ‘t’ in place of ‘x’ in the everyone category.
●In RHEL, sticky bit is set by default on /tmp/
●Set sticky bit
○Command: chmod +t /documents
sticky bit
○If ‘others’ do not have execute permissions, it is
symbolized by ‘T’.
Remove sticky bit
○Command: chmod -t /documents
symbolized by ‘T’.
Remove sticky bit
○Command: chmod -t /documents
File Capabilities
●Grant specific privileges to executables, avoiding full root
permissions.
●Purpose:
○Precise control over access to system resources.
○Reduce need for processes to run with full root privileges.
●Example:
○Enable non-root processes to bind to port <1024 without
superuser privileges.
○Add ‘CAP_NET_BIND_SERVICE’ capability.
●Grant specific privileges to executables, avoiding full root
permissions.
●Purpose:
○Precise control over access to system resources.
○Reduce need for processes to run with full root privileges.
●Example:
○Enable non-root processes to bind to port <1024 without
superuser privileges.
○Add ‘CAP_NET_BIND_SERVICE’ capability.
Common Capabilities
Set capability
○Command: setcap cap_net_raw /bin/ping
Get Capability
○Command: getcap /bin/ping
Get Capability of running process
○Command: getpcaps 1054
○Command: setcap cap_net_raw /bin/ping
Get Capability
○Command: getcap /bin/ping
Get Capability of running process
○Command: getpcaps 1054
Categories
DesignDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1,005
- Slides 21
- Age 438 days
Related Slideshows
1
MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf
mannyvesa
26 views
16
EUNITED_Advocacy and Public Engagement through Visual Media
GeorgeDiamandis11
30 views
31
DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx
HibaZaidi2
24 views
36
DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx
HibaZaidi2
27 views
112
Hinduism and Its History - PowerPoint Slides.pptx
ConorMcCormack10
23 views
20
Service Attributes of Manufactured Parts.pptx
MustafaEnesKrmac
24 views