Protecting Files

I l @ ve RuBoard

Information itself will often have associated authorization definitions that indicate which users are allowed which access rights.

All access to files in UNIX systems is controlled by the permissions of that file, and everything in UNIX systems is a file. There are a variety of types of files, including a regular file, which contains either text or binary data or programs; a directory, which contains information about the location of a file; a device file, which may be either a block or character device and represents a logical or physical device; a named pipe, which is used for inter-process communication; and a symbolic link, which is a file that points to another file. Some implementations may expand this list of file types to include sockets, mounted directories, or others.

Discretionary Access Controls

Discretionary access controls are those access controls that are controlled by the information owner.

Discretionary access control is a method by which a user has control over the access of the files which he owns. Standard UNIX file system permissions are discretionary access controls.

With standard UNIX file system permissions, every file has a list of three permissions for each of three groups of users plus three miscellaneous modes. Each of these three groups of users can have a differing set of these permissions to this file. They are user (the owner of the file), group (the users in the group to which the file belongs), and world (all other users).

The owner of a file is usually the person who creates the file. However, on some systems you can change the ownership of a file with the chown command. This is disallowed on some systems because it would allow you to hide your disk utilization by giving large files to someone else while retaining access rights and the ability to remove the file.

The chown command allows the owner of the file to give the file to another user by changing the owner of the file. This can also be used to give a file, and its associated costs, to another user. The owner of a file can change the file's group association by using the chgrp command.

The group is the people whose group ID in the password file matches the group ID of the file. A user can temporarily change his group affiliation with the newgrp command if he is listed in the /etc/group file or belongs to a number of groups with the use of the /etc/logingroup file.

The world permission bits apply to all users who are neither the file owner nor are in the group with which the file is associated.

UNIX file permission bits define the access rights of read, write, and execute to the file's owner, group, and everyone else. These coarse grain access rights are the fundamental access rights on UNIX systems.

There are three permissions: read, write, and execute. For a regular file, these permissions are fairly obvious. They allow the user to read the file, write to the file, and to execute the file. If the file is a directory, the meaning is a little more involved. Read permission means that you can access the information about the files in the directory, write permission means that you can change the information about the file, including renaming or deleting the file, and execute permission means that you can access and search the directory. Only the owner of a file (and the superuser) can change its permissions.

The permissions are generally represented by a string of nine characters, three characters for the permissions for each of the three groups of users. The characters are "r" for read, "w" for write, and "x" for execute.

For example the string " rwxr-x--- " means that the owner of the file has read, write, and execute permissions, while the people which belong to the same group as the file have read and execute permissions, and everyone else has no permissions. This is very straightforward for files.

The three miscellaneous modes are set-user-ID on execute, set-group-ID on execute, and sticky bit. Originally these three modes were pertinent only to program files, that is, files that are either binary executables or shell scripts. The set-user-ID and group-ID modes change the effective user or group-ID of the program that is executing so it appears to the program that it was executed by that user or group.

The sticky bit tells the program scheduler to keep the program in virtual memory because it is likely that the program will be executed again soon and it will not have to be reloaded from disk, possibly across the network, if it is still there.

Some vendors have disabled the set-user-ID and set-group-ID modes for shell scripts because of the related security problems.

Some vendors have extended these modes to represent other behaviors when applied to other files. One common extension is that if the sticky bit is set on a directory, then only the owner of files in that directory can delete them.

The built-in shell command umask is used to set the shell's default file creation permission mask. When a file is created, each bit in the file mode creation mask that is set causes the corresponding permission bit in the file mode to be cleared. This means that any file created will have the permissions bits set that are not set in the umask mask. This mask can be set by the user and it remains active until the user changes it or the user's session is over. Each invocation of a shell will have an independent mask that can be reset by the user.

Generally there is a system mask that is set in one of the start-up scripts. This mask is the default unless a user either has invoked the command directly or has it in his personal start-up script. It is advisable to set the global mask value to as strict a value as possible. A value of 037 will allow the owner to read and write the file while the group will have read permissions and all world will have no permissions. The actual value you set should be dependent on your data security policy.

The chmod command allows the owner of a file to set the file's permissions, which can be done with either a symbolic or numeric syntax.

  • Setting Permissions with Symbolic Modes

    When you are using the symbolic mode to set permissions, you are always adding to or removing from existing permissions. The symbols used for the symbolic mode are "r" for read, "w" for write, "x" for execute/access, "s" for set-id-on- exec , and "t" for the sticky bit. The user who owns the file is indicated by the character "u," the group to which the file belongs by the character "g," and the world, all others, by the character "o." These symbols are connected by using either the plus sign "+" to add the permission or the minus "-" to remove the permission. So if you want to remove the write access from the users in the group that owns a file, the command would be

     chmod g-w filename 

    Both users and permissions can be combined so you can grant one or more permissions to one or more users in one command. For example, if you want to grant read access to both the users in the file's group and all other users, the command would be

     chmod go+r filename 
  • Setting Permissions with Numeric Modes

    This method always sets the absolute permissions of a file. With numeric modes, the permissions are converted into octal numbers , with read set to 4, write set to 2, and execute/access set to 1. The permissions are combined by adding their values. It then uses three digits to represent the users ” the first digit for the owner, the second for the group, and the last for the world. Table 12-1 shows the values for these permissions.

    Table 12-1. UNIX Permissions in Symbolic and Numeric Modes

    Owner

    Group

    World

    r

    w

    x

    r

    w

    x

    r

    w

    x

    4

    2

    1

    4

    2

    1

    4

    2

    1

    In addition to the permission bits, there is an optional leading digit which is used to represent the set-userID bit (4), the set-groupID bit (2), and the sticky bit (1).

    To set read, write, and execute permissions for the owner, read-only for the group, and no permissions for world users the command would be:

     chmod 740 filename 
I l @ ve RuBoard


Halting the Hacker. A Practical Guide to Computer Security
Halting the Hacker: A Practical Guide to Computer Security (2nd Edition)
ISBN: 0130464163
EAN: 2147483647
Year: 2002
Pages: 210

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net