Certification Objective 7.04Restricting Access to Data


Certification Objective 7.04—Restricting Access to Data

Exam Objective 4.5: Restrict access to data in files through the use of group membership, ownership and special file permissions.

So far, we have explored the security issues involved in accessing a system. Once a user has gained access to a system, the question arises: what resources on the system can the user use? After all, a user accesses a system to access its resources, and data is an important resource. Naturally, data access on a system needs to be managed. On computers, data lives in files; therefore, data security means file security. In other words, we can restrict data access by managing permissions on the files.

Solaris allows you to manage file access by managing file ownership and file permissions, which we explore in this section.

Permissions, Ownership, and Group Membership

In UNIX, everything is about files; there are regular files, and there are special files such as directories, devices, sockets, and named pipes. There is a uniform file permission system for all these file kinds. From a file's perspective, the world of users is divided into three continents: the user who owns the file (called owner), a group of users that has group ownership of the file, and everyone else (called world or others). Accordingly, the Solaris file permission system, akin to the traditional UNIX file permission system, has three levels of file access permissions:

  • Access permission for the owner of the file

  • Access permission for the group of users that has the group ownership of the file

  • Access permission for all other users, called the world or others

These permissions are managed by a set of commands listed in Table 7-2.

Table 7-2: Commands related to file security

Command

Used To

chgrp

Change the group ownership of a file.

chmod

Change permissions on a file.

chown

Change the ownership of a file.

ls

List the files along with information about them, including permission information.

Understanding File Permissions: The ls Command

The ls command can be used to find the current permissions on files. The command has the following syntax:

    ls <options> <target> 

where <target> is the name of the directory and its default value is the current directory. For example, the following command will display the list of all the files in the current directory with some information about the files:

    ls -la 

An entry in the output of this command will look like the following:

    -rwxrwxr-x 1 jkerry pres 11720 Nov 2 8:45 camp 

Reading from the right, it means the name of the file is camp, the last time the file was modified was 8:45 a.m. on November 2, and the file size is 11,720 bytes. Next, the group ownership of the file is pres, and the login name for the owner is jkerry. The number 1 indicates that there is one link pointing to this file. The letters and hyphens indicate the permissions set on the file for the owner, the group, and the world (others).

There are ten characters in the first column (from the left) of the output of an ls -l command. The first character represents the file type. The symbols for the different file types are listed in Table 7-3.

Table 7-3: File types displayed by the ls command

Symbol

File Type

b

Block special file

c

Character special file

d

Directory

l

Symbolic link

s

Socket

D

Door

P

Named pipe

-(minus sign)

Regular file: text file, or a program

The last nine characters in the first column of the ls output represent the file permissions for the owner, group, and others—three characters each and in this order. In each case (owner, group, and others), the first character tells whether the user has the read permission or not (r for yes, -for no), the second character tells whether the user has the write permission or not (w for yes, -for no), and the third character tells whether the user has the execute permission or not (again x for yes, -for no). For example, rwxr-xr means the owner of the file has read, write, and execute permission, the group of the owner has only read and execute permission, and all other users have only read permission to this file. These permission symbols are explained in Table 7-4.

Table 7-4: The permission symbols displayed by the ls command

Symbol

Permission

For a file it means that the designated users

For a directory, it means that the designated users

r

Read

Can open the file and read its content.

Can list files in the directory.

w

Write

Can modify the content of the file or delete the file.

Can add files or links to and remove files or links from the directory.

x

Execute

Can execute the file.

Can open or execute files in the directory and can make this directory and the directories below it current.

-

Denied

Cannot read, write, or execute.

Cannot read, write, or execute.

Now that you have a good idea about how to find the file permissions with the ls command, here are some possible scenario questions and their answers.

SCENARIO & SOLUTION

The first column of a file entry in the output of the ls command is drwxr-xr-. What is the type of file that this entry represents?

A directory.

What kind of read permission any user in the group to which the owner belongs has, and what does that mean?

Any user in the owner's group has the read permission to the directory, and that means the user can list the files in the directory—for example, by using the ls command.

What kind of write permission a group user has to this file, and what does that mean?

A group user does not have a write permission to this directory, and that means a group user cannot add a file or link to or remove a file or link from this directory. The user also cannot change the names of the files or create new files in this directory.

What kind of permissions any other user (who is neither the owner nor a member of the owner's group) has to this file, and what does that mean?

Any other user only has a read permission to this directory, and does not have a write or execute permission; cannot execute files in this directory.

Now that you understand how to find the current file permissions, it is time to learn, how to change them.

Changing File Permissions with chmod

Solaris offers a number of commands to change the file permissions. We explore three of these commands here: chmod, chown, and chgrp.

The chmod command is used to change the permissions shown in the first column of the output of an ls -l command. The syntax for this command is shown here:

    chmod [-fR] <permission mode> <file> 

The options are explained here:

  • -f. Force; if the command cannot change the permission, it will not complain.

  • -R. Recursively; descend through the directory and assign the specified permissions. When links are encountered, the permission mode of the target file is changed, but no recursion happens.

The permission mode can be defined in symbolic mode or in absolute mode. In symbolic mode, a permission mode in the command has the following three elements:

    [<who>] <operator> [<permissions>] 

The element <who> specifies whose permissions are to be changed, the <operator> specifies the assignment operation, and <permissions> specifies what kind of permission it is—read, write, or execute. Possible values of <who> are the symbols u, g, o, and a to refer to the user owner, the group owner, others, and all users, respectively. Possible values of <operator> are the symbols + to add permissions, = to assign permissions, and - to take away permissions. Finally, the possible values of <permissions> are r, w, and x, referring to read, write, and execute permissions, respectively.

For example, to grant the group write permissions to a file named politics, issue the following command:

    chmod g+w politics 

To prohibit users who are not in the group from changing and executing this file, issue the following command:

    chmod o-wx 

The = assignment overwrites the existing permissions. For example, the following command issued after the previous two commands will assign only the read permissions for the group and the other users and take away all other permissions:

    chmod go=r politics 

The symbolic mode options are listed in Table 7-5.

Table 7-5: Symbolic mode options for the chmod command (the + means the permission is added, = means the permission is assigned, and - means the permission is taken away)

Permission

Owner (user)

Group

World (other)

All

Read

u + r

g + r

o + r

a + r

 

u = r

g = r

o = r

a = r

 

u - r

g - r

o - r

a - r

Write

u + w

g + w

o + w

a + w

 

u = w

g = w

o = w

a = w

 

u - w

g - w

o - w

a - w

Execute

u + x

g + x

o + x

a + x

 

u = x

g = x

o = x

a = x

 

u - x

g - x

o - x

a - x

In the absolute mode, the permission symbols r, w, and x are represented by integers 4, 2, and 1, respectively. These integers are added to represent all the permissions granted for a user. For example, read-only permission is represented by 4; read and write by 6; and read, write, and execute together by 7. Because permissions for a user are represented by an octal (a number from 0 to 7), permissions in this mode are also called octal permissions. The overall permission on a file is represented by four octal digits, The digit at first place represents special permissions, which we discuss further on in this chapter. The digit at second place (from the left) represents the owner, third place represents the group, and fourth place represents the other users. Table 7-6 demonstrates this with some examples.

Table 7-6: Examples for octal permissions using the absolute mode options for the chmod command

Permisssion

Owner (user)

Group

World (other)

Resulting Permission

Read

0400

0040

0004

0444

Write

0200

0020

0002

0222

Execute

0100

0010

0001

0111

Read, write

0600

0060

0006

0666

Read, write, execute

0700

0070

0007

0777

For example, the following command will grant all permissions for the owner, read and write permissions for the group, and only read permission for others, to the directory structure Washington.

    chmod -R 764 Washington 

As you have realized by now, the permissions on a file are set not by the user name but by the user designation: owner, group, or other. In addition, the user acquires permissions to the files by acquiring one of these designations. One way of changing the file permissions is to change the permission bits on the file with the chmod command; and the other way of changing permissions for the user is to change the user designations—for example, to change the owner of the file, which we discuss next.

Changing the File Owner with chown

An indirect way of changing the file permissions without changing the permission bits on the file is to change the owner of the file. This is accomplished with the chown command, which has the following syntax:

    chown [-fhR] <owner>[:<group>] <file> 

The <owner> is the login name or the UID of the new owner, and the <group> is the group name or the GID of the new group. Note that you can change both the user ownership and the group ownership of a file with the chown command. The options for the command are listed here:

  • -f. Force; do not report errors.

  • -h. If the file is a symbolic link, this option changes the owner of the link. Without this option, the owner of the file to which the link points will be changed.

  • -R. Change the ownership by recursively descending through the directory structure.

image from book
Exam Watch

If you are using the chown option on a symbolic link, use the -h option to change the owner of the link. If you want to change the owner of the file by using chown on the link that points to the file, leave out the -h option.

image from book

You have seen that you can change the group ownership of a file by using the chown command. You can also accomplish this by using the chgrp command, which we explore next.

Changing the Group Ownership with chgrp

The chgrp command is similar to the chown command and has the following syntax:

    chown [-fhR] <group> <file> 

The <group> is the group name or the GID of the new group, and the <file> is the file name (the full path) for which the ownership is being changed. The options for the command are listed here:

  • -f. Force; do not report errors.

  • -h. If the file is a symbolic link, this option changes the group ownership of the link. Without this option, the group ownership of the file to which the link points will be changed.

  • -R. Changes the ownership by recursively descending through the directory structure.

So far, we have explored the permissions on a file thinking of the security of the data in that file. Now, let's look at the file permissions from a slightly different angle. Suppose a user has access to a file that is an executable, and when the user executes that file, the code in that file accesses other files. In this situation, how does the system determine whether an executable being executed by a specific user can access other files or not? We explore this issue in the next section by discussing special file permissions offered by Solaris.

Special File Permissions (setuid, setgid, and Sticky Bits)

In this section we explore three special permissions that can be set on a file: setuid, setgid, and sticky bits. Let's clear up a possible misunderstanding before it can arise: setuid and setgid are permissions that you set, not commands that you issue. These permissions are set on an. executable file or a public directory.

When a user runs an executable on which any of these permissions are set, the executable file assumes the ID (UID or GID) of the owner of the file. The important point is that the user who started the execution of the file may not be the owner of the file.

The setuid Permission

When setuid permission is set on an executable file, the process that executes this file is granted permissions based on the owner of this file, not the user that started the execution of this file. This will give a user an access to the files and directories (through the process that execute the file) that will normally be available only to the owner.

The setuid permission can be set by using—well, your old friend, the chmod command with the following syntax:

    chmod <4nnn> <filename> 

As an example, consider the following command:

    chmod 4755 speech 

If you are not the owner of the file, you have to be a superuser to issue this command. This command sets these permissions on the file speech: read, write, and execute for the owner, read and execute for the group and other users; and it sets the setuid permission on the file. Now, if you issue the ls -l command on this file, the first column of the output file will look like the following:

    -rwsr-xr-x 

Note the use of the symbol s instead of x for the owner. Now suppose a user jbrown is neither the owner of this file nor a member of the group that owns this file. Further, assume there are other files to which the owner of this file does have a write permission but jbrown does not, and this file when executed tries to access those files and write into them. Once jbrown starts executing this file, the process that executes the file will have write permissions to those other files because the owner of this file has them. Do you see a security concern here?

On the Job 

Before setting setuid permission on a file, understand that it poses a security threat. For example, if the owner of an executable file is the root and you set the setuid permission on it, any user who executes this file can access the files (through the executable) that normally only the root could access.

With the permissions of the file owner, the process that executes the file may have too much access. It can be restricted by assigning the process the permission of the group that owns the file instead of the owner of the file. This is accomplished through the setgid permission, which we explore next.

The setgid Permission

The setgid permission is similar to the setuid permission. When the setgid permission is set on an executable file, the process that executes this file is granted permissions based on the group that owns the file, not the user that started the execution of the file. This will give a user access to the files and directories that would normally be available only to the group.

The setgid permission can be set by using the chmod command with the following syntax:

    chmod <2nnn> <filename> 

As an example, consider the following command:

    chmod 2755 speech 

If you are not the owner of the file, you have to be superuser to issue this command. This command sets these following permissions on the file speech: read, write, and execute for the owner and read and execute for the group and other users; it also sets the setgid permission on the file. Now if you issue the ls -l command on this file, the first column of the output file will look like the following:

    -rwxr-sr-x 

Note the symbol s instead of x for the group. When the setgid permission is applied to a directory, some users can use a process to create files in the directory that they otherwise cannot use. However, the created files always belong to the group to which the directory belongs, no matter who created them.

Now that you know the setgid permission, let's consider some scenarios and their solutions involving the setgid permission.

SCENARIO & SOLUTION

You would like to set the setuid permission on a directory /home/lib. You would also like to assign read, write, and execute permissions for the owner and the group, and read and execute for others. What command would you issue?

 chmod 2775 /home/lib 

The user gbush is neither the owner of the directory nor a member of the group that owns the directory. How can gbush create files in this directory?

By executing a script that creates files in the directory /home/lib and to which gbush has the execute and write permissions, and the script is owned by the same group that owns the directory /home/lib.

Do the files created in the directory /home/lib belong to the group to which gbush belongs, or do they belong to the group that owns the directory /home/lib?

The newly created files belong to the group that owns the directory /home/lib.

The Sticky Bit Permission

While setuid and setgid pose a security threat, sticky bit improves the security. If this permission bit is set, a file in a directory can be deleted only by the file owner, the directory owner, or a privileged user. A sticky bit is useful to prevent users from deleting other users' files from public directories such as /tmp.

The sticky bit is set by assigning the octal value 1 to the first of the four octal digits in the chmod command while using the absolute permission mode. For example, the following command will set the sticky bit permission on the /tmp directory:

    chmod 1777 /tmp 

Now the first column of the output of the ls -l command on the /tmp directory will be:

    drwxrwxrwt 

Note the symbol t for the sticky bit permission. Remember, while setuid and setgid loosen the security on a file, stick bit tightens it.

Exercise 7-3: Setting Special Permissions on a File

image from book
  1. Become superuser and create a file countvote using the following command:

        # touch countvote 

  2. Issue the following command to set the setuid on the file:

        # chmod 4755 countvote 

  3. Issue the following command:

        # ls -l countvote 

    Note that the first column of the output is: -rwsr-xr-x.

  4. Now, set the setgid permission on the file by issuing the following command:

        # chmod 2755 countvote 

    Now issue the ls -l command and verify that the first column of the output is -rwxr-sr-x.

image from book

The three most important takeaways from this chapter are the following:

  • You need to secure access to the system.

  • Once a user accesses the system, you need to secure resources on the system such as files.

  • You perform the security tasks by either using commands or creating files.




Sun Certified System Administrator for Solaris 10 Study Guide Exams 310-XXX & 310-XXX
Sun Certified System Administrator for Solaris 10 Study Guide Exams 310-XXX & 310-XXX
ISBN: N/A
EAN: N/A
Year: 2005
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net