Skip to main content

SYSTEM SECURITY-PERMISSIONS

Add caption











Hello guys welcome back to HackerHeaven,today we will learn about the system security of the linux distros...very preciesly..so..we are going to look at this essential part of system security and introduce the following commands:
● id – Display user identity
● chmod – Change a file's mode
● umask – Set the default file permissions
● su – Run a shell as another user
● sudo – Execute a command as another user
● chown – Change a file's owner
● chgrp – Change a file's group ownership
● passwd – Change a user's password
 i hope you enjoyed my previous articles too...
here are some things straight forward but instead you have too know it..
command : id

 output :

 ubuntu@ubuntu:~$ id
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lpadmin),124(sambashare)
ubuntu@ubuntu:~$ 
So where does this information come from? Like so many things in Linux, from a couple
of text files. User accounts are defined in the /etc/passwd file and groups are defined
in the /etc/group file. When user accounts and groups are created, these files are
modified along with /etc/shadow which holds information about the user's password.
For each user account, the /etc/passwd file defines the user (login) name, uid, gid,
the account's real name, home directory, and login shell. If you examine the contents of
/etc/passwd and /etc/group, you will notice that besides the regular user accounts,
there are accounts for the superuser (uid 0) and various other system users.

 over all ..if you really wanna to dive into the linux directories...for this you have to executes some commands..these are listed below...

 commands..
1.this command will list all the owners..
ubuntu@ubuntu:~$ less /etc/passwd >FileName.txt

 root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
libuuid:x:100:101::/var/lib/libuuid:
:more---

 here FileName.txt is an txt file where you can print the output of the commands executed by the command.. less /etc/passwd ..you can easily read out the content inside the /etc file
for samle you can see above.
                         

 2.this command will list out all the groups exits in the ubuntu..

 command-  
ubuntu@ubuntu:~$ less /etc/group >GroupNames.txt

 root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog,ubuntu
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:ubuntu

 here again GroupNames.txt is the file which will store the ouput of the command less /etc/group ,actually above output is for sample out only..                  

                            Reading, Writing, And Executing:

 now lets talk about more deeper about our main topic..
Access rights to files and directories are defined in terms of read access, write access, and
execution access. 
these are represented in terminal output by charecter 'r' ,'w' and 'x' respectively.
 If we look at the output of the ls command, we can get some clue as to
 how this is implemented:

 ubuntu@ubuntu:~$ >zerocool.txt
ubuntu@ubuntu:~$ ls -l zerocool.txt
-rw-rw-r-- 1 ubuntu ubuntu 0 Dec 24 11:41 zerocool.txt
ubuntu@ubuntu:~$ 

 The first ten characters(- rw-rw-r--) of the listing are the file attributes. The first of these characters('-' or 'd' or 'l') is the file type. Here are the file types you are most likely to see (there are other, less common types too):

 Attribute                         File Type
-                                 A regular file.

 d                                 A directory.

 l                          A symbolic link. Notice that with symbolic links, the remaining file
                          attributes are always “rwxrwxrwx” and are dummy values. The real
                           file attributes are those of the file the symbolic link points to.

 c                         A character special file. This file type refers to a device that
                          handles data as a stream of bytes, such as a terminal or modem.

 b                       A block special file. This file type refers to a device that handles
                            data in blocks, such as a hard drive or CD-ROM drive.


 ok these are the some of the attribute which are used to represent the 'file type'
like in this '-rw-rw-r--' by seeing the first charector we can recognised the this file conatain regular type of file....here are some detail description about the owners,groups and world...have a close look on it...that will more effective..to understand the outputs..
reading -r
writing -w
executing -x

 all these nine 'file mode' charecter actully reprent the three types of owners...by the group of three charecters..

            Owner      Group       World
            rwx        rwx         rwx

 now we actually have to now more about the attributes of the output more clearly...so by this way it very easy to understand the output meaning..

 Attribute      -r 

 Files-

  Allows a file to be opened and
read.

 Directories -

 Allows a directory's contents to
be listed if the execute attribute
is also set.
attributes          -w 

 files-

 Allows a file to be written to or
truncated, however this attribute
does not allow files to be
renamed or deleted. The ability
to delete or rename files is
determined by directory
attributes.
directories -

 Allows files within a directory
to be created, deleted, and
renamed if the execute attribute
is also set.
attributes     -x

 files-

  Allows a file to be treated as a
program and executed. Program
files written in scripting
languages must also be set as
readable to be executed.

 directories -

 Allows a directory to be
entered, e.g., cd directory

 Here are some examples of file attribute settings read it and try to understand it..

 File                        Attributes Meaning
-rwx------                A regular file that is readable, writable, and executable by the
                          file's owner. No one else has any access.

 -rw-------               A regular file that is readable and writable by the file's owner.
                         No one else has any access.

 -rw-r--r--               A regular file that is readable and writable by the file's owner.
                         Members of the file's owner group may read the file. The file is
                         world-readable.

 -rwxr-xr-x               A regular file that is readable, writable, and executable by the
                         file's owner. The file may be read and executed by everybody
                         else.

 -rw-rw----              A regular file that is readable and writable by the file's owner
                         and members of the file's group owner only.

 lrwxrwxrwx               A symbolic link. All symbolic links have “dummy”
                          permissions. The real permissions are kept with the actual file
                           pointed to by the symbolic link.

 drwxrwx---                 A directory. The owner and the members of the owner group
                            may enter the directory and, create, rename and remove files
                             within the directory.

 drwxr-x---                 A directory. The owner may enter the directory and create,
                            rename and delete files within the directory. Members of the
                            owner group may enter the directory but cannot create, delete
                             or rename files.  

 i hope these are the pretty much stuff to understand the my point...

 now it time to maniulate these things using terminal...these things mean file mode..offcourse their is an GUI mode to change all this stuff easily but in state when you have to change an multiple of file with different file mode to an different mode then it will become more complicate too do it through GUI mode...i hope you get the point...
lets introduce a new commands to you..

                chmod – Change File Mode

 To change the mode (permissions) of a file or directory, the chmod command is used. Be
aware that only the file’s owner or the superuser can change the mode of a file or directory.
command:

 ubuntu@ubuntu:~$ chmod --help

 output :

 Usage: chmod [OPTION]... MODE[,MODE]... FILE...
  or:  chmod [OPTION]... OCTAL-MODE FILE...
  or:  chmod [OPTION]... --reference=RFILE FILE...
Change the mode of each FILE to MODE.
With --reference, change the mode of each FILE to that of RFILE.

   -c, --changes          like verbose but report only when a change is made
  -f, --silent, --quiet  suppress most error messages
  -v, --verbose          output a diagnostic for every file processed
      --no-preserve-root  do not treat '/' specially (the default)
      --preserve-root    fail to operate recursively on '/'
      --reference=RFILE  use RFILE's mode instead of MODE values
  -R, --recursive        change files and directories recursively
      --help     display this help and exit
      --version  output version information and exit


chmod supports two distinct ways of specifying mode changes: octal number representation,
or symbolic representation. We gonna introduce you first with octal number..
With octal notation we use octal numbers to set the pattern of desired permissions. Since
each digit in an octal number represents three binary digits, this maps nicely to the
scheme used to store the file mode. This table shows what we mean:

 and you know the things about binary that 

 '0' represent low,off condition 
'1' reprent high ,on etc. conditions

 and more thing that..all the file mode charecters are represent in a way...
'rwx' or 'read,write,execute' way only

 so the binary '101' reprent this file mode as 'r-x'...where 'w' or 'write' mode in null mean their is no permission..
these are the representation to represent these file mode..

 lets have a look in the table this will make my point very clearly..

 Octal                      Binary                      File Mode

 0                            000                          ---
1                            001                          --x
2                            010                          -w-
3                            011                          -wx
4                            100                          r--
5                            101                          r-x
6                            110                          rw-
7                            111                          rwx

 so,By using three octal digits, we can set the file mode for the owner, group owner, and
world ..i hope you get it very well ..lets impliment our concept to change the file modes...

 command :

 ubuntu@ubuntu:~$ ls -l zerocool.txt
-rw-rw-r-- 1 ubuntu ubuntu 0 Dec 24 11:41 zerocool.txt

 ubuntu@ubuntu:~$ chmod 600 zerocool.txt|ls -l zerocool.txt
-rw------- 1 ubuntu ubuntu 0 Dec 24 11:41 zerocool.txt
ubuntu@ubuntu:~$ 

so you can see how permission can be easily change by using only one line of command.
actully what we do here..By passing the argument “600”, we were able to set the permissions of the owner to read and write while removing all permissions from the group owner and world. Though remembering
the octal to binary mapping may seem inconvenient, you will usually only
have to use a few common ones: 7 (rwx), 6 (rw-), 5 (r-x), 4 (r--), and 0 (---).

 chmod also supports a symbolic notation for specifying file modes. Symbolic notation is
divided into three parts: who the change will affect, which operation will be performed,
and what permission will be set. To specify who is affected, a combination of the characters
“u”, “g”, “o”, and “a” is used as follows:

 Symbol                                   Meaning

 u/user                            the file or directory owner.

 g/group                              Group owner.

 o/others                           world.

 a /all                          The combination of “u”, “g”, and “o”.

 If no character is specified, “all” will be assumed. 
The operation may be a 

 “+” indicating
that a permission is to be added, 

  “-” indicating 
that a permission is to be taken away, 

           or
a “=” indicating 
that only the specified permissions are to be applied and that all others
are to be removed.


     Permissions are specified with the “r”, “w”, and “x” characters. Here are some examples
of symbolic notation:
Notation                                Meaning

 u+x                               Add execute permission for the owner.

 u-x                              Remove execute permission from the owner.

 +x or Equivalent to a+x.         Add execute permission for the owner, group, and world.
                                    
o-rw                            Remove the read and write permission from anyone besides the
                                owner and group owner.

 go=rw                         Set the group owner and anyone besides the owner to have read and
                            write permission. If either the group owner or world previously had
                            execute permissions, they are removed.

 u+x,go=rx                    Add execute permission for the owner and set the permissions for
                            the group and others to read and execute. Multiple specifications
                            may be separated by commas.

 Symbolic notation does offer the advantage of allowing you to set a single attribute without disturbing any of the others.
but some folk use the octal notation rather than symbolic...but guy you have freedom use any of them which one suitable for you.

 but for futher reading about chmod command you can read its manual page in your system but here i add an text for its manual read it here ..or just write command in your terminal as...

 command:

 ubuntu@ubuntu:~$ man chmod

 or you can redirect your output into an folder..

 ubuntu@ubuntu:~$ man chmod >CHMODManual.txt

 that's it for today we will see all other commands in the later article section .
comment below in below box for any query or you can join my command community box in facebook.
see you their..

 until next article this is ..
                             ZEROCOOL
                             SIGN OUT
Labels:

Popular posts from this blog

DEEP SOUND -STEGNOGRAPHY

In the series of the steganography ..today we are going to discuss the hiding of data in the music file through the help of the window based tool name       "DEEP SOUND" ..now a days very famous TV series name             Mr. Robot . . off course i am  fan of this show..where elliot use this tool for hiding his secret data.. read previous article on steganography                                                         so without wasting much time lets start .. 1.install the DEEP SOUND go to the official website of the deep sound and download it to your machine.  and open up the interface of the deep sound. 2. setting click on the setting gear icon, an pop-up window show up...where languge remain same as english,           change your output  directory ..like i change it to the documents by browsing the folder. after that check the box for encrypt files .. after that it will ask for the password.. input your password for the sec
Read more

KALI LINUX -SECURITY ,CONFIGURATIO AND UPDATES

      Configuring network services and  secure  communications The first step in being able to use Kali is to ensure that it has connectivity to either a wired or wireless network to support updates and customization. You may need to obtain an IP address by DHCP (Dynamic Host Configuration Protocol), or assign one statically. First, confirm your IP address using the  command  ifconfig command from a terminal window, as shown in the following screenshot: IP address is 192.168.1.11.... If an IP address was not obtained, an address can be assigned by DHCP using the command dhclient eth0 (or other available interfaces, which will depend on the  specific configuration of the system being used). If a static IP address is used, additional information may be required. For example, you can assign a static IP of 192.168.1.11as follows:                     inet addr:192.168.1.11            Bcast:192.168.1.255            Mask:255.255.255.0        Securing com
Read more

EVERY LINUX_ADMIN-COMMANDS TO BE KNOW

Hello Friends,             in todays article i am gonna cover the most used 16 linux commands,every linux admin should know it.in the whole article i just show the uses of all the commands and their additional attributes too.
Read more