SYSTEM SECURITY-PERMISSIONS

Add caption











Hello guys welcome back to HackerHeaven,today we will learn about the system security of the linux distros...very preciesly..so..we are going to look at this essential part of system security and introduce the following commands:
● id – Display user identity
● chmod – Change a file's mode
● umask – Set the default file permissions
● su – Run a shell as another user
● sudo – Execute a command as another user
● chown – Change a file's owner
● chgrp – Change a file's group ownership
● passwd – Change a user's password
 i hope you enjoyed my previous articles too...
here are some things straight forward but instead you have too know it..


command : id

output :

ubuntu@ubuntu:~$ id
uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lpadmin),124(sambashare)
ubuntu@ubuntu:~$ 


So where does this information come from? Like so many things in Linux, from a couple
of text files. User accounts are defined in the /etc/passwd file and groups are defined
in the /etc/group file. When user accounts and groups are created, these files are
modified along with /etc/shadow which holds information about the user's password.
For each user account, the /etc/passwd file defines the user (login) name, uid, gid,
the account's real name, home directory, and login shell. If you examine the contents of
/etc/passwd and /etc/group, you will notice that besides the regular user accounts,
there are accounts for the superuser (uid 0) and various other system users.

over all ..if you really wanna to dive into the linux directories...for this you have to executes some commands..these are listed below...

commands..
1.this command will list all the owners..
ubuntu@ubuntu:~$ less /etc/passwd >FileName.txt

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
libuuid:x:100:101::/var/lib/libuuid:
:more---

here FileName.txt is an txt file where you can print the output of the commands executed by the command.. less /etc/passwd ..you can easily read out the content inside the /etc file
for samle you can see above.
                         

2.this command will list out all the groups exits in the ubuntu..

command-  
ubuntu@ubuntu:~$ less /etc/group >GroupNames.txt

root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog,ubuntu
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:ubuntu

here again GroupNames.txt is the file which will store the ouput of the command less /etc/group ,actually above output is for sample out only..                  



                            Reading, Writing, And Executing:

now lets talk about more deeper about our main topic..
Access rights to files and directories are defined in terms of read access, write access, and
execution access. 
these are represented in terminal output by charecter 'r' ,'w' and 'x' respectively.
 If we look at the output of the ls command, we can get some clue as to
 how this is implemented:

ubuntu@ubuntu:~$ >zerocool.txt
ubuntu@ubuntu:~$ ls -l zerocool.txt
-rw-rw-r-- 1 ubuntu ubuntu 0 Dec 24 11:41 zerocool.txt
ubuntu@ubuntu:~$ 

The first ten characters(- rw-rw-r--) of the listing are the file attributes. The first of these characters('-' or 'd' or 'l') is the file type. Here are the file types you are most likely to see (there are other, less common types too):

Attribute                         File Type
-                                 A regular file.

d                                 A directory.

l                          A symbolic link. Notice that with symbolic links, the remaining file
                          attributes are always “rwxrwxrwx” and are dummy values. The real
                           file attributes are those of the file the symbolic link points to.

c                         A character special file. This file type refers to a device that
                          handles data as a stream of bytes, such as a terminal or modem.

b                       A block special file. This file type refers to a device that handles
                            data in blocks, such as a hard drive or CD-ROM drive.


ok these are the some of the attribute which are used to represent the 'file type'
like in this '-rw-rw-r--' by seeing the first charector we can recognised the this file conatain regular type of file....here are some detail description about the owners,groups and world...have a close look on it...that will more effective..to understand the outputs..


reading -r
writing -w
executing -x

all these nine 'file mode' charecter actully reprent the three types of owners...by the group of three charecters..

           Owner      Group       World
            rwx        rwx         rwx

now we actually have to now more about the attributes of the output more clearly...so by this way it very easy to understand the output meaning..

Attribute      -r 

Files-

 Allows a file to be opened and
read.

Directories -

Allows a directory's contents to
be listed if the execute attribute
is also set.


attributes          -w 

files-

Allows a file to be written to or
truncated, however this attribute
does not allow files to be
renamed or deleted. The ability
to delete or rename files is
determined by directory
attributes.


directories -

Allows files within a directory
to be created, deleted, and
renamed if the execute attribute
is also set.


attributes     -x

files-

 Allows a file to be treated as a
program and executed. Program
files written in scripting
languages must also be set as
readable to be executed.

directories -

Allows a directory to be
entered, e.g., cd directory

Here are some examples of file attribute settings read it and try to understand it..

File                        Attributes Meaning
-rwx------                A regular file that is readable, writable, and executable by the
                          file's owner. No one else has any access.

-rw-------               A regular file that is readable and writable by the file's owner.
                         No one else has any access.

-rw-r--r--               A regular file that is readable and writable by the file's owner.
                         Members of the file's owner group may read the file. The file is
                         world-readable.

-rwxr-xr-x               A regular file that is readable, writable, and executable by the
                         file's owner. The file may be read and executed by everybody
                         else.

-rw-rw----              A regular file that is readable and writable by the file's owner
                         and members of the file's group owner only.

lrwxrwxrwx               A symbolic link. All symbolic links have “dummy”
                          permissions. The real permissions are kept with the actual file
                           pointed to by the symbolic link.

drwxrwx---                 A directory. The owner and the members of the owner group
                            may enter the directory and, create, rename and remove files
                             within the directory.

drwxr-x---                 A directory. The owner may enter the directory and create,
                            rename and delete files within the directory. Members of the
                            owner group may enter the directory but cannot create, delete
                             or rename files.  

i hope these are the pretty much stuff to understand the my point...

now it time to maniulate these things using terminal...these things mean file mode..offcourse their is an GUI mode to change all this stuff easily but in state when you have to change an multiple of file with different file mode to an different mode then it will become more complicate too do it through GUI mode...i hope you get the point...
lets introduce a new commands to you..

               chmod – Change File Mode

To change the mode (permissions) of a file or directory, the chmod command is used. Be
aware that only the file’s owner or the superuser can change the mode of a file or directory.


command:

ubuntu@ubuntu:~$ chmod --help

output :

Usage: chmod [OPTION]... MODE[,MODE]... FILE...
  or:  chmod [OPTION]... OCTAL-MODE FILE...
  or:  chmod [OPTION]... --reference=RFILE FILE...
Change the mode of each FILE to MODE.
With --reference, change the mode of each FILE to that of RFILE.

  -c, --changes          like verbose but report only when a change is made
  -f, --silent, --quiet  suppress most error messages
  -v, --verbose          output a diagnostic for every file processed
      --no-preserve-root  do not treat '/' specially (the default)
      --preserve-root    fail to operate recursively on '/'
      --reference=RFILE  use RFILE's mode instead of MODE values
  -R, --recursive        change files and directories recursively
      --help     display this help and exit
      --version  output version information and exit


chmod supports two distinct ways of specifying mode changes: octal number representation,
or symbolic representation. We gonna introduce you first with octal number..
With octal notation we use octal numbers to set the pattern of desired permissions. Since
each digit in an octal number represents three binary digits, this maps nicely to the
scheme used to store the file mode. This table shows what we mean:

and you know the things about binary that 

'0' represent low,off condition 
'1' reprent high ,on etc. conditions

and more thing that..all the file mode charecters are represent in a way...
'rwx' or 'read,write,execute' way only

so the binary '101' reprent this file mode as 'r-x'...where 'w' or 'write' mode in null mean their is no permission..
these are the representation to represent these file mode..

lets have a look in the table this will make my point very clearly..

Octal                      Binary                      File Mode

0                            000                          ---
1                            001                          --x
2                            010                          -w-
3                            011                          -wx
4                            100                          r--
5                            101                          r-x
6                            110                          rw-
7                            111                          rwx

so,By using three octal digits, we can set the file mode for the owner, group owner, and
world ..i hope you get it very well ..lets impliment our concept to change the file modes...

command :

ubuntu@ubuntu:~$ ls -l zerocool.txt
-rw-rw-r-- 1 ubuntu ubuntu 0 Dec 24 11:41 zerocool.txt

ubuntu@ubuntu:~$ chmod 600 zerocool.txt|ls -l zerocool.txt
-rw------- 1 ubuntu ubuntu 0 Dec 24 11:41 zerocool.txt
ubuntu@ubuntu:~$ 


so you can see how permission can be easily change by using only one line of command.
actully what we do here..By passing the argument “600”, we were able to set the permissions of the owner to read and write while removing all permissions from the group owner and world. Though remembering
the octal to binary mapping may seem inconvenient, you will usually only
have to use a few common ones: 7 (rwx), 6 (rw-), 5 (r-x), 4 (r--), and 0 (---).

chmod also supports a symbolic notation for specifying file modes. Symbolic notation is
divided into three parts: who the change will affect, which operation will be performed,
and what permission will be set. To specify who is affected, a combination of the characters
“u”, “g”, “o”, and “a” is used as follows:

Symbol                                   Meaning

u/user                            the file or directory owner.

g/group                              Group owner.

o/others                           world.

a /all                          The combination of “u”, “g”, and “o”.

If no character is specified, “all” will be assumed. 
The operation may be a 

“+” indicating
that a permission is to be added, 

 “-” indicating 
that a permission is to be taken away, 

          or
a “=” indicating 
that only the specified permissions are to be applied and that all others
are to be removed.


    Permissions are specified with the “r”, “w”, and “x” characters. Here are some examples
of symbolic notation:


Notation                                Meaning

u+x                               Add execute permission for the owner.

u-x                              Remove execute permission from the owner.

+x or Equivalent to a+x.         Add execute permission for the owner, group, and world.
                                    
o-rw                            Remove the read and write permission from anyone besides the
                                owner and group owner.

go=rw                         Set the group owner and anyone besides the owner to have read and
                            write permission. If either the group owner or world previously had
                            execute permissions, they are removed.

u+x,go=rx                    Add execute permission for the owner and set the permissions for
                            the group and others to read and execute. Multiple specifications
                            may be separated by commas.

Symbolic notation does offer the advantage of allowing you to set a single attribute without disturbing any of the others.
but some folk use the octal notation rather than symbolic...but guy you have freedom use any of them which one suitable for you.

but for futher reading about chmod command you can read its manual page in your system but here i add an text for its manual read it here ..or just write command in your terminal as...

command:

ubuntu@ubuntu:~$ man chmod

or you can redirect your output into an folder..

ubuntu@ubuntu:~$ man chmod >CHMODManual.txt

that's it for today we will see all other commands in the later article section .
comment below in below box for any query or you can join my command community box in facebook.
see you their..

until next article this is ..
                             ZEROCOOL
                             SIGN OUT

Popular Posts