Ethical Hacking and Penetration Testing Guide
◾ Ethical Hacking and Penetration Testing Guide File Permission in Linux
Yüklə 22,44 Mb. Pdf görüntüsü
|
|
22
◾ Ethical Hacking and Penetration Testing Guide File Permission in Linux Although there are already a lot of good security features built into Linux-based systems, based upon the need for proper permissions, I will go over the ways to assign permissions and show you some examples where modification may be necessary. Wrong file permission may open a door for attackers in your system. Group Permission Owner —The Owner permissions apply only the owner of the file or directory; they will not impact the actions of other users. Group —The Group permissions apply only to the group that has been assigned to the file or directory; they will not affect the actions of other users. All User/Other —The All Users permissions apply to all other users on the system; this is the permission group that you want to watch the most. Each file or directory has three basic permission types: Read —The Read permission refers to a user’s capability to read the contents of the file. Write— The Write permissions refer to a user’s capability to write or modify a file or directory. Execute —The Execute permission affects a user’s capability to execute a file or view the contents of a directory. Let’s see how it works. File permission is in following format. Owner Group Other/all root@Net:~# ls -al We will talk about aforementioned command later on in this chapter. -rwxr-xr-x 1 net tut 77 Oct 24 11:51 auto run drwx------ 2 ali tut 4096 Oct 25 2012 cache File auto run permission -—No special permissions rwx—Owner (net) having read, write, and execute permission while group (tut) having read and execute and other also having same permission. File cahe permission d—Represent directory rwx—Owner (ali) having read, write, and execute permission while group (tut) and other/all does not have any permission for accessing or reading this file. Linux Advance/Special Permission l—The file or directory is a symbolic link s—This indicated the setuid/setgid permissions. Represented as a s in the read portion of the owner or group permissions. Linux Basics ◾ 23 t—This indicates the sticky bit permissions. Represented as a t in the executable portion of the all users permissions i—chatter Making file unchangeable There are two more which mostly used by devices. c—Character device b—Block device (i.e., hdd) Let’s go through some examples Link Permission root@net:~#ln -s new /root/link root@net:~#ls -al lrwxrwxrwx 1 ali ali 3 Mar 18 08:09 link -> new link is created for a file name called new (link is symbolic for file name new) Suid & Guid Permission setuid ( SUID )—This is used to grant root level access or permissions to users When an executable is given setuid permissions, normal users can execute the file with root level or owner privileges. Setuid is commonly used to assign temporarily privileges to a user to accomplish a certain task. For example, changing a user’s password would require higher privileges, and in this case, setuid can be used. setgid ( SGID )—This is similar to setuid, the only difference being that it’s used in the context of a group, whereas setuid is used in the context of a user. root@net:~#chmod u+s new root@net:~#ls -al -rwSr--r-- 1 ali ali 13 Mar 18 07:54 new Capital S shows Suid for this file. root@net:~#chmod g+s guid-demo root@net:~#ls -al -rw-r-Sr-- 1 ali ali 0 Mar 18 09:13 guid-demo Capital S shows Guid for guid-demo file and capital S is in group section. Stickybit Permission This is another type of permission; it is mostly used on directories to prevent anyone other than the “root” or the “owner” from deleting the contents. root@net:~#chmod +t new root@net:~#ls -al -rw-r--r-T 1 ali ali 13 Mar 18 07:54 new Capital T shows that stickybit has been set for other user (only owner or root user can delete files) 24 ◾ Ethical Hacking and Penetration Testing Guide Chatter Permission root@net:~#lsattr ---------------- ./new root@net:~#chattr +i new root@net:~#lsattr ----i----------- ./new Small i shows that this file is unchangeable and lsattr is a command to check if there is chattr on file. Before we end up with file permission, let’s have little look about numerical file permission. r = 4 w = 2 x = 1 The sum of those aforementioned values manipulates the file permission accordingly, that is, root@net:~# ls -al -rw-r--r-- 1 ali ali 13 Mar 18 07:54 new Here other user only having “read” permission so what we are going to do is to change it into read and write but not execute. root@net:~#chmod 646 new root@net:~#ls -al -rw-r--rw- 1 root root 13 Mar 18 07:54 new Let’s explore a bit more into it, we want read + write permission so 4 + 2 = 6 that’s mean read and write. Hope it is clear now how to set permission on a file and what it does. Yüklə 22,44 Mb. Dostları ilə paylaş:
|