Ethical Hacking and Penetration Testing Guide


◾  Ethical Hacking and Penetration Testing Guide File Permission in Linux



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə29/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   25   26   27   28   29   30   31   32   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

22
◾ 
Ethical Hacking and Penetration Testing Guide
File Permission in Linux
Although there are already a lot of good security features built into Linux-based systems, based 
upon the need for proper permissions, I will go over the ways to assign permissions and show you 
some examples where modification may be necessary. Wrong file permission may open a door for 
attackers in your system.
Group Permission
Owner
—The Owner permissions apply only the owner of the file or directory; they will not 
impact the actions of other users.
Group
—The Group permissions apply only to the group that has been assigned to the file or 
directory; they will not affect the actions of other users.
All User/Other
—The All Users permissions apply to all other users on the system; this is the 
permission group that you want to watch the most.
Each file or directory has three basic permission types:
Read
—The Read permission refers to a user’s capability to read the contents of the file.
Write—
The Write permissions refer to a user’s capability to write or modify a file or directory.
Execute
—The Execute permission affects a user’s capability to execute a file or view the contents 
of a directory.
Let’s see how it works.
File permission is in following format.
Owner Group Other/all
root@Net:~# ls -al
We will talk about aforementioned command later on in this chapter.
-rwxr-xr-x 1 net tut 77 Oct 24 11:51 auto run
drwx------ 2 ali tut 4096 Oct 25 2012 cache
File auto run permission
-—No special permissions
rwx—Owner (net) having read, write, and execute permission while group (tut) having read 
and execute and other also having same permission.
File cahe permission
d—Represent directory
rwx—Owner (ali) having read, write, and execute permission while group (tut) and other/all 
does not have any permission for accessing or reading this file.
Linux Advance/Special Permission
l—The file or directory is a symbolic link
s—This indicated the setuid/setgid permissions. Represented as a s in the read portion of the 
owner or group permissions.


Linux Basics
◾ 
23
t—This indicates the sticky bit permissions. Represented as a t in the executable portion of the 
all users permissions
i—chatter Making file unchangeable 
There are two more which mostly used by devices.
c—Character device
b—Block device (i.e., hdd)
Let’s go through some examples
Link Permission
root@net:~#ln -s new /root/link
root@net:~#ls -al
lrwxrwxrwx 1 ali ali 3 Mar 18 08:09 link -> new
link is created for a file name called new (link is symbolic for file name new)
Suid & Guid Permission
setuid 
(
SUID
)—This is used to grant root level access or permissions to users
When an executable is given setuid permissions, normal users can execute the file with root level or 
owner privileges. Setuid is commonly used to assign temporarily privileges to a user to accomplish 
a certain task. For example, changing a user’s password would require higher privileges, and in this 
case, setuid can be used.
setgid
(
SGID
)—This is similar to setuid, the only difference being that it’s used in the context 
of a group, whereas setuid is used in the context of a user.
root@net:~#chmod u+s new
root@net:~#ls -al
-rwSr--r-- 1 ali ali 13 Mar 18 07:54 new
Capital 
S
shows Suid for this file.
root@net:~#chmod g+s guid-demo
root@net:~#ls -al
-rw-r-Sr-- 1 ali ali 0 Mar 18 09:13 guid-demo
Capital 
S
shows Guid for guid-demo file and capital S is in group section.
Stickybit Permission
This is another type of permission; it is mostly used on directories to prevent anyone other than 
the “root” or the “owner” from deleting the contents.
root@net:~#chmod +t new
root@net:~#ls -al
-rw-r--r-T 1 ali ali 13 Mar 18 07:54 new
Capital
 T
shows that stickybit has been set for other user (only owner or root user can delete files)


24
◾ 
Ethical Hacking and Penetration Testing Guide
Chatter Permission
root@net:~#lsattr
---------------- ./new
root@net:~#chattr +i new
root@net:~#lsattr
----i----------- ./new
Small 
i
shows that this file is unchangeable and lsattr is a command to check if there is chattr on file.
Before we end up with file permission, let’s have little look about numerical file permission.
r = 4
w = 2
x = 1
The sum of those aforementioned values manipulates the file permission accordingly, that is,
root@net:~# ls -al
-rw-r--r-- 1 ali ali 13 Mar 18 07:54 new
Here other user only having “read” permission so what we are going to do is to change it into read 
and write but not execute.
root@net:~#chmod 646 new
root@net:~#ls -al
-rw-r--rw- 1 root root 13 Mar 18 07:54 new
Let’s explore a bit more into it, we want read + write permission so 4 + 2 = 6 that’s mean read and write.
Hope it is clear now how to set permission on a file and what it does.

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   25   26   27   28   29   30   31   32   ...   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin