unix systems administration 1y. k. chang root: the super user 4 the unix semigod who can perform...

Unix Systems Administration 1Y. K. Chang

root: the super user The UNIX semigod who can perform privileged

tasks: controlling processes, adding devices, etc. Ownership Model

– concept of ownership for files and processes

– Can be overridden by the superuser

– Groups are defined in /etc/group

– User numbers (UID) and group numbers (GID), that are mapped to user and group names in file /etc/passwd, are used by UNIX.


root: the super user– Four numbers are associated with each process:

• a real UID and a real GID used for accounting

• an effective UID and an effective GID used for determining access permission

• normally, real = effective

• owner can send processes signals and reduces the process’s scheduling priority


root: the super user situation where real effective

– A process wishing to execute a different program file calls one of the exec family of system calls.

– The effective UID and GID of the process may be set to the UID and GID of the file containing the new program if the file has its “setuid” or “setgid” permission bits set.

– exec + /bin/passwd and /bin/login with “setuid” or “setgid” bits set to temporarily gain superuser privileges.


root: the super user /bin/passwd /bin/login

-rws--x--x -rws--x--x root bin [OSF1 V3.0] -rwsr-s--x -rwsr-xr-x root sys [IRIX5.3] -r-sr-sr-x -r-sr-xr-x root sys [Solaris 2.4] -rwsr-xr-x -rwsr-xr-x root taff[SunOS4.1.4]

/bin/login changes its UIDs and GIDs to the login user==> once a root changes its ownership to become a normal user, can not change them back.


root: the super user Choosing a root password

– randomly generated 8 characters– change the root password

• at least every months or so

• every time someone who knows the password leaves your site

• whenever you think security may have been compromised

• not a day before party


root: the super user Becoming root

– First step is to become a superuser (administrator)

– using /bin/su is better than simply su command. Why?

– On some systems, you must be a member of the group “wheel” or “system” in order to use su command and other restriction for remote login see p.121 and p.548.


root: sudo /etc/sudoers file #define aliases for machines in CS and

Physics Host_Alias

CS=tigger,anchor,piper,noet,sigi Host_Alias Physics=eprince,pprince,icarus #define an alias for all sump/restore

commands


root: sudo C_Alias DUMP=/usr/etc/dump,

/usr/etc/rdump, /usr/etc/restore, /usr/etc/rrestore

# mark CS=ALL,Physics=DUMP herb CS=/usr/local/bin/tcpdump randy ALL=ALL


root: sudo Sudo logs:

– command lines executed

– who

– directory form where they were run

– time

Advantages:– accounting

– operators do chores without unlimited power

– root password known by only one/two person


root: sudo Advantages (cont.):

– faster to use sudo than su or login as root

– privileges my be revoked without changing the root password

– A list of all users with root power is maintained

– less chance of a root shell being left unattended

– Since access restrictions are host-dependent, a single file controls access for an entire network

Disadvantages: mostly security if it has a hole


root: sudo Other important users

– daemon: UID 1• files not belong to a particular user are often given

to daemon, rather than root, to avoid security hazard.

– bin: UID 2 or 3• directories that contain the system’s commands and

most of the executables.


root: sudo– sys: UID 2 or 4

• /dev/kmem: kernel address space

• /dev/mem: physical memory of the system

• /dev/swap|/dev/drum: image of swap space

– nobody: UID -1 or -2• -1 means 32767 for short integers

• owner of software that doesnot need or shouldnot have special permissions.

• NSF uses it

• fingerd daemon


The Login Process One of init process is to spawn a getty

process on each terminal port that is turned on in the /etc/ttys or /etc/initab file. getty sets the port’s initial characteristics (such as speed and parity) and prints a login prompt:– enter a login prompt by bootup or telnet– getty cxecutes the login program with the

specified account name– login requests a passwprd and validates the

name and password with /etc/passwd


The Login Process– login print the message of today from /etc/motd– login runs a shell and sets up the TERM

environment variable– The shell executes .profile (Bourne shell)

or .login and .cshrc (C shell)– The shell prints the UNIX prompt and waits for

input When log out, control returns to init, which

wakes up and spawns a new getty on the terminal port


chmod command change the permissions mode of a file

– SYNOPSIS chmod [ -fR ] <absolute-mode> file

chmod [ -fR ] <symbolic-mode-list> file...

– -f :Force. chmod will not complain if it fails to change the mode of a file.

– -R :Recursively descend through directory arguments, setting the mode for each file as described above. When symbolic links are encountered, the mode of the target file is changed, but no recursion takes place.


chmod (cont.) Absolute mode

– use octal numbers: chmod nnnn file ...

– where:n = 0 to 7, constructed from the OR of a• 4000 Set user ID on execution.

• 20#0 Set group ID on execution if # is 7, 5, 3, or 1. Enable mandatory locking if # is 6, 4, 2, or 0. For directories, files are created with BSD semantics for propagation of the group ID. With this option, files and subdirectories created in the directory inherit the group ID of the directory, rather than of the current process. It may be using symbolic mode.

• 1000 Turn on sticky bit. See chmod(2).


chmod (cont.)• 0400 Allow read by owner.

• 0200 Allow write by owner.

• 0100 Allow execute (search in dir) by owner.

• 0700 read, write, execute (search) by owner.

• 0040 Allow read by group.

• 0020 Allow write by group.

• 0010 Allow execute (search in dir) by group.

• 0070 read, write, execute (search) by group.

• 0004 Allow read by others.

• 0002 Allow write by others.

• 0001 Allow execute (search in dir) by others.

• 0007 read, write, and execute (search) by others.


chmod (cont.) Note that for directories, the setgid bit

cannot be set (or cleared) in absolute mode; it must be set (or cleared) in symbolic mode using g+s (or g-s).

Mandatory file and record locking (l) refers to a file's ability to have its reading or writing permissions locked while a program is accessing that file.


chmod (cont.) Symbolic mode

– A symbolic mode specification has the following format:

– chmod <symbolic-mode-list> file…– where: <symbolic-mode-list> is a comma-

separated list (with no intervening whitespace) of symbolic mode expressions of the form:

• [who] operator [permissions]


chmod (cont.)• who: zero or more of the characters u, g, o, and a specifying

whose permissions are to be changed or assigned: u-user's, g-group's, o-others’ and a-all permissions (user, group, and other)

• operator either +, -, or =, signifying how permissions are to be changed

• permission: any compatible combination of the following letters:

– r read permission

– w write permission

– x execute permission

– l mandatory locking

– s user or group set-ID

– t sticky bit


EXAMPLES Denying execute permission to everyone

– chmod a-x filechmod a-x file Allowing only read permission to everyone

– chmod 444 filechmod 444 file Making a file readable&writable by group and

others– chmod go+rw filechmod go+rw file or chmod 066 filechmod 066 file

Causing a file to be locked during access– chmod +l filechmod +l file

Allowing everyone to read, write, and execute the file and turn on the set group-ID– chmod a=rwx,g+s filechmod a=rwx,g+s file or chmod 2777 filechmod 2777 file


Protecting Files with Sticky Bit Unix dir access permissions:if writable on a dir,

can rename/remove any files there – $ mkdir share; chmod 1777 share

• drwxrwxrwt 2 jerry ora 32 Nov 19 10:31 share

– ls -l• -rw-r--r-- 1 ellie ora 120 Nov 19 11:32 data.ellie

• -rw-r--r-- 1 jen ora 3421 Nov 19 15:34 data.jen

• -rw-r--r-- 1 peter ora 728 Nov 20 12:29 data.peter

– rm data.ellie (from jen)

– data.ellie: 644 mode ? Y

– rm: data.ellie not removed.\Permission denied


sticky(5) sticky - mark files for special treatment

– A file in a sticky directorysticky directory may only be removed or renamed by a user who has write permission on the directory, and either owns the file, owns the directory, or is the super-user. useful for /tmp,

– If sticky bit on a regular file and no execute bits are set, the system's page cache will not be used to hold the file's data.

unix systems administration 1y. k. chang root: the super user 4 the unix semigod who can perform...

Documents