unix systems administration 1y. k. chang root: the super user 4 the unix semigod who can perform...
Post on 22-Dec-2015
216 views
TRANSCRIPT
Unix Systems Administration 1Y. K. Chang
root: the super user The UNIX semigod who can perform privileged
tasks: controlling processes, adding devices, etc. Ownership Model
– concept of ownership for files and processes
– Can be overridden by the superuser
– Groups are defined in /etc/group
– User numbers (UID) and group numbers (GID), that are mapped to user and group names in file /etc/passwd, are used by UNIX.
Unix Systems Administration 2Y. K. Chang
root: the super user– Four numbers are associated with each process:
• a real UID and a real GID used for accounting
• an effective UID and an effective GID used for determining access permission
• normally, real = effective
• owner can send processes signals and reduces the process’s scheduling priority
Unix Systems Administration 3Y. K. Chang
root: the super user situation where real effective
– A process wishing to execute a different program file calls one of the exec family of system calls.
– The effective UID and GID of the process may be set to the UID and GID of the file containing the new program if the file has its “setuid” or “setgid” permission bits set.
– exec + /bin/passwd and /bin/login with “setuid” or “setgid” bits set to temporarily gain superuser privileges.
Unix Systems Administration 4Y. K. Chang
root: the super user /bin/passwd /bin/login
-rws--x--x -rws--x--x root bin [OSF1 V3.0] -rwsr-s--x -rwsr-xr-x root sys [IRIX5.3] -r-sr-sr-x -r-sr-xr-x root sys [Solaris 2.4] -rwsr-xr-x -rwsr-xr-x root taff[SunOS4.1.4]
/bin/login changes its UIDs and GIDs to the login user==> once a root changes its ownership to become a normal user, can not change them back.
Unix Systems Administration 5Y. K. Chang
root: the super user Choosing a root password
– randomly generated 8 characters– change the root password
• at least every months or so
• every time someone who knows the password leaves your site
• whenever you think security may have been compromised
• not a day before party
Unix Systems Administration 6Y. K. Chang
root: the super user Becoming root
– First step is to become a superuser (administrator)
– using /bin/su is better than simply su command. Why?
– On some systems, you must be a member of the group “wheel” or “system” in order to use su command and other restriction for remote login see p.121 and p.548.
Unix Systems Administration 7Y. K. Chang
root: sudo /etc/sudoers file #define aliases for machines in CS and
Physics Host_Alias
CS=tigger,anchor,piper,noet,sigi Host_Alias Physics=eprince,pprince,icarus #define an alias for all sump/restore
commands
Unix Systems Administration 8Y. K. Chang
root: sudo C_Alias DUMP=/usr/etc/dump,
/usr/etc/rdump, /usr/etc/restore, /usr/etc/rrestore
# mark CS=ALL,Physics=DUMP herb CS=/usr/local/bin/tcpdump randy ALL=ALL
Unix Systems Administration 9Y. K. Chang
root: sudo Sudo logs:
– command lines executed
– who
– directory form where they were run
– time
Advantages:– accounting
– operators do chores without unlimited power
– root password known by only one/two person
Unix Systems Administration 10Y. K. Chang
root: sudo Advantages (cont.):
– faster to use sudo than su or login as root
– privileges my be revoked without changing the root password
– A list of all users with root power is maintained
– less chance of a root shell being left unattended
– Since access restrictions are host-dependent, a single file controls access for an entire network
Disadvantages: mostly security if it has a hole
Unix Systems Administration 11Y. K. Chang
root: sudo Other important users
– daemon: UID 1• files not belong to a particular user are often given
to daemon, rather than root, to avoid security hazard.
– bin: UID 2 or 3• directories that contain the system’s commands and
most of the executables.
Unix Systems Administration 12Y. K. Chang
root: sudo– sys: UID 2 or 4
• /dev/kmem: kernel address space
• /dev/mem: physical memory of the system
• /dev/swap|/dev/drum: image of swap space
– nobody: UID -1 or -2• -1 means 32767 for short integers
• owner of software that doesnot need or shouldnot have special permissions.
• NSF uses it
• fingerd daemon
Unix Systems Administration 13Y. K. Chang
The Login Process One of init process is to spawn a getty
process on each terminal port that is turned on in the /etc/ttys or /etc/initab file. getty sets the port’s initial characteristics (such as speed and parity) and prints a login prompt:– enter a login prompt by bootup or telnet– getty cxecutes the login program with the
specified account name– login requests a passwprd and validates the
name and password with /etc/passwd
Unix Systems Administration 14Y. K. Chang
The Login Process– login print the message of today from /etc/motd– login runs a shell and sets up the TERM
environment variable– The shell executes .profile (Bourne shell)
or .login and .cshrc (C shell)– The shell prints the UNIX prompt and waits for
input When log out, control returns to init, which
wakes up and spawns a new getty on the terminal port
Unix Systems Administration 15Y. K. Chang
chmod command change the permissions mode of a file
– SYNOPSIS chmod [ -fR ] <absolute-mode> file
chmod [ -fR ] <symbolic-mode-list> file...
– -f :Force. chmod will not complain if it fails to change the mode of a file.
– -R :Recursively descend through directory arguments, setting the mode for each file as described above. When symbolic links are encountered, the mode of the target file is changed, but no recursion takes place.
Unix Systems Administration 16Y. K. Chang
chmod (cont.) Absolute mode
– use octal numbers: chmod nnnn file ...
– where:n = 0 to 7, constructed from the OR of a• 4000 Set user ID on execution.
• 20#0 Set group ID on execution if # is 7, 5, 3, or 1. Enable mandatory locking if # is 6, 4, 2, or 0. For directories, files are created with BSD semantics for propagation of the group ID. With this option, files and subdirectories created in the directory inherit the group ID of the directory, rather than of the current process. It may be using symbolic mode.
• 1000 Turn on sticky bit. See chmod(2).
Unix Systems Administration 17Y. K. Chang
chmod (cont.)• 0400 Allow read by owner.
• 0200 Allow write by owner.
• 0100 Allow execute (search in dir) by owner.
• 0700 read, write, execute (search) by owner.
• 0040 Allow read by group.
• 0020 Allow write by group.
• 0010 Allow execute (search in dir) by group.
• 0070 read, write, execute (search) by group.
• 0004 Allow read by others.
• 0002 Allow write by others.
• 0001 Allow execute (search in dir) by others.
• 0007 read, write, and execute (search) by others.
Unix Systems Administration 18Y. K. Chang
chmod (cont.) Note that for directories, the setgid bit
cannot be set (or cleared) in absolute mode; it must be set (or cleared) in symbolic mode using g+s (or g-s).
Mandatory file and record locking (l) refers to a file's ability to have its reading or writing permissions locked while a program is accessing that file.
Unix Systems Administration 19Y. K. Chang
chmod (cont.) Symbolic mode
– A symbolic mode specification has the following format:
– chmod <symbolic-mode-list> file…– where: <symbolic-mode-list> is a comma-
separated list (with no intervening whitespace) of symbolic mode expressions of the form:
• [who] operator [permissions]
Unix Systems Administration 20Y. K. Chang
chmod (cont.)• who: zero or more of the characters u, g, o, and a specifying
whose permissions are to be changed or assigned: u-user's, g-group's, o-others’ and a-all permissions (user, group, and other)
• operator either +, -, or =, signifying how permissions are to be changed
• permission: any compatible combination of the following letters:
– r read permission
– w write permission
– x execute permission
– l mandatory locking
– s user or group set-ID
– t sticky bit
Unix Systems Administration 21Y. K. Chang
EXAMPLES Denying execute permission to everyone
– chmod a-x filechmod a-x file Allowing only read permission to everyone
– chmod 444 filechmod 444 file Making a file readable&writable by group and
others– chmod go+rw filechmod go+rw file or chmod 066 filechmod 066 file
Causing a file to be locked during access– chmod +l filechmod +l file
Allowing everyone to read, write, and execute the file and turn on the set group-ID– chmod a=rwx,g+s filechmod a=rwx,g+s file or chmod 2777 filechmod 2777 file
Unix Systems Administration 22Y. K. Chang
Protecting Files with Sticky Bit Unix dir access permissions:if writable on a dir,
can rename/remove any files there – $ mkdir share; chmod 1777 share
• drwxrwxrwt 2 jerry ora 32 Nov 19 10:31 share
– ls -l• -rw-r--r-- 1 ellie ora 120 Nov 19 11:32 data.ellie
• -rw-r--r-- 1 jen ora 3421 Nov 19 15:34 data.jen
• -rw-r--r-- 1 peter ora 728 Nov 20 12:29 data.peter
– rm data.ellie (from jen)
– data.ellie: 644 mode ? Y
– rm: data.ellie not removed.\Permission denied
Unix Systems Administration 23Y. K. Chang
sticky(5) sticky - mark files for special treatment
– A file in a sticky directorysticky directory may only be removed or renamed by a user who has write permission on the directory, and either owns the file, owns the directory, or is the super-user. useful for /tmp,
– If sticky bit on a regular file and no execute bits are set, the system's page cache will not be used to hold the file's data.