|
Setuid
The Unix access rights flags setuid and setgid (short for ''set user identity'' and ''set group identity'') allow users to run an executable with the file system permissions of the executable's owner or group respectively and to change behaviour in directories. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific. The flags setuid and setgid are needed for tasks that require different privileges than what the user is normally granted, such as the ability to alter system files or databases to change their login password. Some of the tasks that require additional privileges may not immediately be obvious, though, such as the ping command, which must send and listen for control packets on a network interface. File modes The setuid and setgid bits are normally represented as t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
File System Permissions
Most file systems include attributes of files and directories that control the ability of users to read, change, navigate, and execute the contents of the file system. In some cases, menu options or functions may be made visible or hidden depending on a user's permission level; this kind of user interface is referred to as permission-driven. Two types of permissions are widely available: traditional Unix file system permissions and access-control lists (ACLs) which are capable of more specific control. File system variations The original File Allocation Table file system has a per-file all-user read-only attribute. NTFS implemented in Microsoft Windows NT and its derivatives, use ACLs to provide a complex set of permissions. OpenVMS uses a permission scheme similar to that of Unix. There are four categories (system, owner, group, and world) and four types of access permissions (Read, Write, Execute and Delete). The categories are not mutually disjoint: World includes Group ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Unix Security
Unix security refers to the means of securing a Unix or Unix-like operating system. A secure environment is achieved not only by the design concepts of these operating systems, but also through vigilant user and administrative practices. Design concepts Permissions A core security feature in these systems is the file system permissions. All files in a typical Unix filesystem have permissions set enabling different access to a file. Permissions on a file are commonly set using the chmod command and seen through the ls command. For example: -r-xr-xr-x 1 root wheel 745720 Sep 8 2002 /bin/sh Unix permissions permit different users access to a file. Different ''user groups'' have different permissions on a file. More advanced Unix filesystems include the ''Access Control List'' concept which allows permissions to be granted to multiple users or groups. An ''Access Control List'' may be used to grant permission to additional individual users or groups. For example: /pvr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Confused Deputy Problem
In information security, a confused deputy is a computer program that is tricked by another program (with fewer privileges or less rights) into misusing its authority on the system. It is a specific type of privilege escalation. The confused deputy problem is often cited as an example of why capability-based security is important. Capability systems protect against the confused deputy problem, whereas access control list-based systems do not. Example In the original example of a confused deputy, there was a compiler program provided on a commercial timesharing service. Users could run the compiler and optionally specify a filename where it would write debugging output, and the compiler would be able to write to that file if the user had permission to write there. The compiler also collected statistics about language feature usage. Those statistics were stored in a file called "(SYSX)STAT", in the directory "SYSX". To make this possible, the compiler program was given permiss ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Chmod
In Unix and Unix-like operating systems, is the command and system call used to change the access permissions and the special mode flags (the ''setuid'', ''setgid'', and ''sticky'' flags) of file system objects ( files and directories). Collectively these were originally called its modes, and the name was chosen as an abbreviation of ''change mode''. History A command first appeared in AT&T UNIX version 1, along with the system call. As systems grew in number and types of users, access-control lists were added to many file systems in addition to these most basic modes to increase flexibility. The version of bundled in GNU coreutils was written by David MacKenzie and Jim Meyering. The command is available as a separate package for Microsoft Windows as part of the UnxUtils collection of native Win32 ports of common GNU Unix-like utilities. The command has also been ported to the IBM i operating system. Command syntax Throughout this section, ''ser'' refers to t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
User Identifier
Unix-like operating systems identify a user by a value called a user identifier, often abbreviated to user ID or UID. The UID, along with the group identifier (GID) and other access control criteria, is used to determine which system resources a user can access. The password file maps textual user names to UIDs. UIDs are stored in the inodes of the Unix file system, running processes, tar archives, and the now-obsolete Network Information Service. In POSIX-compliant environments, the command-line command id gives the current user's UID, as well as more information such as the user name, primary user group and group identifier (GID). Process attributes The POSIX standard introduced three different UID fields into the process descriptor table, to allow privileged processes to take on different roles dynamically: Effective user ID The effective UID (euid) of a process is used for most access checks. It is also used as the owner for files created by that process. The effective G ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Umask
In computing, umask is a command that determines the settings of a mask that controls how file permissions are set for newly created files. It may also affect how the file permissions are changed explicitly. is also a function that sets the mask, or it may refer to the mask itself, which is formally known as the ''file mode creation mask''. The mask is a grouping of bits, each of which restricts how its corresponding permission is set for newly created files. The bits in the mask may be changed by invoking the command. Overview In Unix-like systems, each file has a set of attributes that control who can read, write or execute it. When a program creates a file, the file permissions are restricted by the mask. If the mask has a bit set to "1", then the corresponding initial file permission will be ''disabled''. A bit set to "0" in the mask means that the corresponding permission will be ''determined by the program'' and the file system. In other words, the mask acts as a last-s ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Unix
Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and others. Initially intended for use inside the Bell System, AT&T licensed Unix to outside parties in the late 1970s, leading to a variety of both academic and commercial Unix variants from vendors including University of California, Berkeley ( BSD), Microsoft ( Xenix), Sun Microsystems ( SunOS/ Solaris), HP/ HPE ( HP-UX), and IBM ( AIX). In the early 1990s, AT&T sold its rights in Unix to Novell, which then sold the UNIX trademark to The Open Group, an industry consortium founded in 1996. The Open Group allows the use of the mark for certified operating systems that comply with the Single UNIX Specification (SUS). Unix systems are characterized by a modular design that is sometimes called the " Unix philosophy". According to thi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Shared Libraries
In computer science, a library is a collection of non-volatile resources used by computer programs, often for software development. These may include configuration data, documentation, help data, message templates, pre-written code and subroutines, classes, values or type specifications. In IBM's OS/360 and its successors they are referred to as partitioned data sets. A library is also a collection of implementations of behavior, written in terms of a language, that has a well-defined interface by which the behavior is invoked. For instance, people who want to write a higher-level program can use a library to make system calls instead of implementing those system calls over and over again. In addition, the behavior is provided for reuse by multiple independent programs. A program invokes the library-provided behavior via a mechanism of the language. For example, in a simple imperative language such as C, the behavior in a library is invoked by using C's normal functi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
PolicyKit
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. Polkit allows a level of control of centralized system policy. It is developed and maintained by David Zeuthen from Red Hat and hosted by the freedesktop.org project. It is published as free software under the terms of version 2 of the GNU Lesser General Public License. Since version 0.105, released in April 2012, the name of the project was changed from ''PolicyKit'' to ''polkit'' to emphasize that the system component was rewritten and that the API had changed, breaking backward compatibility. Fedora became the first distribution to include PolicyKit, and it has since been used in other distributions, including Ubuntu since version 8.04 and openSUSE since version 10.3. Some distributions, like Fedora, have already switched to the rewritten polkit. It is also possibl ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Sudo
sudo ( or ) is a program for Unix-like computer operating systems that enables users to run programs with the security privileges of another user, by default the superuser. It originally stood for "superuser do", as that was all it did, and it is its most common usage; however, the official Sudo project page lists it as "su 'do'". The current Linux manual pages for su define it as "substitute user", making the correct meaning of sudo "substitute user, do", because sudo can run a command as other users as well. Unlike the similar command '' su'', users must, by default, supply their own password for authentication, rather than the password of the target user. After authentication, and if the configuration file (typically /etc/sudoers) permits the user access, the system invokes the requested command. The configuration file offers detailed access permissions, including enabling commands only from the invoking terminal; requiring a password per user or group; requiring re-entry o ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Process Identifier
In computing, the process identifier (a.k.a. process ID or PID) is a number used by most operating system kernels—such as those of Unix, macOS and Windows—to uniquely identify an active process. This number may be used as a parameter in various function calls, allowing processes to be manipulated, such as adjusting the process's priority or killing it altogether. Unix-like In Unix-like operating systems, new processes are created by the fork() system call. The PID is returned to the parent process, enabling it to refer to the child in further function calls. The parent may, for example, wait for the child to terminate with the waitpid() function, or terminate the process with kill(). There are two tasks with specially distinguished process IDs: ''swapper'' or ''sched'' has process ID 0 and is responsible for paging, and is actually part of the kernel rather than a normal user-mode process. Process ID 1 is usually the init process primarily responsible for starting and ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Group Identifier
In Unix-like systems, multiple users can be put into ''groups''. POSIX and conventional Unix file system permissions are organized into three classes, ''user'', ''group'', and ''others''. The use of groups allows additional abilities to be delegated in an organized fashion, such as access to disks, printers, and other peripherals. This method, among others, also enables the superuser to delegate some administrative tasks to normal users, similar to the ''Administrators'' group on Microsoft Windows NT and its derivatives. A group identifier, often abbreviated to GID, is a numeric value used to represent a specific group. The range of values for a GID varies amongst different systems; at the very least, a GID can be between 0 and 32,767, with one restriction: the login group for the superuser must have GID 0. This numeric value is used to refer to groups in the /etc/passwd and /etc/group files or their equivalents. Shadow password files and Network Information Service also refer t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
