CIS/CSE 643: Computer Security (Syracuse University)
Unix Security Overview: 1
Unix Security Overview
User and Group
root: super user (uid = 0)
daemon: handle networks.
nobody: owns no files, used as a default user for unprivileged operations. ∗ Web browser can run with this mode.
User needs to log in with a password. The encrypted password is stored in /etc/shadow.
User information is stored in /etc/passwd, the place that was used to store passwords (not anymore). The following is an example of an entry in this file. john:x:30000:40000:John Doe:/home/john:/usr/local/bin/tcsh
Sometimes, it is more convenient if we can assign permissions to a group of users, i.e. we would
like to assign permission based on groups.
A user has a primary group (listed in /etc/passwd), and this is the one associated to the files
the user created.
Any user can be a member of multiple groups.
Group member information is stored in /etc/group
For systems that use NIS (Network Information Service), originally called Yellow Page (YP),
we can get the group information using the command ypcat.
The meaning of the permission bits in Unix. ∗ Owner (u), Group (g), and Others (o). ∗ Readable (r), Writable (w), and Executable (x). ∗ Example: -rwxrwxrwx (777)
Permissions on Directories:
r: the directory can be listed.
w: can create/delete a file or a directory within the directory.
September 7, 2009