X hits on this document





2 / 3

CIS/CSE 643: Computer Security (Syracuse University)

Unix Security Overview: 2

    • x: the directory can be entered.

  • Change permission: chmod

  • Full Access Control List: using getfacl and setfacl.

  • Default File Permission

    • What is the default file permission assigned to the newly created files?

    • This default permission is stored in the umask environment variable.

    • umask: permissions you do not want

    • Default value in some systems: 022 This set the permission of new files (non-executable) to rw-r–r–.

    • Safest value: 077

This sets the permission of new files (non-executable) to rw——-

  • Check your own setting by executing the following

% umask


  • Change the umask value. You can execute the following command or put it in your .profile file.

% umask 077


Security-Related Commands

  • Switch user

  • Change your user ID to xyz, su means “substitute user”)

% /bin/su xyz

  • Change to root. This is a common way to invoke superuser access). Once you are in the supe-

ruser account, the prompt becomes the pound sign (#). % /bin/su -

  • Running a command using superuser privilege. Sometimes, we just want to run a command using the superuser privilege. Instead of su to root, and run the command, we can use the sudo command.

(view the shadow file as a superuser) % sudo more /etc/shadow

To be able to use sudo to run a command as the superuser, permissions must be granted (by the root) to the user. This is done through the /etc/sudoers file.

  • Change the owner of files

September 7, 2009

Document info
Document views7
Page views7
Page last viewedFri Oct 21 11:49:18 UTC 2016