Ordinary users have two ways of protecting the data in their accounts:
1. choose a secure password
2. set permissions
Changing your password:
- One of the easiest method of breaking into a system is to crack a weak password. To create a secure password:
- The password should be at least 6 characters long.
- You should not use names or phrases that are easily obtained; do NOT use your name; do NOT use your dog's name; do NOT use your spouse's name; do NOT use your licence plate; do NOT use your birthdate ...
- Include both CAPITAL and lowercase letters.
- Include special characters ( ! @ # $ % ... )
- Include digits
- One way to create a secure password is suggested in the passwd man page.
- choose 2 small words ( eg: why not )
- mix in some capitalization ( eg: whY Not )
- join them with a special character ( eg: whY%Not )
- The command to change your password is: passwd
Setting permissions:
Access to files and directories is controlled by a permissions at both the file and directory levels.
- permissions can be any combination of read, write, execute for the owner, group and world.
- for a file:
- without read permission, a user cannot view the contents of a file
- without write permission, a user cannot modify the contents of the file
- without execute permission, a user cannot execute the file.
- for a directory:
- without read permission, a user cannot get a directory listing
- without write permission, a user cannot create new files
- without execute permission, a user cannot cd to the directory, list the directory contents or save a file in the directory.
- chmod - change permissions.
- Read, write and execute permissions are set for three groups: the owner, the group and everyone else.
- chmod 543 myfile would set access rights as follows:
owner: 5 = 101 binary = read, not write, execute
group: 4 = 100 binary = read, not write, not execute
others: 3 = 011 binary = not read, write, execute
- chmod - version 2
- permissions can also be set using a text representation
u - user or owner
g - group
o - others
r - read permission
w - write permission
x - execute permission - chmod u+w file1
adds write permission for the user - chmod +w file1
adds write permission for the user, group and others - chmod go-x file1
deletes execute permission for the group and others - chmod u=r file1
changes the permissions for the user to be just read permission (group and other permissions are not changed)
- permissions can also be set using a text representation
Exercises:
- Try to change your password to cat. What error message did you get?
- Try to change your password to blackcat. What error message did you get?
- Think up a password and change your password.
- Try to the password for another user. For example, enter the command:
passwd floopy
What error message did you get? - Can you view the contents of the directory /sbin?
- What are the permissions for the directory /sbin?
- Change the permissions on "readme" in your own home so that you have read/write access, the group has read access and others have no access.
- Change permissions on your home directory so that you have read/write/execute permissions, the group has read/execute permissions, and everyone else has no access.
- Make sure that you are in your own home directory. Create a subdirectory called ddd and copy readme to ddd/fff (a file called fff in the ddd subdirectory).
- what are the permissions on ddd and fff? ____________________
- change the permissions on fff to only rwx for the owner.
- Try the following exercise to see some of the operations that you can and cannot do when you have only read permission on a directory.
- change the permissions on ddd only r for the owner (no permissions for the group and the world)
- can you get a directory listing for ddd? _____
- can you cd to ddd? _____
- can you view the contents of fff with the command: cat ddd/fff ? ______
- can you delete fff with the command: rm ddd/fff ?______
- Try the following to see what you can do when you have read and execute permission for a directory.
- change the permissions on ddd only rx for the owner (no permissions for the group and the world)
- can you get a directory listing for ddd? _____
- can you cd to ddd? _____
- can you view the contents of fff with the command: cat ddd/fff ? ______
- can you delete fff with the command: rm ddd/fff ? ______
- Try the following to see what you can do when you have write and execute permissions for a directory.
- change the permissions on ddd only wx for the owner (no permissions for the group and the world)
- can you get a directory listing for ddd? _____
- can you cd to ddd? _____
- can you view the contents of fff with the command: cat ddd/fff ? ______
- can you delete fff with the command: rm ddd/fff ? ______
- can you execute the command: cd ; cp readme ddd/fff _____
- Try the following to see what you can do when you have only execute permissions for a directory.
- change the permissions on ddd only x for the owner (no permissions for the group and the world)
- can you get a directory listing for ddd? _____
- can you cd to ddd? _____
- can you view the contents of fff with the command: cat ddd/fff ? ______
- can you delete with the command: rm ddd/fff
- can you execute the command: cd ; cp readme ddd/fff _____
Questions and Answers:
- The directory entries for the /etc directory and the file /etc/passwd are:
-rwxr-xr-x 18 root root 1024 May 20 11:58 /etc
-rw-r--r-- 1 root root 658 May 20 11:58 /etc/passwd
Can you modify this file (assuming you are not root)?
Answer: No. - Can you copy /etc/passwd to your own home directory assuming that you have write and execute permissions for your own home directory?
Answer: Yes. Everyone has read permission for this file and can make a copy. - If you are not floopy, can you copy /etc/passwd (permissions rw-r--r--) to the directory /home/floopy? The permissions on /home/floopy are rwxr-xr-x.
Answer: No. /home/floopy is owned by floopy and the permissions are rwxr-xr-x meaning that everyone can read the contents of the directory but only floopy can store files in this directory. - File1 has permissions: r--r--r--
You enter the command: chmod ug+w file1
What are the new permissions?
Answer: rw-rw-r-- - What command will change the permissions on dir1 so that only the owner has read/execute access?
Answer: chmod 500 dir1 - Can you cd to dir1 given the permissions are drw-------?
Answer: No. Without execute access, you cannot cd to a directory or access any of the files in the directory. - What command will change the permissions on dir1 so that you have write/execute permissions only?
Answer: chmod 300 dir1 - Can you copy readme (permissions r--r--r--) to dir1 (permissions d-wx------ ) if you own dir1?
Answer: Yes - Can you get a directory listing for dir1 permissions (d-wx-wx-wx)?
Answer: No. If you do not have read permission for a directory, then essentially you have blind access; you can write files in the dir1 but you cannot get a directory listing.
