Sunday, September 20, 2009

Passwords and Permisssions

Ordinary users have two ways of protecting the data in their accounts:

1. choose a secure password

2. set permissions

Changing your password:

  1. One of the easiest method of breaking into a system is to crack a weak password. To create a secure password:
    • The password should be at least 6 characters long.
    • You should not use names or phrases that are easily obtained; do NOT use your name; do NOT use your dog's name; do NOT use your spouse's name; do NOT use your licence plate; do NOT use your birthdate ...
    • Include both CAPITAL and lowercase letters.
    • Include special characters ( ! @ # $ % ... )
    • Include digits
  2. One way to create a secure password is suggested in the passwd man page.
    • choose 2 small words ( eg: why not )
    • mix in some capitalization ( eg: whY Not )
    • join them with a special character ( eg: whY%Not )
  3. The command to change your password is: passwd

Setting permissions:

Access to files and directories is controlled by a permissions at both the file and directory levels.

  • permissions can be any combination of read, write, execute for the owner, group and world.
  • for a file:
    • without read permission, a user cannot view the contents of a file
    • without write permission, a user cannot modify the contents of the file
    • without execute permission, a user cannot execute the file.
  • for a directory:
    • without read permission, a user cannot get a directory listing
    • without write permission, a user cannot create new files
    • without execute permission, a user cannot cd to the directory, list the directory contents or save a file in the directory.
  • chmod - change permissions.
    • Read, write and execute permissions are set for three groups: the owner, the group and everyone else.
    • chmod 543 myfile would set access rights as follows:
      owner: 5 = 101 binary = read, not write, execute
      group: 4 = 100 binary = read, not write, not execute
      others: 3 = 011 binary = not read, write, execute
  • chmod - version 2
    • permissions can also be set using a text representation
      u - user or owner
      g - group
      o - others
      r - read permission
      w - write permission
      x - execute permission
    • chmod u+w file1
      adds write permission for the user
    • chmod +w file1
      adds write permission for the user, group and others
    • chmod go-x file1
      deletes execute permission for the group and others
    • chmod u=r file1
      changes the permissions for the user to be just read permission (group and other permissions are not changed)

Exercises:


  1. Try to change your password to cat. What error message did you get?
  2. Try to change your password to blackcat. What error message did you get?
  3. Think up a password and change your password.
  4. Try to the password for another user. For example, enter the command:
    passwd floopy
    What error message did you get?
  5. Can you view the contents of the directory /sbin?
  6. What are the permissions for the directory /sbin?
  7. Change the permissions on "readme" in your own home so that you have read/write access, the group has read access and others have no access.
  8. Change permissions on your home directory so that you have read/write/execute permissions, the group has read/execute permissions, and everyone else has no access.
  9. Make sure that you are in your own home directory. Create a subdirectory called ddd and copy readme to ddd/fff (a file called fff in the ddd subdirectory).
    • what are the permissions on ddd and fff? ____________________
    • change the permissions on fff to only rwx for the owner.
  10. Try the following exercise to see some of the operations that you can and cannot do when you have only read permission on a directory.
    • change the permissions on ddd only r for the owner (no permissions for the group and the world)
    • can you get a directory listing for ddd? _____
    • can you cd to ddd? _____
    • can you view the contents of fff with the command: cat ddd/fff ? ______
    • can you delete fff with the command: rm ddd/fff ?______
  11. Try the following to see what you can do when you have read and execute permission for a directory.
    • change the permissions on ddd only rx for the owner (no permissions for the group and the world)
    • can you get a directory listing for ddd? _____
    • can you cd to ddd? _____
    • can you view the contents of fff with the command: cat ddd/fff ? ______
    • can you delete fff with the command: rm ddd/fff ? ______
  12. Try the following to see what you can do when you have write and execute permissions for a directory.
    • change the permissions on ddd only wx for the owner (no permissions for the group and the world)
    • can you get a directory listing for ddd? _____
    • can you cd to ddd? _____
    • can you view the contents of fff with the command: cat ddd/fff ? ______
    • can you delete fff with the command: rm ddd/fff ? ______
    • can you execute the command: cd ; cp readme ddd/fff _____
  13. Try the following to see what you can do when you have only execute permissions for a directory.
    • change the permissions on ddd only x for the owner (no permissions for the group and the world)
    • can you get a directory listing for ddd? _____
    • can you cd to ddd? _____
    • can you view the contents of fff with the command: cat ddd/fff ? ______
    • can you delete with the command: rm ddd/fff
    • can you execute the command: cd ; cp readme ddd/fff _____

Questions and Answers:


  1. The directory entries for the /etc directory and the file /etc/passwd are:
    -rwxr-xr-x 18 root root 1024 May 20 11:58 /etc
    -rw-r--r-- 1 root root 658 May 20 11:58 /etc/passwd

    Can you modify this file (assuming you are not root)?
    Answer: No.
  2. Can you copy /etc/passwd to your own home directory assuming that you have write and execute permissions for your own home directory?
    Answer: Yes. Everyone has read permission for this file and can make a copy.
  3. If you are not floopy, can you copy /etc/passwd (permissions rw-r--r--) to the directory /home/floopy? The permissions on /home/floopy are rwxr-xr-x.
    Answer: No. /home/floopy is owned by floopy and the permissions are rwxr-xr-x meaning that everyone can read the contents of the directory but only floopy can store files in this directory.
  4. File1 has permissions: r--r--r--
    You enter the command: chmod ug+w file1
    What are the new permissions?
    Answer: rw-rw-r--
  5. What command will change the permissions on dir1 so that only the owner has read/execute access?
    Answer: chmod 500 dir1
  6. Can you cd to dir1 given the permissions are drw-------?
    Answer: No. Without execute access, you cannot cd to a directory or access any of the files in the directory.
  7. What command will change the permissions on dir1 so that you have write/execute permissions only?
    Answer: chmod 300 dir1
  8. Can you copy readme (permissions r--r--r--) to dir1 (permissions d-wx------ ) if you own dir1?
    Answer: Yes
  9. Can you get a directory listing for dir1 permissions (d-wx-wx-wx)?
    Answer: No. If you do not have read permission for a directory, then essentially you have blind access; you can write files in the dir1 but you cannot get a directory listing.

Source:http://floppix.ccai.com/protect.html

 
Things You Should Know About Linux !!!