set321 - Unix Security Cunsheng Ding HKUST, Hong Kong,...

Info iconThis preview shows pages 1–12. Sign up to view the full content.

View Full Document Right Arrow Icon
Unix Security Cunsheng Ding HKUST, Hong Kong, CHINA cding@cs.ust.hk C. Ding - COMP4631 - L21 1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
C. Ding - COMP4631 - L21 2 Agenda • A short history of Unix • Login and user accounts • access control • Instances of general security principles • Audit configuration and management
Background image of page 2
A Brief History Originated in 1969 and early 70’s as a prototype in Bell Labs (part of AT&T). In 1973 Unix was rewritten in C and successfully ported. AT&T freely gave away Unix in source to many universities, most notably to UC Berkeley. 1993 first release of Unix-like OS, called Linux. C. Ding - COMP4631 - L21 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
What is Unix Multi-user, multi-process operating system. Hierarchical file system. Consistent byte-oriented access to files and devices. C. Ding - COMP4631 - L21 4
Background image of page 4
Login and User Account C. Ding - COMP4631 - L21 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Login identification + authentication : = (username, password) password length : 8 characters password protection : encrypted with Crypt(3), and stored in /etc/passwd file. C. Ding - COMP4631 - L21 6
Background image of page 6
Format of the Password File Format: Username: encrypted password: user ID: Group ID: ID string: home directory: login shell ID string = user’s full name User ID and group ID = explained later. Login shell: the Unix shell available to the user after successful login. C. Ding - COMP4631 - L21 7
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Format of the Password File ctd. Displaying the password file : cat /etc/passwd dieter:RT.QsZEEsxT92:100026:53:Dieter Gollman:/ home/staff/dieter:usr/local/bin/bash When the password field is empty, the user does not need a password for login. If the password field starts with an asterisk, the user cannot login, because such values cannot be the results of F (cleartext password). Account disable C. Ding - COMP4631 - L21 8
Background image of page 8
Other Issues Passwd(1): change password by supplying old one twice Shadow password file : in security-conscious versions of Unix, it is stored in /.secure/ etc/passwd Expiry date and control of old password : set Root login : can be restricted to terminals nominated in /etc/ttys C. Ding - COMP4631 - L21 9
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Users and Superusers Users by user name , up to 8 characters Users by user ID (UID) internally, a 16-bit number UIDs are linked to user names in /etc/ passwd . Unix does not distinguish between users having the same UID. C. Ding - COMP4631 - L21 10
Background image of page 10
Special User IDs Superuser has UID 0, and the name root. The root account is used by the operating system for essential tasks like login, recording the audit log, or access to I/O devices. -2
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 09/21/2011 for the course COMP 4631 taught by Professor Ding during the Fall '11 term at HKUST.

Page1 / 38

set321 - Unix Security Cunsheng Ding HKUST, Hong Kong,...

This preview shows document pages 1 - 12. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online