Scribd Logo
Upload

Welcome to Scribd!

  • rh124 Day06

    Uploaded by

    liew99
    26 views4 pages
    rh124day6

    Original Title

    rh124-day06

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    rh124day6

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    26 views4 pages

    rh124 Day06

    Uploaded by

    liew99
    rh124day6

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 4

    RH124-Day06

    Written by Razib Shahriar Rubence

    - Secure Linux File Access


    01. UGO Cocepts: in respect to a file there are three classs of users: its owner (User), members
    of the group it blongs to (Group) and all other users (Other)
    02. There bassic permissions for files and directories: read access (r), write access (w) and
    execute access (x). a minus (-) means no permission is set
    03. File Permissions: r=read,view w=write,update x=execute,run
    04. Directory Permissions: r=list contents, w=crate/delete contents, x=access
    05. Changing Permission: Symbolic Method
    chmod WhoWhatWhich file/directory
    Who=u,g,o,a What=+,-,= and Which=r,w,x
    06. Changing Permission: Numeric Method
    chmod #$% file/directory
    where # = sum of owner's permission : r(4)+w(2) +x(1)
    $ = sum of group's permission: r(4)+w(2) +x(1)
    % = sum of other's permission: r(4)+w(2) +x(1)
    07. Manage Ownership
    # chown user file/directory
    # chgrp group file/directory
    08. SGID bit: Normaly files created in a directory belong to the user's default group. When a file
    is created in a directory with the SGID bit set, it belongs to the same group as the directory
    # chmod g+s directory , or
    # chmod 2770 directory
    09. Sticky Bit: Normally users with write permissions to a directory can delete any file in that
    directory regardless of that file's permissions or ownership. With the sticky bit set to a directory,
    only the owner of a file can delete the file
    # chmod o+t directory, or
    # chmod 1777 directory

    10. SUID bit : If setuid bit is set, when the

    file will be executed by a user, the process will

    1/4

    RH124-Day06
    Written by Razib Shahriar Rubence

    have the same rights as the owner of the file being executed.
    # chmod u+s directory, or
    # chmod 4777 directory

    You can set the bits with a numeric mode.


    sticky bit, SGID and SUID use
    # chmod a-st directory

    but can not clear bits in numeric mode. To clear

    From RHEL6 numeric method can not be used to clear any bit. The reason behind changing
    this coreutils chmod command can be found in the following discussion forum:
    http://lists.gnu.org/archive/html/bug-coreutils/2011-03/msg00154.html
    11. Check the permission and ownership information:
    # ls -l file/directory
    # stat file/directory
    LAB Practice:
    01. Create three users curly, larry and moe who are members of a group called stooges.
    # groupadd stooges
    # adduser -G stooges curly
    # adduser -G stooges larry
    # adduser -G stooges moe
    02. Creae a directory called /home/stooges where these three users can work collaboratively on
    files.
    # mkdir /home/stooges
    # chgrp stooges /home/stooges
    03. Modify the permissions on this directory so only they can access, create and delete files in
    that directory.
    # chmod 775 /home/stooges
    # stat /home/stooges
    04. Files created in this directory should automatically be assigned to a group ownership of
    stooges
    # chmod g+s /home/stooges
    # stat /home/stooges
    05. Make sure that only the owner of the file in /home/stooges can delete the file
    # chmod o+t /home/stooges
    # stat /home/stooges

    2/4

    RH124-Day06
    Written by Razib Shahriar Rubence

    06. login as different users and check everything is working as above


    [root@station33 Desktop]# su - curly
    [curly@station33 ~]$ echo "this file is created by curly" > /home/stooges/filebycurly
    [curly@station33 ~]$ exit
    logout
    [root@station33 Desktop]# su - larry
    [larry@station33 ~]$ cat /home/stooges/filebycurly
    this file is created by curly
    [larry@station33 ~]$ echo "this line is by larry" >> /home/stooges/filebycurly
    [larry@station33 ~]$ cat /home/stooges/filebycurly
    this file is created by curly
    this line is by larry
    [larry@station33 ~]$ rm -Rf /home/stooges/filebycurly
    rm: cannot remove `/home/stooges/filebycurly': Operation not permitted
    Remote GNOME Desktop Access
    - Allow access to a runing desktop
    System -> Preferences -> Remote desktop
    - Access a running desktop
    Application -> Internet -> TigerVNC Viewer
    Remote SHELL Access
    # ssh root@remote_ip_address
    Remote File Copy
    # rsync orginal_file remote_ip_address:/target/new_file
    Using SSH Keys
    - Generate a SSH key pair
    # ssh-keygen
    - Install the ssh public key on a remote server
    # ssh-copy-id root@remote.host
    Service Enable/Disale/Restart

    3/4

    RH124-Day06
    Written by Razib Shahriar Rubence

    01. In Graphical User Interface


    System -> Administration -> Services
    02. From Command Line
    # service service-name start/stop/restart
    # /etc/init.d/service-name start/stop/restart
    - Securing SSH access to a server
    # vim /etc/ssh/sshd_config
    PermitRootLogin no
    PasswordAuthentication no

    4/4

    You might also like