Information Technology Reference
In-Depth Information
The listing for
dir1
shows that it is a directory with mode 1777 (sticky bit
plus read, write execute permission for owner, group and others). The listing
for
file1
shows that it is a file with mode 4775 (setuid; read, write, execute
for owner; read, write, execute for group and read, execute for others). The
listing for
file2
shows that it is a symbolic link with mode 2775 (setgid; read,
write, execute for owner; read, write, execute for group and read, execute for
others). The listing for
file3
shows that it is a file with mode 2777 (manda-
tory locking; read, write, execute for owner; read, write for group and read,
write, execute for others). Also the
+
indicates that an ACL has been defined
for
file3
.
Summary
Unix system security is based on controlling access to files (programs and
data). Access is controlled by defining user and group accounts and granting
these accounts different levels of file access. The user accounts are protected
by passwords.
The root, or superuser, account is a special administrative account that pro-
vides the ultimate in terms of access to data and services, as it can override
any file permissions on the system. Several administration files are used
restrict and monitor use of the root account.
There are several commands used to log in to and out of a system. Also
these logins/logouts and attempts to log in are recorded to maintain a usage
history.
Commands such as
id
,
finger
,
last
,
who
,
w
, and
whodo
can be used to iden-
tify and monitor users. The
/var/adm/utmpx
file is used to record users cur-
rently logged in and the
/var/adm/wtmpx
file is used to record login/logout
history.
Read, write, and execute permissions for files can be independently set for
the file owner, the group associated with the file, and everyone else. The
default permissions for new files and directories are determined by the
umask
command. Access permissions can be displayed with the
ls
command and
changed with the
chmod
command. File ownership can be changed with the
chown
command and group ownership by the
chgrp
command.
