NSCS 2024/2025 Introduction to Operating Systems 1 (SYST1) PDF

PEOPLE’S DEMOCRATIC AND REPUBLIC OF ALGERIA MINISTRY OF HIGHER EDUCATION AND SCIENTIFIC RESEARCH 1ST YEAR BASIC TRAINING IN CYBER SECURITY INTRODUCTION TO OPERATING SYSTEMS 1...

PEOPLE’S DEMOCRATIC AND REPUBLIC OF ALGERIA MINISTRY OF HIGHER EDUCATION AND SCIENTIFIC RESEARCH 1ST YEAR BASIC TRAINING IN CYBER SECURITY INTRODUCTION TO OPERATING SYSTEMS 1 (SYST1) Dr. Sassi BENTRAD  : [email protected] LISCO Laboratory (Laboratoire d'Ingénierie des Systèmes COmplexes) University of Badji Mokhtar-Annaba (UBMA) I 1st Year Basic Training in Cyber Security ( 1BT ) 2024 / 2025 © Dr. Sassi BENTRAD - 2024 Basic Training in Cyber Security (1BT) Formation de Base en Cyber-Sécurité (1FB) CHAPTER 6 USERS, GROUPS AND PERMISSIONS MANAGEMENT SYST1’2024/2025 MODULE DESCRIPTION SHEET : INTRODUCTION TO OPERATING SYSTEMS 1 (SYST1) USERS, GROUPS AND PERMISSIONS MANAGEMENT ( 10 % ) ❑ Users, Groups and Permissions ❑ Primary Group and Secondary Group CHAPTER 6 ❑ Permission (Access Mode) by Owner ✓ groupadd (Add Group) Status ✓ usermod (Modify User Account ❑ Superuser (Root User) vs. Normal Information) COURSE ✓ gpasswd (Add and Delete Users to Group) user ✓ groupdel (Delete Group) CONTENT ✓ sudo (Run Command with Superuser ✓ chown (Change Owner of File and Privileges) Directory) ✓ su (Switch User) ✓ chgrp (Change Group of File and Directory) ✓ useradd (Add User) ✓ chmod (Change Access Mode)) ✓ passwd (Set Password) ✓ chmod Command with Numbers ✓ userdel (Delete User) ✓ w and who (Check Current User Login Status) ✓ id and groups (Check User ID and Group) ✓ getent (Display User and Group Data) 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 01 ❖ INTRODUCTION Linux OS is a multi-users system: this means that multiple users can use the computer simultaneously. →The need for an access permissions policy for directories and files. How does Linux manage access permissions to files and directories ? The Linux system assigns to each file and directory three access permissions: Access permissions for the owner (User) Access permissions for a group of users (Group) Access permissions for other users in the system (Other) What permissions can be assigned to a file or directory ? Possible permissions r = Read (Read permission) w = Write (Write permission) x = Execute (Permission to execute) - = Absence of permission / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 02 ❖ LINUX PERMISSIONS / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 03 ❖ LINUX PERMISSIONS / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 04 ❖ LINUX PERMISSIONS / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 05 ❖ USERS, GROUPS AND PERMISSIONS “ What Are User, Group And Permission in Linux ? ” ❑ Superuser (root user) vs. Normal user In Linux, there are two types of users - a superuser and a normal user. The superuser is a special user account used for system administration. The superuser has permissions for all Linux system resources while normal users have limited access to Linux system resources depending on the permission setting for each file and directory. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 06 ❖ USERS, GROUPS AND PERMISSIONS “ What Are User, Group And Permission in Linux ? ” ❑ File and Directory owner Each file or directory has an owner. Generally, the user who created the file or directory is the owner of the file or directory. ❑ Group In Linux, you can manage users by group. File and directory permissions can be more efficient when users are registered in a certain group. There are two types of groups : primary group and secondary group. The primary group is used for the initial owner group when a new file or directory is created. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 07 ❖ USERS, GROUPS AND PERMISSIONS “ What Are User, Group And Permission in Linux ? ” ❑ Owner Status There are three owner statuses of a file or directory : 1. Owner (of the file or directory): generally, the user who created the file or directory is the owner of the file or directory. You can change the owner by running the chown command. 2. Owner group: generally, the owner user's primary group becomes the owner group of the file or directory. You can change the owner group by running the chgrp command. 3. Others: users who are not in the owner group of the file or directory. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 08 ❖ USERS, GROUPS AND PERMISSIONS “ What Are User, Group And Permission in Linux ? ” ❑ Permission (Access Mode) Depending on the owner status of a file or directory, the accessibility of the file or directory can be different. This is called permission or access mode. When you run the ls command with the -l option, you can see the access mode of each file by user status. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 09 ❖ PERMISSION (ACCESS MODE) BY OWNER STATUS The ls -l command gives you the access mode information of a directory or file. Here are the key points of how to read the information. Three User Types : Based on the three owner statuses, the access mode is different for each one. By running the ls -l command, you'll see 9 characters defining the access mode. ✓ The first three letters: owner's access mode ✓ Next three letters: owner group's access mode ✓ The last three letters: others' access mode / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 10 ❖ PERMISSION (ACCESS MODE) BY OWNER STATUS ❑ Read (r), Write (w) and Execute (x) permissions There are three types of permissions (access modes). Read (r), Write (w) and Execute (x). The meaning of permissions is slightly different for files and directories. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 11 ❖ PERMISSION (ACCESS MODE) BY OWNER STATUS ❑ Read (r), Write (w) and Execute (x) permissions Meaning of File Permissions Files are used to store data so : r = Read : The contents of the file can be read w = Write : The content of the file can be modified x = Execute : execute the file content; Instructions for a binary file or commands for a script. Attention: Permission to delete the file is not linked to the file permissions. Permission to delete the file is part of the permissions of its directory. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 12 ❖ PERMISSION (ACCESS MODE) BY OWNER STATUS ❑ Read (r), Write (w) and Execute (x) permissions Meaning of Directories Permissions Directories are used to store files and directories so: r = Read : The contents of the directory can be read w = Write : The contents of the directory can be modified, i.e. it is possible to add, create, delete or rename files in the directory x = Execute : One can run commands on the directory contents. Attention: Without execution (x) permission the directory becomes locked, so it is impossible to act on its contents, i.e. neither access, nor add, nor create, nor delete or rename files or directories in its contents despite the directory bears the permissions to write (w). / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 13 ❖ SUPERUSER (ROOT) VS. NORMAL USER In Linux, there are two types of users : a superuser and a normal user. The superuser is a special user account used for system administration. The superuser has permissions for all Linux system resources while normal users have limited access to Linux system resources depending on the permission setting for each file and directory. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 14 ❖ SUPERUSER (ROOT) VS. NORMAL USER ❑ Superuser (Root) A superuser is a special user account used for system administration. It is also called root. As the default setting, the superuser is the owner of all system files and directories under the / (root) directory and has all permissions (read, write, and execute) for all system resources. ❑ Normal users Normal users are all users who are not the superuser. You can create multiple normal users. Typically, each user has their own home directory under the directory path of "/home". Normal users have limited access to directories and files beyond their own home directory. For example, although normal users can read several directories and files under the root directory, they cannot overwrite those directories and files. For some directories such as root (root user's home directory) and lost + found, normal users cannot even view directories and files underneath. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 15 ❖ SUPERUSER (ROOT) VS. NORMAL USER ❑ sudo (Run Command with Superuser Privileges) sudo (SuperUser DO) / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 16 ❖ SUPERUSER (ROOT) VS. NORMAL USER ❑ sudo (Run Command with Superuser Privileges) What is sudo ? The sudo (SuperUser DO) command enables users to run programs with the security privileges of the superuser. Normal users don't have execution permission for some commands, for example, installing a new library. Logging into the system as the superuser frequently may increase security risks such as password breaches. By using the sudo command, you can execute those commands without switching to the superuser. Who can run the sudo command ? – sudoers Not all users can execute the sudo command. The users who can execute the sudo command have to be members of the sudo group in Ubuntu OS. On Ubuntu, you can also use the admin group instead of the sudo group. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 17 ❖ SUPERUSER (ROOT) VS. NORMAL USER ❑ su (Switch User) The su command is used to switch to another user temporarily. You can also switch to the superuser. Switching to the superuser is useful especially when you set up a new server which requires several new settings such as adding new users, passwords, groups, and several other system configurations. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 18 ❖ SUPERUSER (ROOT) VS. NORMAL USER ❑ useradd (Add User) The useradd command is used to create a new user. Usually, the useradd command comes with the -m option, which can create the home directory for the new user under the path of /home with the user name. To run this command, you need to run it with superuser privileges. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 19 ❖ SUPERUSER (ROOT) VS. NORMAL USER ❑ passwd (Set Password) The passwd (PASSWorD) command is used to set up or change the user password. When you create a new password, you need to run it with superuser privileges. Once a password is generated, the user can log in to the system. The user can change the password with this command. With this command, the superuser (or sudoers) can control users' login (e.g., lock and unlock the user's account, delete or overwrite the user's password, set password expiry, etc.) / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 20 ❖ SUPERUSER (ROOT) VS. NORMAL USER ❑ userdel (Delete User) The userdel (USER DELete) command is used to delete existing users. With the -r option, you can delete its home directory at the same time. To run this command, you need to run it with superuser privileges. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 21 ❖ PRIMARY GROUP AND SECONDARY GROUP Linux OS has a concept of the group to manage multiple users' permission settings. There are two types of groups : Primary Group and Secondary Group. ❑ Primary Group : The Primary Group is the main group of the user and it is used for the owner group setting when the user creates a new document. One user can belong to only one Primary Group. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 22 ❖ PRIMARY GROUP AND SECONDARY GROUP Linux OS has a concept of the group to manage multiple users' permission settings. There are two types of groups : Primary Group and Secondary Group. ❑ Secondary Group : A Secondary Group is used to manage permissions to certain documents (or commands) as a group. For example, if user_a is a sudo group member on Ubuntu (or wheel group on CentOS), user_a can run the sudo command. Unlike in the Primary Group, one user can belong to multiple Secondary Groups. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 23 ❖ PRIMARY GROUP AND SECONDARY GROUP ❑ groupadd (Add Group) The groupadd command is used to create a new user group. The group data is recorded under the /etc/group file. To execute this command, you need to run it with superuser privileges. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 24 ❖ PRIMARY GROUP AND SECONDARY GROUP ❑ Usermod (Modify User Account Information) The usermod (USER MODify) command is used to modify the user profile. The user profile includes : Primary Group, Secondary Groups, user ID, User comment, and Home directory path, etc. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 25 ❖ PRIMARY GROUP AND SECONDARY GROUP ❑ gpasswd (Add and Delete Users to Group) The gpasswd command is often used to manage group members. With the -a option, you can add a user to a group. With the -d option, you can delete a user from a group. With the -M option, you can register all group members in a group. Using this command with no option, you can also create a password for a group. As password creation isn't a frequently used functionality of the command, you may find it easy to memorize with the fact that the gpasswd command was originally designed to manage the /etc/group file including group passwords. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 26 ❖ PRIMARY GROUP AND SECONDARY GROUP ❑ groupdel (GROUP DELete) The groupdel (GROUP DELete) command is used to delete an existing group. For example, to delete group_a, run the following command. To check group_a's status, check the /etc/group file. You can see that group_a no longer exists. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 27 ❖ PRIMARY GROUP AND SECONDARY GROUP ❑ chown (CHange OWNer of File and Directory) The chown command is used to change the owner of files or directories. With the -R option, you can change the owner of all files and directories under the specified directory. To demonstrate the chown command, we'll create some directories and a file under the user_a home directory under superuser privileges. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 28 ❖ PRIMARY GROUP AND SECONDARY GROUP ❑ chgrp (CHange GRouP of File and Directory) The chgrp command is used to change the owner group of files or directories. With the -R option, you can change the owner of all files and directories under the specified directory. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 29 ❖ PRIMARY GROUP AND SECONDARY GROUP ❑ chmod (CHange Access MODe) The chmod command is used to change the access mode of files and directories. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 30 ❖ PRIMARY GROUP AND SECONDARY GROUP ❑ chmod (CHange Access MODe) ✓ chmod Command with Numbers To manage the many combinations and define the access mode of each file or directory in a more efficient way, the assigned numbers are also used for the access mode setting. The numbers are assigned for each permission as shown below. Using the sum of all numbers, you can represent all access modes with a single digit for one user type. To cover the three user types, you need only three digits. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 31 ❖ PRIMARY GROUP AND SECONDARY GROUP ❑ w and who (Check Current User Login Status) The who command is used to show login records of users currently logged in. The w command is also used to show who is currently logged in but, in addition to that, it also gives information of what they are doing. These commands don't capture information about the users who are not logged in to the system. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 32 ❖ PRIMARY GROUP AND SECONDARY GROUP ❑ id and groups (Check User ID and Group) The id command returns three types of information. User ID Primary Group ID and name List of Groups' that the user belongs to The groups command returns only the list of groups that the user belongs to. When you run the command without a user name, the command returns the current user's information. This command is useful to check the latest status when you change a user or group setting. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 33 ❖ PRIMARY GROUP AND SECONDARY GROUP ❑ getent (Display User and Group Data) The getent command is used to display entries from databases. There are multiple databases that Linux OS manages. For user-related data, there are two major databases : passwd for user data and group for group data. The command can also be used to show data from other databases. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 34 ❖ PERMISSIONS MANAGEMENT ❑ Modification of permissions $ chmod [options] modifications File/Directory... a. By symbols The following characters are used: u To change user permissions g To change group permissions o To change the permissions of other users a To change the permissions of the user, group, and other users. + To add permissions - To withdraw permissions = To assign permissions r, w, x represent the permissions / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 35 ❖ PERMISSIONS MANAGEMENT ❑ Modification of permissions $ chmod [options] modifications File/Directory... a. By symbols Example: / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 36 ❖ PERMISSIONS MANAGEMENT ❑ Modification of permissions b. By numerical values Numerical values in base 8 (octal) are used. r is equivalent to the numerical value 4 w is equivalent to the numerical value 2 x is equivalent to the numerical value 1 Therefore : rwx is equivalent to the numerical value 7=4+2+1 rw- is equivalent to the numerical value 6=4+2+0 r-x is equivalent to the numerical value 5=4+0+1 / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 37 ❖ PERMISSIONS MANAGEMENT ❑ Modification of permissions b. By numerical values Example: / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 38 ❖ PERMISSIONS MANAGEMENT How does Linux manage access permissions automatically on files and directories? The default permissions assigned to a file: rw- rw- rw- (666) The default permissions assigned to a directory: rwx rwx rwx (777) The system uses a mask to control the default permissions of files and directories. Calculation of permissions for a file By default : rw- rw- rw- (666) Mask : 000 010 010 (022) rw- r-- r-- (644) So, for the mask (022) the permissions assigned to the files automatically are (666 – 022 = 644) Calculation of permissions for a directory By defaul : trwx rwx rwx (777) Mask : 000 010 010 (022) rwx r-x r-x (755) So, for the mask (022) the rights assigned to the directories automatically are (777 – 022 = 755) / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 39 ❖ PERMISSIONS MANAGEMENT How can the mask value be changed ? The umask command is used to control the mask value. To find out the numeric value of the mask : $ umask To find out the symbolic value of the mask: $ umask -S To change the mask by a numeric value: $ umask [the numeric value] To change the mask by symbolic value : $ umask -S [the value in symbols] Example 01: We want to digitally mask all permissions attributed to others. Question: What is the value of the mask in numeric format that we will be able to use? / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 40 ❖ PERMISSIONS MANAGEMENT Example 02: We want to automatically mask in symbolic format all permissions of the group and others. Question: What is the symbolic value of the mask that can be used? / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 41 ❖ PERMISSIONS MANAGEMENT ❑ Extended access permissions How can a user share their file with system users? Example: A user user1 wants to share a file fichier.txt for users user2 and user3 to insert their information. Solution 01: User user1 gives as others (o) the rw permissions so that user2 and user3 can insert their information. Advantage: Users can insert their information. Disadvantage: The file is not protected from false manipulations. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 42 ❖ PERMISSIONS MANAGEMENT ❑ Extended access permissions How can a user share their file with system users? Solution 02: User user1 has implemented a program for user2 and user3 to use it to insert their information into fichier.txt / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 43 ❖ PERMISSIONS MANAGEMENT ❑ Extended access permissions How can a user share their file with system users? Advantage: The program helps user2 and user3 to insert their information. Disadvantage: The file fichier.txt is still not secure, i.e. a user2 or user3 can modify it manually because of the permissions of others (o) = rw- / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 44 ❖ PERMISSIONS MANAGEMENT ❑ Extended access permissions In the linux system it is possible to establish extended access permissions to a program (or a command) so that it runs with the permissions of the owner or the group. In order for a program to run with owner permissions, the SUID bit (Set User ID) is added to the program using : $ chmod u+s program or command In order for a program to run with group permissions, the GUID bit (Set Group ID) is added to the program using : $ chmod g+s program or command Both SUID and SGID are special access control bits in Unix-like operating systems, which affect how programs are executed and how permissions are handled. These bits are particularly important when a program needs to run with the privileges of the file's owner (SUID) or group (SGID), rather than the privileges of the user running the program. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 45 ❖ PERMISSIONS MANAGEMENT ❑ Extended access permissions In order for a program to run with owner permissions, the SUID bit (Set User ID) is added to the program using : $ chmod u+s program or command / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 46 ❖ PERMISSIONS MANAGEMENT ❑ Extended access permissions In order for a program to run with group permissions, the GUID bit (Set Group ID) is added to the program using : $ chmod g+s program or command / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 47 ❖ PERMISSIONS MANAGEMENT ❑ Extended access permissions Synthesis: With extended access permissions, SUID and GUID bits, a user can ensure better and more secure sharing of their file. Example: A teacher user1 wants to share a directory rep/ with his students user2 and user3 so that they can put their files: TP_user2.docx and TP_user3.docx Solution 01: The teacher user1 gives for others (o) the rwx permissions so that user2 and user3 can put their files. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 48 ❖ PERMISSIONS MANAGEMENT ❑ Extended access permissions Advantage: Users can put their files. The disadvantage : the user user3 can delete the file of user2. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 49 ❖ PERMISSIONS MANAGEMENT ❑ Extended access permissions $ chmod o+t directory Solution : In a Linux system, it is possible to set extended access permissions on a shared directory. So that a user cannot delete only his files even though the directory has rwx permissions for others (o). To establish extended access rights to a directory, the Sticky bit is added using the command. The sticky bit is a special permission in Unix-like operating systems that affects the way files are deleted in a shared directory. When set on a directory, the sticky bit ensures that only the file owner or the root user can delete or rename files within that directory. / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD 6. USERS, GROUPS AND PERMISSIONS MANAGEMENT 50 ❖ PERMISSIONS MANAGEMENT ❑ Extended access permissions Extended access permissions in numerical format: ❖ The value 4 (100) to add the SUID bit ❖ The value 2 (010) to add the GUID bit ❖ The value 1 (100) to add the Sticky bit Example: / 1BT ‐ SYST 1 © 2024 / 2025 - Dr. Sassi BENTRAD © 2024/2025 For more information about my research works, Contact Information: THANK YOU for your attention! Dr. Sassi BENTRAD LISCO Laboratory : http://lisco.univ-annaba.dz/  : +213 … Questions ?  : [email protected]  : www.linkedin.com/in/sassi-bentrad/ : http://www.bentrad-sassi.sitew.com/ ‫مــخبر هــندسـة‬ orcid.org/0000-0002-7458-8121 ‫األنـظمـة الـمعقـدة‬ LABORATOIRE D’INGÉNIERIE DES SYSTÈMES COMPLEXES : A-9442-2013 Author ID : 44461052600

NSCS 2024/2025 Introduction to Operating Systems 1 (SYST1) PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue