Traditional Unix Access Control File system access control User and group Each file has an owner and a group owner Read, write, execute Process ownership Real uid - accounting Effective uid – access control Real gid Effective gid 1 Traditional Unix Access Control The root acccount Uid:0 Can perform any valid operation on any file or process Setuid and setgid execution Kernel changes effective uid/gid to be the owner/group of the file if setuid/setgid is on 2 1 Modern Access Control Role-based access control Similar to group Supported on Solaris, HP, AIX etc. Security-enhanced Linux – SeLinux Plus the hierarchical relations between roles MAC – mandatory access control Administrator controls different level of access, each user can not control Access control lists Permission for multiple users and groups per file 3 Modern Access Control Pluggable Authentication Modules (PAM) A wrapper to enable use different authentication modules other than password Kerberos A specific authentication method Can authentication user with user credentials are used only locally Can authorize the services as well Can be used with PAM 4 2 Rootly Powers Superuser root Has almost unrestricted access How to become a superuser Log in as root on terminal Terminal access control /etc/securetty Use /bin/su or /bin/su – Inherits the env from current shell Creates a log entry BSD – only users to group 0 ( the wheel group) Use full path – why? 5 Rootly Powers Cautions Only use super user when it is needed Lock your screen when you leave your desk Use xlock Run a single command with su su root –c “command” Example: su root –c “mount /dev/cd0 /mnt” Change root password when Employment status changes for SA Suspects unauthorized access Change root password periodically 6 3 Sudo Facility sudo Selective access Allow some user to run specific commands as root (or another user) without having to know the root (or another user’s) password RUN “sudo command” Type in user’s own password Good for a configurable time, default 5 minutes Example: %sudo /sbin/shutdown 7 Sudo Configuration file /etc/sudoers Specify which Users and do what Commands at where as who Basic format Users host=commands Users host=(who) commands Only readable by root Editor visudo Lock Syntax checking 8 4 Sudo Let’s take a look a typical sudoers example file. #Define aliases for machines in CS & Physics departments Host_Alias CS = tigger, anchor, piper, moet, sigi Host_Alias PHYSICS = eprince, pprince, icarus #define collections of commands Cmnd_Alias DUMP = /usr/sbin/dump, /usr/sbin/restore Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm Cmnd_Alias SHELLS = /bin/sh, /bin/tcsh, /bin/csh #Permissions mark, ed PHYSICS = ALL herb CS = /usr/local/bin/tcpdump: PHYSICS = (operator)DUMP lynda ALL= (ALL) ALL, !SHELLS %wheel ALL, !PHYSICS = NOPASSWD: PRINTING 9 Sudo – pros and cons Advantages Command logging - accountabilities Operators can do chores Hide the real root password Revoke the privilege without change root password A list is maintained Less chance of root shell left unattended A single file can use used to control access for an entire network 10 5 Sudo – pros and cons Disadvantage Breach in security of a personal account = root account Logging can be subverted sudo csh sudo su Select the commands for sudo with care No shell scripts No utility which provides shell escapes No “ all commands except … “ 11 pseudo-users Pseudo-users can not login directly daemon: Owner of unprivileged system software Bin: owner of system commands Sys: owner of the kernel and memory images Nobody: the generic NFS user 12 6