Chapter 7 Flashcards
What does the unix security focuses on?
Focus on:
- protecting users from each other.
- protecting against attacks from the network.
Who manages security in unix ?
Security managed by skilled administrator, not by user.
Example: command line tools and scripting.
What does the secure versions of unix indicate?
Support of multi-level security.
What is principles called?
User identifiers (UID) and group identifiers (GID).
What is UID/GID ?
A UID/GID is a 16-bit numbers. UID values differ from system to system. Root UID is always zero.
(Example, 0:root 1:bin 2:daemon…)
Where is information about principals stored?
User accounts and home directories.
Where is user accounts stored?
/etc/psswd file
What is the format of user account?
Username:password:UID:GID:name:homedir:shell
What are the user account details?
Username: up to eight characters long
Password: stored “encrypted”
User ID: user identifier for access control
Group ID: user’s primary group
ID string: user’s full name
Home directory
Login shell: program started after successful log in
Define superuser.
The superuser is a special privileged principal with UID 0 and usually the user name root.
What are the restrictions on the superuser?
1) all security checks are turned off for superuser.
2) the superuser can become any other user.
3) the superuser can change the system clock.
4) superuser cannot write to a read-only file system but can remount it as writable.
5) superuser cannot decrypt passwords but can reset them.
Where does every user belong to?
Primary group.
Where is the GID of the primary group is stored in?
/etc/passwd
Where is the list of all groups stored? And what is the format of the entries stored?
/etc/group
Format: groupName:password:GID:listOfUsers
What is collecting users in groups mainly convenient for?
Access control decisions.
What is subjects in unix? How can they be generated?
The subjects in unix are processes; a process has a process ID (PID). Processes have a real UID/GID and an effective UID/GID. New processes are generated with exec or fork.
Define real UID/GID and effective UID/GID.
Real UID/GID: inherited from the parent; typically UID/GID of the user logged in.
Effective UID/GID: inherited from the parent process or from the file being executed.
Where is passwords stored? How are they encrypted?
Passwords stored in /etc/passwd “encrypted” with the algorithm crypt(3).
How does crypt(3) function?
Cryot(3) is a one-way function:
Slightly modified DES algorithm repeated 25 times with all-zero block as start value and the password as key.
What is salting?
Password encrypted together with a 12-bit random “salt” that is stored in the clear.
How do you disable a user account ?
To disable a user account, let the password field starts with an asterisk; applying the one-way function to a password can never result in an asterisk.
What is shadow password files?
Passwords are not stored in /etc/passwd but in a shadow file that can only be accessed by root. This file can also be used for password aging and automatic account locking.
What are the file entries of a shadow password file?
Username User password Days since password was changed Days left before user may change password Days left before user is forced to change password Day to "change password" warning Days left before password is disabled Days since the account has been disabled Reserved
How are resources organized?
In a tree-structured file system.
