Filesystem Permissions Flashcards
What is improper filesystem authorisation a threat to?
Confidentiality, Integrity and Availability of data and applications
When does the problem of improper filesystems occur?
When files, folders and symbolic links are created and set with incorrect authorisations
Authorisations in this case are often referred to as permissions
What can happen when improper permissions are set?
An attacker may be able to access restricted files or directories and modify or delete their contents
Example of when an anonymous user account has write permission to a file.
An attacker may be able to modify the contents of the file influencing an application in undesirable ways.
An attacker may also exploit improper links to escalate their privileges and/or access unauthorised files
What are file permissions?
System setting that determines who can access specified files and what they can do with those files.
When you place files on a web server, you can assign the files to various levels of permissions for users. Likewise, companies often use permissions to limit access to their intranet resources.
User permission types
Owner - creator of files
Administrator - the person responsible for manage and updating files(and setting permissions)
Group access - allows you to designate specific groups of users and provide unique settings specific to them
Global - provides access to all users
Individual user - many programs allow you to create a specific level of access at the individual user level
Filesystem Permission Types
Read - users with this level of permission can view files and copy them, but they cannot make changes to the file or create new files.
Write - can edit, remove and move files, also create files in most cases
Execute - can run a specific program or type of program file. This is used to restrict access to company programs or limit their employees ability to run potentially dangerous executable on company machines
if a program/programming language allows you to create custom groups what can you do?
You can create highly customised authorisation schemes, restricting access to only the files that each user or user group absolutely needs
This is the principle of least privilege - an excellent way to improve data security
Most program/programming languages allow you to set specific permission at file and/or directory level - what does this mean to companies?
Companies often use this to enable team-specific folders on their shared storage.
Website admins can use this to specify who has access to certain sections of a site, such as member-only pages
What does path mean in os.chmod(path,mode)
A string that represents the path of the file/directory
What does mode mean in os.chmod(path,mode)
Contains different values related to permissions