linux basic security Flashcards
explain what this does and every part:
cat /etc/passwd | grep “/root”
This command will display the information related to user accounts where the home directory is set to “/root”
1) cat displays file content of /etc/passwd
2) /etc/passwd is a system file that stores information about users
3) | a command-line operator that allows the output of one command to be passed as input to another command
4) grep “/root” filters out results to display the lines that match the search criteria
explain what this does and every part:
cat /etc/passwd | grep “seed”
1) cat displays file content of /etc/passwd
2) /etc/passwd is a system file that stores information about users
3) | a command-line operator that allows the output of one command to be passed as input to another command
4) grep “seed” filters out results to display the lines that match the search criteria
what is and what does it contain:
/etc/passwd
1) it is a plain text file that stores essential information required during login for every user account
2) contains user fields separated by comma
e.g.
name:password:UID:GID:User info:Directory:Shell
sarah:x:1001:Sarah Selama:/home/sarah:/bin/bash
what type of access does /etc/passwd have and why:
1) read only
2) because many command utilities and system processes rely on it to map user IDs (UIDs) to user names
which user has write access to the /etc/passwd file:
root user (superuser)
length of user in /etc/passwd
1-32 characters
x in /etc/passwd
1) an encrypted password saved in the /etc/shadow file
2) can be used ONLY by root to verify/write a user password
what are the UID numbers reserved for in /etc/passwd
1) zero for /root
2) 1-99 are for predefined accounts
3) 100-999 are reserved by system for
administrative and system accounts/groups
what happens when a user tries to log in
1) the operating system will compare username and password with those in the /etc/passwd file, once authentication..
2) the operating system creates an initial process specifically for that user (user’s login shell)
3) UID of this initial process is set based on the third field of the corresponding entry in the /etc/passwd file
two ways to add a user
1) use adduser command
2) manually add a new record to the /etc/passwd and /etc/shadow files
what will this display:
grep seed /etc/group
groupname:x:GID:user1:user2:….:usern
what will this display:
groups
the names of all the groups for the currently logged-in users
break this down and what it does:
sudo usermod -a -G prof user1
> sudo: execute superuser commands
usermode: modify user
-a: append
-G: groupname, followed by username
what is:
sudo groupadd prof
> creates a group called “prof”
types of access on files and explain each:
– read (r): user can view the contents of the file
– write (w): user can change the contents of the file
– execute (x): user can execute or run the file if it is a program or script
types of access for directories and explain each
– read (r): user can list the contents of the directory (e.g., using ls)
– write (w): user can create files and sub-directories inside the directory
– execute (x): user can enter that directory (e.g., using cd)
the two categories that rights are divided into
> permission
ownership
difference between:
ls -al and ls -ls
-al includes all the files that start with a “.”
-ls excludes all the files that start with a “.”
columns of ls:
file size (blocks)
file type
owner access rights
group access rights
other access rights
number of links
user owning the file
groups owning the file
file size (bytes)
date: MDY
filename
what is umask
a system setting that determines the default permissions for newly created files and directories
which commands do you use to set permissions to a file and create it
- umask (umask value)
- touch (filename.type)
which command do you use to create new directory in the current directory
- mkdir (new_directory)
what happens if mkdir (new_directory) throws an error and how do you handle it
- it means directory already exists
- create a parent directory using:
$ mkdir -p main_directory/intermediate_directory/target_directory
which then you can use to add your new directory
what is ls -l t*
a command that shows details of every file that starts with the letter t
* represents any character after t
what happens if you run
- umask 022
- touch t1
but file t1 exists
it will update the timestamp and that’s it
what is the ACL (access control list) model
a model that allows file owners or privileged users to grant rights to specific subjects (users, or group of users)
difference between traditional model and ACL model
- the traditional model has a fixed number of permission sets (owner, group, others)
- the ACL model allows for additional entries to specify permissions for specific users or groups.
ACL provides more flexibility in assigning permissions, allowing for more customized access control
the length of permission list and the subjects in ACL
- length is 3 (rwx)
- subject is either owner, group, or other
difference between getfacl and setfacl
- getfacl retrieves the ACL entries for a file or directory and displays them
- setfacl sets or modifies the ACL entries for a file or directory, allowing you to define or change the access control settings
breakdown:
setfacl {-m, -x} {u,g}:<name>:[r,w,x] <file,directory></name>
> setfacl: modified the ACL entries for a file or directory
-m: modify ACL entries
-x: removes ACL entries
u: for user
g: for group<name>: of user or group
[r,w,x]: rwx permissions
<file,directory>: specifies the file or directory for which the ACL entries are being set or modified
</name>
what does the + indicate here:
-rw-rw-r–+
that ACLs are defined
what is the structure of the password entry in the /etc/shadow file
$id$salt$password_hash$
> id: specifies the algorithm id
> salt: random numbers added to password to make them complex
> password_hash: output of user’s password that was passed into a hash function
what does “!” mean in the password field
account has been locked or disabled
