module 2 day 3: windows file permissions through windows special permissions Flashcards
1
Q
who do we want to give access to certain files and directories?
A
those who need it
2
Q
How are files and directory permissions assigned in Windows?
A
using Access Control Lists, or ACLs
3
Q
What will we work with in this course for files and directory permissions?
A
Discretionary Access Control Lists, or DACLs
4
Q
What can windows files and folders also have for permissions?
A
System Access Control Lists, or SACLs, assigned to them
5
Q
What are used to tell Windows that it should use an event log to make a note of every time someone accesses a file or folder?
A
SACLs
6
Q
What is a note about who can use a file and what they’re allowed to do with it?
A
DACL
7
Q
What has an owner and one or more DACL?
A
Each file or folder on a Windows machin
8
Q
how can you see the properties dialogue for your Home Directory in Windows?
A
Go in file explorer, home directory, right click desktop, select properties
9
Q
how do you see the permissions window in the properties dialogue for a directory?
A
go to the securities tab, and that tab is the permissions window.
10
Q
what is in the top box in the permissions window for a directory?
A
Group or user names
11
Q
what is in the bottoms box in the permissions window for a directory?
A
Permissions for SYSTEM, a list of permissions that each user group has been assigned
12
Q
What permission lets you see that a file exists and lets you read its contents and also lets you read the files and directories in a directory?
A
Read
13
Q
What permission lets you read files, and if the file is executable, you can run the file? Includes Read, so if you select it, Read will be automatically selected
A
Read and Execute
14
Q
what permission is an alias for Read and Execute on a directory? so checking one will check the other? You can read and execute files in that directory
A
List folder contents
15
Q
what permission lets you make changes to a file? you can have this access without having read permission. Lets you create subdirectories and write to files in the directory
A
Write
16
Q
what permission is an umbrella permission that includes read, execute, and write?
A
Modify
17
Q
what permission gives a user or group access to do anything they want to the file? All the permissions of modify, and the ability to take ownership of a file and change its ACLs.
A
Full Control
18
Q
how can you see the permissions for the user?
A
click on the user’s name in the permissions page for the file or directory, and it will show in the Permissions list below.
19
Q
how can you see which ACLs are assigned to a file? what utility designed to view and change ACLs?
A
use icacls, improved change ACLs. PowerShell.
20
Q
how would you look at the desktop with icacls?
A
icacls ~\Desktop
21
Q
what does the output for icacls ~\Desktop show us?
A
you can see the user accounts with access to your Desktop, and you can see if your account is one of them.
22
Q
In PowerShell, in icacls, what do the capital letters in parentheses represent?
A
the ones in front of the user represent the file permissions the user has.
23
Q
what is the help parameter for icacls?
A
icacls /? It’s a DOS command
24
Q
in icacls, what does F mean?
A
full access
25
what is full access the same as?
full control
26
what permissions can be inherited?
ntfs
27
what does OI mean in icacls?
object inherit
28
what does CI mean in icacls?
container inherit
29
what does it mean if I have object and container inherit permissions, with full access?
if I create objects, files, or containers, directories, inside that directory, they inherit that DACL, and I retain full access permissions with them. objects and containers.
30
what is a list of access control entries, or ACE?
ACL
31
What identifies a trustee and specifies the access rights allowed, denied, or audited for that trustee?
Each ACE in an ACL
32
What can contain two types of ACL: a DACL and a SACL?
the security descriptor for a securable object
33
What does DACL stand for?
discretionary access control list
34
What identifies the trustees that are allowed or denied access to a securable object?
DACL
35
When does the system check the ACEs in the object's DACL to determine whether to grant access to it?
when a process tries to access a securable object
36
what does the system do if the object doesn't have a DACL?
grants full access to everyone
37
what happens if the object's DACL has no ACE?
the system denies all attempts to access the object because the DACL doesn't allow any access rights
38
What does the system do until it finds one or more ACE that alllow all the requested access rights or until any of the requested access rights are denied?
checks the ACE's in sequence
39
what allows admins to log attempts to access a secured object?
sacls
40
what specifies the types of access attempts by a specified trustee that cause the system to generate a record in the security event log?
each ACE
41
what can generate audit records when an access attempt fails, when it succeeds, or both?
an ACE in a SACL
42
What should i use to make sure that ACLs are semantically correct?
use the appropriate functions to create and manipulate ACLs. Don't work directly with them.
43
what provide access control to Microsoft Active Directory service objects?
ACLs
44
What include routines to create and modify the contents of ACLs?
Active Directory Service Interfaces, ADSI
45
How many different permissions can you have in Linux?
three
46
in Linux, what permission lets someone read the contents of a file or folder?
Read
47
in linux, what permission allows someone to write information to a file or folder?
write
48
in linux, what permission allows someone to execute a program?
Execute
49
what flag with the ls command in linux lets us see the permissions on a file?
ls -l
50
when looking at a file's long ls, what is the first thing we see in the first column? linux.
10 bits. the first is the file type, the next 9 bits are our actual permissions, grouped in trios or sets of three.
51
what does a - mean for the file type? linux
regular file, in this example
52
what does a d stand for as file type?
directory
53
in linux, in the 9 bits that tell us our actual permissions, what does the first trio refer to?
the permission of the owner of the file
54
in linux, in the 9 bits that tell us our actual permissions, what does the second trio refer to?
the permission of the group this file belongs to
55
in linux, in the 9 bits that tell us our actual permissions, what does the third trio refer to?
the permission of all other users
56
in actual permissions, what stands for readable? Linux.
r
57
what stands for writable in linux permissions?
w
58
what stands for executable in LInux permissions?
x
59
in permissions, what do we say if a bit is set?
it is enabled.
60
what does - mean in the linux actual permissions 9 bit section?
the permission is disabled. if not a dash, it is enabled.
61
why are permissions in linux flexible and powerful?
They allow us to set specific permissions based on a role, such as an owner, in a group, or everyone else.
62
where is the owner field of ls -l?
after the permissions field, after that one number. This owner is the one whose permissions are referred to in the first three bits of the permissions field.
63
where is the group field of ls -l? where can you see the group this file belongs to?
after the owner field
64
how do you change folder permissions on the Windows GUI?
right click on the folder you want to change permissions for, go to properties, security, Edit
65
what do I need to input in the Add page to change user permissions? Adding a user on an ACL named Devan
enter the object names to select:
Devan
click check names to verify you typed it right, click OK after it is verified
65
Where can I add a group or usernames to an ACL?
click Add in the Permissions for a file, in the Editing page.
66
when can you click on Devan's username in the permissions page to see the permissions he has?
when you add him to the ACL
67
Where can I change permissions for a user I have added?
in the "permissions for user" section of the permissions page, where you edit permissions. Check the allow boxes for the permissions you want to give the user.
68
what setting in the file/directory permissions page doesn't allow you to have a certain permission? It takes precedence over the allow permissions in general
Deny.
69
When is the Deny permissions option useful?
When a user is in a group with access to a folder, but we don't want that individual in that group with access to have as much access as the rest of the group.
70
what command can you use to modify a permission in the CLI?
icacls
71
what command for permissions was designed for the command prompt before PowerShell? its parameters use permissions that confuse PowerShell
Icacls
72
what do we need to do with icacls parameters so we tell PowerShell not to try to interpret the parameter as code?
single quotes
73
what do I need to do to run the commands for icacls in cmd.exe?
not put in the quotes in order for them to work
74
what is the format for giving everyone access to the filename, Vacation Pictures, in PowerShell?
"""icacls 'C:\Vacation Pictures\' /grant 'Everyone:(OI)(CI)(R)' """
75
what is the format for using icacls in cmd.exe? to give everyone file permissions?
icacls "C:\Vacation Pictures" /grant Everyone:(OI)(CI)(R)
76
in PowerShell, what quotes do we add to make PowerShell ignore parentheses and the fact that a filename path has a space?
single quotes
77
in cmd.exe, what do we have to use with a path that has a space?
double quotes.
78
what do I see when I put in PowerShell:
icacls 'C:\Vacation Pictures'?
the DACLs for the file, which list the users that have permissions for it
79
what permissions do you want to give a user you only want to see files, but not add to them or remove?
read
80
how can I use icacls to give everyone Read permissions to a directory?
icacls 'C:\Vacation Pictures\' /grant 'Everyone: (OI)(CI)(R)'
81
what does the Everyone group include? PowerShell.
Everyone on the computer. Local user accounts, guests.
82
A special type of user that is allowed to use the computer without a password. Disabled by default, but may be enabled in specific situations.
Guest users
83
what if i only want people with passwords on the computer to be able to see a file?
Use the Authenticated Users group, which does not include guests
84
how do you add a new dacl for the Authenticated Users group for the Vacation Pictures folder? Read permission
icacls 'C:\Vacation Pictures\' /grant: 'Authenticated Users:(OI)(CI)(R)'
85
how do you remove the group, "Everyone" from having access to the file, Vacation Pictures?
icacls 'C:\Vacation Pictures' /remove Everyone
no need to have Everyone surrounded by quotes.
86
how do we use icacls to verify that permissions are set as intended? for Vacation Pictures
icacls 'C:\Vacation Pictures'
and then you'll see the list of Vacation Pictures
87
what command do we use to change permissions in linux?
chmod
88
what do you pick first for the chmod command?
the permission set you want to change
89
what are the permission sets in linux?
owner, group the file belongs to, Other users
90
what permission set is denoted by a u?
the owner
91
what permission set in linux is denoted by a g?
the group the file belongs to
92
what permission set in linux is denoted by an o?
other users
93
how do you add or removed permissions? what symbol?
a plus or minus symbol that indicates who the permission effects
94
what does chmod u+x, mycoolfile.txt do?
it says we want to change the permission of mycoolfile.txt by giving executable permissions to the owner, or u.
95
what does chmod u-x mycoolfile.txt do?
removes executable permissions for the user.
96
what does
chmod u+rx mycoolfile.txt
do?
add multiple permissions for the user to a file, read and execute in this case.
97
what does chmod ugo+rx mycoolfile.txt do?
add multiple permissions, r and x, to multiple permission sets: owner, group the file belongs to, and others.
98
what is known as symbolic format?
using ugo and rwx to denote users and permissions in chmod
99
what is a benefit of changing permissions numerically?
it is much faster and simpler, and lets us change all permissions at once.
100
numerical equivalent of rwx: for read, or r.
4 for read, or r
101
the numerical equivalent of rwx: for write, or w
2 for write, or w
102
the numerical equivalent of rwx: for execute, or x
1 for execute, or x
103
how do we set permissions numerically?
add the numbers of rwx for every permission set you want to affect.
104
what does chmod 754 mycoolfile.txt do?
change permissions for mycoolfile.txt so that:
7: owner has all permissions, 5: group that owns the file has the execute and read, 4: everyone else has the read permission
105
what formats in linux can you use to change the permissions/
symbolic or numeric
106
what command allows you to change the owner of a file?
the chown command
107
What prank could I do that still keeps my computer relatively secure?
make a guest account that has very few permissions at all for someone to try to use.
108
what would the command
sudo chown devan filename.txt
do?
change the owner of filename.txt to devan
109
what does the command
sudo chgrp this_group filename.txt
do?
changes the group the file belongs to to this_group.
110
what command do you use to change groups a file belongs to?
sudo chgrp filename.txt groupname
111
what are an essential building block to computer security?
permissions
112
what are the simple permissions in Windows?
Read, Read and Execute, List Folder Contents, Write, Modify, Full Control.
113
What are sets of special, or specific permissions?
Simple permissions
114
when you set a simple permission, what are you actually doing/
setting multiple special permissions
115
where can you see a list of available special permissions? gui, windows
advanced tab, under the permission settings in the gui. click a username and go to advanced permissions.
116
what can you see in advanced permissions?
a list of all the special permissions enabled on a file
117
when you select a basic permission like read, what are you enabling in advanced permissions/
list folder/ read data, read attributes, read extended attributes, read permissions, synchronize
118
how can you modify special permissions/
like any other basic permissions
119
what permissions will be all you need in most cases?
simple permissions
120
when would you need to use special permissions?
when making a file or folder that doesn't follow a simple pattern
121
in the PowerShell CLI, how would you view the special permissions? Temp folder
icacls C:\Windows\Temp
122
what directory is used to hold temporary files for all users in the system?
C:\Windows\Temp
123
what does IO mean in the DACL? for the C:\Windows\Temp folder
inherited only. it will be inherited, but it does not apply to this container.
124
in the list of DACLs for C:\Windows\Temp, what includes the list of all user accounts on the local machine?
the user's group
125
In DACL's, what permission does WD stand for?
create files/write data
126
in DACLs, what permission does AD stand for?
Create folders, append data
127
in DACLs, what does S stand for in permission?
synchronize
128
what is the creator owner in DACL list?
a special user that represents the owner of whichever file the DACL applies to.
129
What does
Creator owner:(OI)(CI)(IO)(F) represent?
whoever owns a file or folder has full control over it.
130
how can you make a file? put it in C:\Windows\Temp, and name it example
mkdir C:\Windows\Temp\example
131
what will
icacls C:\Windows\Temp\example >> icacls.txt
do?
record the output of the icacls of example in the file icacls.txt.
132
what is the redirect output symbol?
>>
133
what does it mean that you inherit permissions when you make a file?
When you make a file, the permission settings for the owner or creator of the file apply to you.
134
