| Previous | Table of Contents | Next |
It’s not uncommon for computer centers to provide some type of guest access accounts for visitors so they can use the local computers temporarily. These accounts usually don’t have passwords or have passwords that are the same as the login ID. For example, the login guest might not have a password or has a password of guest. As you might guess, these are security disasters waiting to happen.
Because these accounts and passwords are probably widely known, an intruder could use one to gain initial access to your system. When a cracker has broken into your system, the intruder can then try to get root access from the inside or use your system as a waypoint from which to attack other computers over a network. Tracing an attack back to an open public account makes it much harder to find the true source of the attack.
Guest or open accounts really aren’t a good idea on any system. If you really must use one, keep it disabled until it’s needed. Randomly generate a password for the account when it needs to be used and, when you can, disable it immediately. Remember not to send the password via e-mail.
It’s common for computers to have several command accounts—login IDs that run a given command and then exit. For example, finger is an account that has no password. When a user logs in as finger, the finger program is run, showing who is on the system, and then the session terminates. Other such accounts may be sync and date, which typically don’t have passwords. Even though they don’t run a shell and run only one command, they can still pose a security risk.
If you allow command accounts on your system, you should ensure that none of these commands accepts command-line input. Also, these commands shouldn’t have any type of shell escape that can allow a user to get to an interactive shell.
A second reason for not using these types of accounts is that they can give away information about your system that can be useful to an intruder. Using programs such as finger or who as command accounts can allow intruders to get the login IDs of users on your system. Remember that the login ID/password combination protects your accounts. If an intruder gets the login ID of a user, that person now has half the information that’s needed to log in to that account.
A group account is an account for which more than one person knows the password and logs in under the same ID. You guessed it—a bad idea. If you have an account shared by several people that is broken into and is being used as a base to attack other computers, finding the person who gave out the password is difficult. If you have an account that’s shared by five people, it may in fact be shared by 25. There’s no way to know.
• See “Working with Groups,” p. 223
Linux allows you to provide file access based on group membership. This way, a group of people who need access to a set of files can share them without needing to share an account. Rather than create group accounts, make wise use of groups under Linux. Stay with the “One Login ID, One Person” philosophy.
The file system under Linux is a tree structure that’s built from files and directories. Linux stores several types of information about each file in its file system, including the following:
If a user can modify some of the file information on certain files, security breaches can occur. As a result, the file system plays a very important role in system security.
Linux file permissions control which users can access which files and commands. These permission bits control access rights for the owner, the associated group members, and other users. By using the ls -l command, you can generate a file list that shows the permissions field. The leftmost field shown by ls -l specifies the file permissions. For example, this field may look like -rw-r--r--. The first - in the field shows the file type. For regular files, this field is always -.
The next nine characters represent the file access permissions for the owner, group, and world, respectively. Each category takes up three characters in the permissions field, consisting of the characters r (for read permission), w (for write permission), and x (for execute permission). Any or all of these characters may be present.
If one of the permissions has been granted, the corresponding character is present. If permission isn’t granted, there’s a - instead. For example, if a file has a permission field that looks like -rw-r--r--, this indicates that the file is a regular file (the first character is -), the owner has permissions rw- (which means read and write, but no execute), and the other group members and the world at large both have permissions r-- (which means read permission but no write or execute access). File permissions are changed via the chmod command.}
• See “File Permissions,” p. 310
NOTE: You can specify the permissions to the chmod command as octal values instead of the rwx symbolic values. Simply treat the three characters in a permission field as bits in an octal number—if the character is present, count it as a 1. So, the permissions -rw-r--r-- are represented numerically as 644.
| Previous | Table of Contents | Next |