| Now that you have completed this chapter, you
should have a firm understanding of the following:
File system security is a key component
of an overall network security policy. An overall network security
policy should include:
- Physical Equipment Access Security
- Login / Password Security
- File System Security
- Virus Protection
- Remote Access Security
- Internet Firewall
- Data Backups
- Disaster Recovery Plan
- Audits
Files and directories are protected by
access permissions. The ls -l (List
long) command will list the permissions of a file or directory. These
permissions are assigned to three user categories: User, Group,
and Other. The User is the owner of the file or directory.
Group is the primary group the user belongs to, and Other represents
all other users.
Three types of permissions can be
applied to each file or folder, one set for each user category. These
are Read, Write, and Execute. Read protects a file but
allows its contents to be viewed. Write allows the contents to be
modified, and Execute allows programs and shell scripts to be run. The
meaning of permission types varies somewhat between file and
directories.
Permission can be changed from the
command line by using the chmod
(change mode) command. This command can be used in the Symbolic
(relative) mode or the Octal (absolute) mode. Symbolic mode
uses characters to represent the user category (u = User, g = Group, o
= Other) and permissions types (r = Read, w = Write, x = Execute).
Octal mode uses numbers from 0 thru 7 to represent the permissions
based on their total value of the permission for one of the three user
categories.
Permission can also be changed using
the CDE File Manager utility. By selecting a file or directory and
clicking on Properties, you can view statistics for the file and view
or change its permissions.
|