Linux Security and File Permissions
The Linux Essentials exam covers the topic of security and file permissions. The table shows the subtopics, weight, description, and key knowledge areas for this topic.
|Basic Security and Identifying User Types||2||Various types of users on a Linux system||Root and standard users; system users|
|Creating Users and Groups||2||Creating users and groups on a Linux system||User and group commands; user IDs|
|Managing Files Permissions and Ownership||2||Understanding and manipulating file permissions and ownership
|File/directory permissions and owners|
|Special Directories and Files||1||Special directories and files on a Linux system, including
|System files; libraries; symbolic links|
To adequately address these topics, focus on the following files, terms, and utilities: /etc; /etc/group; /etc/passwd; /etc/shadow; /tmp; /var; /var/tmp; chgrp; chmod; chown; groupadd; groupdel; groupmod; hard links; id; last; ls –d; ls –l; ls –s; passwd; setgid; setuid; sticky bit; su; sudo; useradd; userdel; usermod; w; and who.
Here are the top ten items to know as you study for this domain:
File and directory permissions can be changed with the chmod command (which accepts numeric and symbolic values).
Adding 1000 to standard permissions turns on the “sticky bit”; adding 2000 turns on the SGID permission. Adding 4000 turns on the SUID permission.
Links are created with the ln command. A “hard” link is nothing more than an alias to a file (sharing the same inode). The ln –s command creates a symbolic link that is an actual file with its own inode. The symbolic link contains a pointer to the original file and can span across file systems; the hard link cannot.
User accounts can be added by manually editing the configuration files or by using the useradd command; they can be removed with userdel.
The groupadd utility can be used to create groups and groupdel can be used to remove groups. Groups can be modified with groupmod and users can change from one group to another with the newgrp command.
Passwords are changed with the passwd command. Older systems stored passwords in /etc/passwd; now passwords are stored in /etc/shadow, where they are more secure.
To see who logged on most recently and may currently still be on the network, you can use the last command.
The su command allows you to become another user (returning with exit). If no other username is specified, then the root user is implied, hence the su for superuser.
Use sudo instead of su when you want to run a command as another user (usually root) without becoming that user.
The who command shows who is logged on; the w command shows information combining who with uptime.