Filesystem permissions

Most current file systems have methods of administering permissions or access rights to specific users and groups of users. These systems control the ability of the users affected to view or make changes to the contents of the filesystem.

Traditional Unix permissions

Permissions on Unix-like systems are managed in three distinct classes. These classes are known as user, group, and others. In effect, Unix permissions are a simplified form of access control lists (ACLs).
When a new file is created on a Unix-like system, its permissions are determined from the umask of the process that created it.

Classes

Files and directories are owned by a user. The owner determines the file's owner class. Distinct permissions apply to the owner.
Files and directories are assigned a group, which define the file's group class. Distinct permissions apply to members of the file's group members. The owner doesn't need to be a member of the file's group.
Users who are not the owner, nor a member of the group, comprise a file's others class. Distinct permissions apply to others.
The effective permissions are determined based on the user's class. For example, the user who is the owner of the file will have the permissions given to the owner class regardless of the permissions assigned to the group class or others class.

Permissions

There are three specific permissions on Unix-like systems that apply to each class:
  • The read permission, which grants the ability to read a file. When set for a directory, this permission grants the ability to read the names of files in the directory (but not to find out any further information about them such as contents, file type, size, ownership, permissions, etc.)
  • The write permission, which grants the ability to modify a file. When set for a directory, this permission grants the ability to modify entries in the directory. This includes creating files, deleting files, and renaming files.
  • The execute permission, which grants the ability to execute a file. This permission must be set for executable binaries (for example, a compiled C++ program) or shell scripts (for example, a Perl program) in order to allow the operating system to run them. When set for a directory, this permission grants the ability to traverse its tree in order to access files or subdirectories, but not see the content of files inside the directory (unless read is set).
The effect of setting the permissions on a directory (rather than a file) is "one of the most frequently misunderstood file permission issues".
When a permission is not set, the rights it would grant are denied. Unlike ACL-based systems, permissions on a Unix-like system are not inherited. Files created within a directory will not necessarily have the same permissions as that directory. The permissions to be assigned are determined using umasks.

Octal notation

Another common method for representing Unix permissions is octal notation. Octal notation consists of a three- or four-digit base-8 value.
With three-digit octal notation, each numeral represents a different component of the permission set: user class, group class, and "others" class respectively.
Each of these digits is the sum of its component bits (see also Binary numeral system). As a result, specific bits add to the sum as it is represented by a numeral:
  • The read bit adds 4 to its total (in binary 100),
  • The write bit adds 2 to its total (in binary 010), and
  • The execute bit adds 1 to its total (in binary 001).
These values never produce ambiguous combinations; each sum represents a specific set of permissions.
These are the examples from the Symbolic notation section given in octal notation:
  • "-rwxr-xr-x" would be represented as 755 in three-digit octal.
  • "-rw-rw-r--" would be represented as 664 in three-digit octal.
  • "-r-x------" would be represented as 500 in three-digit octal.

Comments

Post a Comment

Popular posts from this blog

Authorization Testing

Image
1. Testing for Path Traversal First, we test if it is possible to find a way to execute a path traversal attack and access reserved information About input vector: 2. Testing for bypassing authorization schema This kind of test focuses on verifying how the authorization schema has been implemented for each role/privilege to get access to reserved functions/resources. 3. Testing for Privilege Escalation During this phase, the tester should verify that it is not possible for a user to modify his or her privileges/roles inside the application in ways that could allow privilege escalation attacks.
Read more

Bypass HTML Field Restrictions

This time I learn about Bypass HTML Field Restrictions. I bypass the html form . In order to pass this lesson , I must submit the form with each field containing the value of unallowed . I have to submit an invalid value for all six fields in one delivery form provided . that is : select field which has two choices , radio button which has two choices , input field which retricted to 5 character, and disableinput field with a form that can not be filled . And this some way that I have tried to bypass it : First I submibt that form as usual and I did not find any change Then I tried to intercept request by webscarab, I change values that not provided there. but I not find any changes too. I studied again after it there are only 5 fields in the request when the procedure mentioned there are 6 fields . then I add a new field that is itself disableinput field , the parameter I get from the source web page . but I not find
Read more

Grabbing Proxy With Selenium and Python

Image
Selenium is automated browser that can be controlled by script. Selenium support for many programming language like Java, csharp, python, ruby, php, perl, and javascript. This simple script for grabbing proxy list from freeproxylist.net website created with python. 1. Install python selenium        # apt-get install python-pip        # pip install selenium 2. Download browser driver     Chrome : https://sites.google.com/a/chromium.org/chromedriver/downloads Edge : https://developer.microsoft.com/en-us/microsoft-edge/tools/webdriver/ Firefox : https://github.com/mozilla/geckodriver/releases Safari : https://webkit.org/blog/6900/webdriver-support-in-safari-10/ Chose favorite browser you want. 3.  Run this script import os from selenium import webdriver from bs4 import BeautifulSoup from selenium.webdriver.common.keys import Keys chromedriver = "./chromedriver" # replace with your browser driver os.environ["webdriver.chrome.driver"] = chromed
Read more