JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris 11.1 Administration: Security Services     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

3.  Controlling Access to Systems (Tasks)

4.  Virus Scanning Service (Tasks)

5.  Controlling Access to Devices (Tasks)

6.  Verifying File Integrity by Using BART (Tasks)

7.  Controlling Access to Files (Tasks)

Using UNIX Permissions to Protect Files

Commands for Viewing and Securing Files

File and Directory Ownership

UNIX File Permissions

Special File Permissions (setuid, setgid and Sticky Bit)

setuid Permission

setgid Permission

Sticky Bit

Default umask Value

File Permission Modes

Using Access Control Lists to Protect UFS Files

Protecting Executable Files From Compromising Security

Protecting Files (Tasks)

Protecting Files With UNIX Permissions (Task Map)

How to Display File Information

How to Change the Owner of a File

How to Change Group Ownership of a File

How to Change File Permissions in Symbolic Mode

How to Change File Permissions in Absolute Mode

How to Change Special File Permissions in Absolute Mode

Protecting Against Programs With Security Risk (Task Map)

How to Find Files With Special File Permissions

How to Disable Programs From Using Executable Stacks

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Security Attributes in Oracle Solaris (Reference)

Part IV Cryptographic Services

11.  Cryptographic Framework (Overview)

12.  Cryptographic Framework (Tasks)

13.  Key Management Framework

Part V Authentication Services and Secure Communication

14.  Using Pluggable Authentication Modules

15.  Using Secure Shell

16.  Secure Shell (Reference)

17.  Using Simple Authentication and Security Layer

18.  Network Services Authentication (Tasks)

Part VI Kerberos Service

19.  Introduction to the Kerberos Service

20.  Planning for the Kerberos Service

21.  Configuring the Kerberos Service (Tasks)

22.  Kerberos Error Messages and Troubleshooting

23.  Administering Kerberos Principals and Policies (Tasks)

24.  Using Kerberos Applications (Tasks)

25.  The Kerberos Service (Reference)

Part VII Auditing in Oracle Solaris

26.  Auditing (Overview)

27.  Planning for Auditing

28.  Managing Auditing (Tasks)

29.  Auditing (Reference)

Glossary

Index

Using UNIX Permissions to Protect Files

Files can be secured through UNIX file permissions and through ACLs. Files with sticky bits, and files that are executable, require special security measures.

Commands for Viewing and Securing Files

This table describes the commands for monitoring and securing files and directories.

Table 7-1 Commands for Securing Files and Directories

Command
Description
Man Page
ls
Lists the files in a directory and information about the files.
chown
Changes the ownership of a file.
chgrp
Changes the group ownership of a file.
chmod
Changes permissions on a file. You can use either symbolic mode, which uses letters and symbols, or absolute mode, which uses octal numbers, to change permissions on a file.

File and Directory Ownership

Traditional UNIX file permissions can assign ownership to three classes of users:

The owner of the file can usually assign or modify file permissions. Additionally, the root account can change a file's ownership. To override system policy, see Example 7-2.

A file can be one of seven types. Each type is displayed by a symbol:

- (Minus symbol)

Text or program

b

Block special file

c

Character special file

d

Directory

l

Symbolic link

s

Socket

D

Door

P

Named pipe (FIFO)

UNIX File Permissions

The following table lists and describes the permissions that you can give to each class of user for a file or directory.

Table 7-2 File and Directory Permissions

Symbol
Permission
Object
Description
r
Read
File
Designated users can open and read the contents of a file.
Directory
Designated users can list files in the directory.
w
Write
File
Designated users can modify the contents of the file or delete the file.
Directory
Designated users can add files or add links in the directory. They can also remove files or remove links in the directory.
x
Execute
File
Designated users can execute the file, if it is a program or shell script. They also can run the program with one of the exec(2) system calls.
Directory
Designated users can open files or execute files in the directory. They also can make the directory and the directories beneath it current.
-
Denied
File and Directory
Designated users cannot read, write, or execute the file.

These file permissions apply to regular files, and to special files such as devices, sockets, and named pipes (FIFOs).

For a symbolic link, the permissions that apply are the permissions of the file that the link points to.

You can protect the files in a directory and its subdirectories by setting restrictive file permissions on that directory. Note, however, that the root role has access to all files and directories on the system.

Special File Permissions (setuid, setgid and Sticky Bit)

Three special types of permissions are available for executable files and public directories: setuid, setgid, and sticky bit. When these permissions are set, any user who runs that executable file assumes the ID of the owner (or group) of the executable file.

You must be extremely careful when you set special permissions, because special permissions constitute a security risk. For example, a user can gain root capabilities by executing a program that sets the user ID (UID) to 0, which is the UID of root. Also, all users can set special permissions for files that they own, which constitutes another security concern.

You should monitor your system for any unauthorized use of the setuid permission and the setgid permission to gain root capabilities. A suspicious permission grants ownership of an administrative program to a user rather than to root or bin. To search for and list all files that use this special permission, see How to Find Files With Special File Permissions.

setuid Permission

When setuid permission is set on an executable file, a process that runs this file is granted access on the basis of the owner of the file. The access is not based on the user who is running the executable file. This special permission allows a user to access files and directories that are normally available only to the owner.

For example, the setuid permission on the passwd command makes it possible for users to change passwords. A passwd command with setuid permission would resemble the following:

-r-sr-sr-x   3 root     sys       28144 Jun 17 12:02 /usr/bin/passwd

This special permission presents a security risk. Some determined users can find a way to maintain the permissions that are granted to them by the setuid process even after the process has finished executing.


Note - The use of setuid permissions with the reserved UIDs (0-100) from a program might not set the effective UID correctly. Use a shell script, or avoid using the reserved UIDs with setuid permissions.


setgid Permission

The setgid permission is similar to the setuid permission. The process's effective group ID (GID) is changed to the group that owns the file, and a user is granted access based on the permissions that are granted to that group. The /usr/bin/mail command has setgid permissions:

-r-x--s--x   1 root   mail     67504 Jun 17 12:01 /usr/bin/mail

When the setgid permission is applied to a directory, files that were created in this directory belong to the group to which the directory belongs. The files do not belong to the group to which the creating process belongs. Any user who has write and execute permissions in the directory can create a file there. However, the file belongs to the group that owns the directory, not to the group that the user belongs to.

You should monitor your system for any unauthorized use of the setgid permission to gain root capabilities. A suspicious permission grants group access to such a program to an unusual group rather than to root or bin. To search for and list all files that use this permission, see How to Find Files With Special File Permissions.

Sticky Bit

The sticky bit is a permission bit that protects the files within a directory. If the directory has the sticky bit set, a file can be deleted only by the file owner, the directory owner, or by a privileged user. The root user is an example of a privileged user. The sticky bit prevents a user from deleting other users' files from public directories such as /tmp:

drwxrwxrwt 7  root  sys   400 Sep  3 13:37 tmp

Be sure to set the sticky bit manually when you set up a public directory on a TMPFS file system. For instructions, see Example 7-5.

Default umask Value

When you create a file or directory, you create it with a default set of permissions. The system defaults are open. A text file has 666 permissions, which grants read and write permission to everyone. A directory and an executable file have 777 permissions, which grants read, write, and execute permission to everyone. Typically, users override the system defaults in their shell initialization files, such as .bashrc and .kshrc.user. An administrator can also set defaults in the /etc/profile file.

The value assigned by the umask command is subtracted from the default. This process has the effect of denying permissions in the same way that the chmod command grants them. For example, the chmod 022 command grants write permission to group and others. The umask 022 command denies write permission to group and others.

The following table shows some typical umask values and their effect on an executable file.

Table 7-3 umask Settings for Different Security Levels

Level of Security
umask Setting
Permissions Disallowed
Permissive (744)
022
w for group and others
Moderate (741)
026
w for group, rw for others
Strict (740)
027
w for group, rwx for others
Severe (700)
077
rwx for group and others

For more information about setting the umask value, see the umask(1) man page.

File Permission Modes

The chmod command enables you to change the permissions on a file. You must be root or the owner of a file or directory to change its permissions.

You can use the chmod command to set permissions in either of two modes:

The following table lists the octal values for setting file permissions in absolute mode. You use these numbers in sets of three to set permissions for owner, group, and other, in that order. For example, the value 644 sets read and write permissions for owner, and read-only permissions for group and other.

Table 7-4 Setting File Permissions in Absolute Mode

Octal Value
File Permissions Set
Permissions Description
0
---
No permissions
1
--x
Execute permission only
2
-w-
Write permission only
3
-wx
Write and execute permissions
4
r--
Read permission only
5
r-x
Read and execute permissions
6
rw-
Read and write permissions
7
rwx
Read, write, and execute permissions

The following table lists the symbols for setting file permissions in symbolic mode. Symbols can specify whose permissions are to be set or changed, the operation to be performed, and the permissions that are being assigned or changed.

Table 7-5 Setting File Permissions in Symbolic Mode

Symbol
Function
Description
u
who
User (owner)
g
who
Group
o
who
Others
a
who
All
=
operator
Assign
+
operator
Add
-
operator
Remove
r
permissions
Read
w
permissions
Write
x
permissions
Execute
l
permissions
Mandatory locking, setgid bit is on, group execution bit is off
s
permissions
setuid or setgid bit is on
t
permissions
Sticky bit is on, execution bit for others is on

The who operator permissions designations in the function column specify the symbols that change the permissions on the file or directory.

who

Specifies whose permissions are to be changed.

operator

Specifies the operation to be performed.

permissions

Specifies what permissions are to be changed.

You can set special permissions on a file in absolute mode or symbolic mode. However, you must use symbolic mode to set or remove setuid permissions on a directory. In absolute mode, you set special permissions by adding a new octal value to the left of the permission triplet. The following table lists the octal values for setting special permissions on a file.

Table 7-6 Setting Special File Permissions in Absolute Mode

Octal Value
Special File Permissions
1
Sticky bit
2
setgid
4
setuid