Internet Productivity Suite: Open Source Security - Trust Internet Productivity Suite's open source architecture to give you the best security and productivity applications available. Collaborating with thousands of developers, Guardian Digital security engineers implement the most technologically advanced ideas and methods into their design. Click to find out more!
Getting to Know Linux Security: File Permissions
Welcome to the first tutorial in the 'Getting to Know Linux Security' series. The topic explored is Linux file permissions. It offers an easy to follow explanation of how to read permissions, and how to set them using chmod. This guide is intended for users new to Linux security, therefore very simple. If the feedback is good, I'll consider creating more complex guides for advanced users. Please let us know what you think and how these can be improved.
Hello, my name is Benjamin Thomas and I am with Guardian Digital, the primary sponsor of LinuxSecurity.com Welcome to the first of the "Getting to know Linux Security" series tutorials that will be featured on our site. Today's topic is file permissions. This lesson is primarily intended for those users who are just getting started, and other wishing to brush up old skills. The examples I show you today are from a typical Linux command line. Today, I'll be using EnGarde Secure Linux. More information about this distribution can be found at Guardian Digital.com and it can be downloaded at EnGardeLinux.org.
Lets Begin. To see a listing of files in a directory, execute the command 'ls'. As you'll see, there are no files in the temporary directory that I'm using. Let's first create several files.
touch file1 file2 file3
The command 'ls' then shows the files we have created. A more informative way to show the files is ls -la. The 'l' switch lists files in long format and the 'a' switch lists all files, including hidden ones.
Click to view video demo:
features/features/getting-to-know-linux-security-file-permissions
LinuxSecurity.com Feature Extras:
The Tao of Network Security Monitoring: Beyond Intrusion Detection - To be honest, this was one of the best books that I've read on network security. Others books often dive so deeply into technical discussions, they fail to provide any relevance to network engineers/administrators working in a corporate environment. Budgets, deadlines, and flexibility are issues that we must all address. The Tao of Network Security Monitoring is presented in such a way that all of these are still relevant.
Encrypting Shell Scripts - Do you have scripts that contain sensitive information like passwords and you pretty much depend on file permissions to keep it secure? If so, then that type of security is good provided you keep your system secure and some user doesn't have a "ps -ef" loop running in an attempt to capture that sensitive info (though some applications mask passwords in "ps" output).
A 2005 Linux Security Resolution - Year 2000, the coming of the new millennium, brought us great joy and celebration, but also brought great fear. Some believed it would result in full-scale computer meltdown, leaving Earth as a nuclear wasteland. Others predicted minor glitches leading only to inconvenience. The following years (2001-2004) have been tainted with the threat of terrorism worldwide.
Bulletproof Virus Protection - Protect your network from costly security breaches with Guardian Digital’s multi-faceted security applications. More then just an email firewall, on demand and scheduled scanning detects and disinfects viruses found on the network. Click to find out more!
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New squirrelmail package fixes several vulnerabilities | ||
| 1st, February, 2005
Upstream developers noticed that an unsanitised variable could lead to cross site scripting. advisories/debian/debian-new-squirrelmail-package-fixes-several-vulnerabilities |
||
| Debian: New prozilla packages fix arbitrary code execution | ||
| 1st, February, 2005
Several buffer overflows have been discovered in prozilla, a multi-threaded download accelerator which could be exploited by a remote attacker to execute arbitrary code on the victim's machine. An exploit for prozilla is already in the wild. advisories/debian/debian-new-prozilla-packages-fix-arbitrary-code-execution-34834 |
||
| Debian: New cpio packages fix insecure file permissions | ||
| 2nd, February, 2005
advisories/debian/debian-new-cpio-packages-fix-insecure-file-permissions |
||
| Fedora | ||
| Fedora Core 3 Update: enscript-1.6.1-28.0.4 | ||
| 31st, January, 2005
This update fixes another regression introduced by a recent update. advisories/fedora/fedora-core-3-update-enscript-161-2804-14-47-00-118131 |
||
| Fedora Core 3 Update: openswan-2.1.5-2.FC3.1 | ||
| 28th, January, 2005
This erratum fixes the remote exploitation of a stack based buffer overflow vulnerability in Xelerance Corp.'s Openswan, which could allow attackers to execute arbitrary code. advisories/fedora/fedora-core-3-update-openswan-215-2fc31-10-10-00-118104 |
||
| Fedora Core 2 Update: elinks-0.9.1-1.1 | ||
| 28th, January, 2005
advisories/fedora/fedora-core-2-update-elinks-091-11-14-41-00-118108 |
||
| Fedora Core 3 Update: elinks-0.9.2-2.1 | ||
| 28th, January, 2005
Links is a text-based Web browser. Links does not display any images, but it does support frames, tables and most other HTML tags. Links' advantage over graphical browsers is its speed--Links starts and exits quickly and swiftly displays Web pages. advisories/fedora/fedora-core-3-update-elinks-092-21-14-41-00-118109 |
||
| Fedora Core 2 Update: enscript-1.6.1-25.3 | ||
| 28th, January, 2005
This update fixes a regression introduced by the last update. advisories/fedora/fedora-core-2-update-enscript-161-253-18-08-00-118111 |
||
| Fedora Core 3 Update: enscript-1.6.1-28.0.3 | ||
| 28th, January, 2005
This update fixes a regression introduced by the last update. advisories/fedora/fedora-core-3-update-enscript-161-2803-18-09-00-118112 |
||
| Fedora Core 2 Update: zlib-1.2.1.2-0.fc2 | ||
| 28th, January, 2005
Fixes 2 DoS issues advisories/fedora/fedora-core-2-update-zlib-1212-0fc2-23-10-00-118113 |
||
| CORRECTION: Fedora Core 2 Update: gaim-1.1.2-0.FC2 | ||
| 28th, January, 2005
Fixes a great many bugs. Refer to the official changelog for details. advisories/fedora/correction-fedora-core-2-update-gaim-112-0fc2-23-11-00-118114 |
||
| CORRECTION: Fedora Core 3 Update: gaim-1.1.2-0.FC3 | ||
| 28th, January, 2005
Fixes a great many bugs. Refer to the official changelog for details. advisories/fedora/correction-fedora-core-3-update-gaim-112-0fc3-23-11-00-118115 |
||
| Fedora Core 3 Update: NetworkManager-0.3.3-1.cvs20050119.2.fc3 | ||
| 31st, January, 2005
|
||
| Fedora Core 3 Update: openssl096b-0.9.6b-21 | ||
| 31st, January, 2005
This update adds missing fix for CAN-2004-0081. advisories/fedora/fedora-core-3-update-openssl096b-096b-21-12-01-00-118126 |
||
| Fedora Core 2 Update: openssl096b-0.9.6b-20 | ||
| 31st, January, 2005
This update adds missing fix for CAN-2004-0081. advisories/fedora/fedora-core-2-update-openssl096b-096b-20-12-01-00-118127 |
||
| Fedora Core 3 Update: curl-7.12.3-2 | ||
| 31st, January, 2005
libidn-devel is now required so that systems using the devel subpkg will build correctly. The latest version of curl uses the poll() syscall to get around a previous file descriptor limit. advisories/fedora/fedora-core-3-update-curl-7123-2-12-02-00-118128 |
||
| Fedora Core 3 Update: system-config-printer-0.6.116.1-1 | ||
| 31st, January, 2005
Bug-fix release. advisories/fedora/fedora-core-3-update-system-config-printer-061161-1-14-47-00-118132 |
||
| Fedora Core 3 Update: ruby-1.8.2-1.FC3.1 | ||
| 31st, January, 2005
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. advisories/fedora/fedora-core-3-update-ruby-182-1fc31-15-10-00-118133 |
||
| Fedora Core 3 Update: rhgb-0.16.2-1.FC3 | ||
| 31st, January, 2005
This update fixes various errors of the form "init: open(/dev/pts/0): No such file or directory". advisories/fedora/fedora-core-3-update-rhgb-0162-1fc3-16-27-00-118134 |
||
| Fedora Core 3 Update: file-4.12-1.FC3.1 | ||
| 1st, February, 2005
The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. advisories/fedora/fedora-core-3-update-file-412-1fc31-09-53-00-118143 |
||
| Fedora Core 3 Update: net-tools-1.60-37.FC3.1 | ||
| 1st, February, 2005
The net-tools package contains basic networking tools, including ifconfig, netstat, route, and others. advisories/fedora/fedora-core-3-update-net-tools-160-37fc31-09-54-00-118144 |
||
| Fedora Core 3 Update: gimp-2.2.3-0.fc3.2 | ||
| 1st, February, 2005
The GIMP includes a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. The GIMP FTP site has a package of fonts that you can install by yourself, which includes all the fonts needed to run the included scripts. Some of the fonts have unusual licensing requirements; all the licenses are documented in the package. advisories/fedora/fedora-core-3-update-gimp-223-0fc32-09-55-00-118145 |
||
| Fedora Core 3 Update: system-config-services-0.8.18-0.fc3.1 | ||
| 1st, February, 2005
system-config-services is a utility which allows you to configure which services should be enabled on your machine. advisories/fedora/fedora-core-3-update-system-config-services-0818-0fc31-09-56-00-118146 |
||
| Fedora Core 2 Update: squid-2.5.STABLE7-1.FC2.1 | ||
| 1st, February, 2005
Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. advisories/fedora/fedora-core-2-update-squid-25stable7-1fc21-22-02-00-118153 |
||
| Fedora Core 3 Update: squid-2.5.STABLE7-1.FC3.1 | ||
| 1st, February, 2005
Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. advisories/fedora/fedora-core-3-update-squid-25stable7-1fc31-22-03-00-118154 |
||
| Fedora Core 2 Update: dump-0.4b39-1.FC2 | ||
| 2nd, February, 2005
Updated dump packages contain fixes related to possible data corruption, unintentional writes to target partition and many other bugfixes. The updated dump also contains support for Extended Attributes/Access Control Lists. advisories/fedora/fedora-core-2-update-dump-04b39-1fc2-12-31-00-118164 |
||
| Fedora Core 3 Update: dump-0.4b39-1.FC3 | ||
| 2nd, February, 2005
Updated dump packages contain fixes for unintentional writes to target partition and other bugfixes. The updated dump also contains support for Extended Attributes/Access Control Lists. advisories/fedora/fedora-core-3-update-dump-04b39-1fc3-12-32-00-118165 |
||
| Fedora Core 3 Update: mc-4.6.1-0.12.FC3 | ||
| 2nd, February, 2005
The updated mc package contains the latest release candidate, mc-4.6.1-pre3 and many bugfixes. advisories/fedora/fedora-core-3-update-mc-461-012fc3-12-33-00-118166 |
||
| Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.75 | ||
| 2nd, February, 2005
This package contains the SELinux example policy configuration along with the Flask configuration information and the application configuration files. advisories/fedora/fedora-core-3-update-selinux-policy-targeted-11730-275-14-24-00-118167 |
||
| Fedora Core 3 Update: policycoreutils-1.18.1-2.6 | ||
| 2nd, February, 2005
Security-enhanced Linux is a patch of the Linux¨ kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. advisories/fedora/fedora-core-3-update-policycoreutils-1181-26-14-25-00-118168 |
||
| Fedora Core 3 Update: dbus-0.22-10.FC3.2 | ||
| 2nd, February, 2005
Security fix for Bug#146765 (CAN-2005-0201) advisories/fedora/fedora-core-3-update-dbus-022-10fc32-15-43-00-118170 |
||
| Fedora Core 3 Update: kdepim-3.3.1-1.FC3.1 | ||
| 3rd, February, 2005
A PIM (Personal Information Manager) for KDE. advisories/fedora/fedora-core-3-update-kdepim-331-1fc31-13-05-00-118175 |
||
| Fedora Core 3 Update: xpdf-3.00-10.3 | ||
| 3rd, February, 2005
Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. advisories/fedora/fedora-core-3-update-xpdf-300-103-13-06-00-118176 |
||
| Fedora Core 2 Update: kernel-2.6.10-1.12_FC2 | ||
| 3rd, February, 2005
The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. advisories/fedora/fedora-core-2-update-kernel-2610-112fc2-14-06-00-118177 |
||
| Fedora Core 3 Update: kernel-2.6.10-1.760_FC3 | ||
| 3rd, February, 2005
The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. advisories/fedora/fedora-core-3-update-kernel-2610-1760fc3-14-07-00-118178 |
||
| Gentoo | ||
| Gentoo: SquirrelMail Multiple vulnerabilities | ||
| 28th, January, 2005
SquirrelMail fails to properly sanitize user input, which could lead to arbitrary code execution and compromise webmail accounts. |
||
| Gentoo: ngIRCd Buffer overflow | ||
| 28th, January, 2005
ngIRCd is vulnerable to a buffer overflow that can be used to crash the daemon and possibly execute arbitrary code. |
||
| Gentoo: TikiWiki Arbitrary command execution | ||
| 30th, January, 2005
A bug in TikiWiki allows certain users to upload and execute malicious PHP scripts. |
||
| Gentoo: VDR Arbitrary file overwriting issue | ||
| 30th, January, 2005
VDR insecurely accesses files with elevated privileges, which may result in the overwriting of arbitrary files. |
||
| Gentoo: f2c Insecure temporary file creation | ||
| 30th, January, 2005
f2c is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. |
||
| Gentoo: ncpfs Multiple vulnerabilities | ||
| 30th, January, 2005
The ncpfs utilities contain multiple flaws, potentially resulting in the remote execution of arbitrary code or local file access with elevated privileges. |
||
| Gentoo: Gallery Cross-site scripting vulnerability | ||
| 30th, January, 2005
Gallery is vulnerable to cross-site scripting attacks. |
||
| Gentoo: ClamAV Multiple issues | ||
| 31st, January, 2005
ClamAV contains two vulnerabilities that could lead to Denial of Service and evasion of virus scanning. |
||
| Gentoo: FireHOL Insecure temporary file creation | ||
| 1st, February, 2005
FireHOL is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. |
||
| Gentoo: FireHOL Insecure temporary file creation | ||
| 1st, February, 2005
FireHOL is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. |
||
| Gentoo: UW IMAP CRAM-MD5 authentication bypass | ||
| 2nd, February, 2005
UW IMAP contains a vulnerability in the code handling CRAM-MD5 authentication allowing authentication bypass. |
||
| Gentoo: enscript Multiple vulnerabilities | ||
| 2nd, February, 2005
enscript suffers from vulnerabilities and design flaws, potentially resulting in the execution of arbitrary code. |
||
| Gentoo: Squid Multiple vulnerabilities | ||
| 2nd, February, 2005
Squid contains vulnerabilities in the code handling WCCP, HTTP and LDAP which could lead to Denial of Service, access control bypass, web cache and log poisoning. |
||
| Gentoo: Newspost Buffer overflow vulnerability | ||
| 2nd, February, 2005
A buffer overflow can be exploited to crash Newspost remotely and potentially execute arbitrary code. |
||
| Mandrake | ||
| Mandrake: Updated clamav package | ||
| 29th, January, 2005
A problem in the initscript prevented clamd from starting properly. These new packages fix that problem. |
||
| Mandrake: Updated clamav packages fix | ||
| 31st, January, 2005
Two problems were discovered in versions of clamav prior to 0.81. An attacker could evade virus scanning by sending a base64-encoded imaege file in a URL. Also, by sending a specially-crafted ZIP file, an attacker could cause a DoS (Denial of Service) by crashing the clamd daemon. |
||
| Mandrake: Updated KDE packages | ||
| 31st, January, 2005
A problem with the previous update prevented users from updating kdebase due to a missing file and incomplete rpm header information. The updated kdebase packages fix this problem. |
||
| Mandrake: Updated imap packages fix | ||
| 2nd, February, 2005
A vulnerability was discovered in the CRAM-MD5 authentication in UW-IMAP where, on the fourth failed authentication attempt, a user would be able to access the IMAP server regardless. This problem exists only if you are using CRAM-MD5 authentication and have an /etc/cram-md5.pwd file. This is not the default setup. The updated packages have been patched to prevent these problems. |
||
| Mandrake: Updated chbg packages fix | ||
| 2nd, February, 2005
A vulnerability in chbg was discovered by Danny Lungstrom. A maliciously-crafted configuration/scenario file could overflow a buffer leading to the potential execution of arbitrary code. The updated packages are patched to prevent the problem. |
||
| Mandrake: Updated vim packages fix | ||
| 2nd, February, 2005
Javier Fernandez-Sanguino Pena discovered two vulnerabilities in scripts included with the vim editor. The two scripts, "tcltags" and "vimspell.sh" created temporary files in an insecure manner which could allow a malicious user to execute a symbolic link attack or to create, or overwrite, arbitrary files with the privileges of the user invoking the scripts. The updated packages are patched to prevent this problem. |
||
| Red Hat | ||
| RedHat: Updated enscript package fixes security issues | ||
| 1st, February, 2005
An updated enscript package that fixes several security issues is now available. advisories/red-hat/redhat-updated-enscript-package-fixes-security-issues-RHSA-2005-039-01 |
||
| RedHat: Updated CUPS packages fix security issue | ||
| 1st, February, 2005
|
||
| RedHat: Updated perl-DBI package fixes security issue | ||
| 1st, February, 2005
An updated perl-DBI package that fixes a temporary file flaw in DBI::ProxyServer is now available. advisories/red-hat/redhat-updated-perl-dbi-package-fixes-security-issue-RHSA-2005-069-01 |
||
| RedHat: Updated Ethereal packages fix security issues | ||
| 2nd, February, 2005
Updated Ethereal packages that fix various security vulnerabilities are now available. advisories/red-hat/redhat-updated-ethereal-packages-fix-security-issues-RHSA-2005-011-01 |
||
