Credits: This site powered by the vi text editor, apache webserver, perl scripting, and Debian linux.

solaris8 - Day 6

Goals

In this session you will:

control users

controlling users

take permissions to the next level

See the chart on p28

review of normal file permissions
review of normal directory permissions
- r - search directory contents (ls with no details)
- w - allows creation and deletion
- x - allows users to work with files they know about, but disallows ls. Allows cd
- r-x - allows ls -l. No file creation or deletion.
special file permissions
- s - setuid, setgid: run with group or owner perms rather than executor...
special directory permissions
- t - sticky bit allows deletion only on owned files (/tmp)
- s - setguid on directory makes new files owned by dir's group

use setuid and setgid permissions on files

chmod u+s, set g+s

find / -type f $ -perm -2000 -o -perm -4000 $ find setguid/setuid files

use RBAC and ACLs (solaris only)

FIXME

sudo p9-11

sudo allows a trusted user to run particular apps as root for a limited period of time.
Usage: sudo app

The user will be prompted for their pass and will be able to run the app as root for a limited amount of invocations (generally 1) or for a number of minutes (generally 5).
This behavior is controlled by a /etc/sudoers file.

Danger!

Do not allow sudo to shell scripts or any app that has a shell in it

controlling the user experience

menus
restricted shells
lshells

http://www.mousetrap.net/syllabus/solaris8/day6.html
$Id: day6.orb,v 1.1 2002/10/29 22:03:11 mouse Exp $

jason carr

Reminders

Classroom temperature can be wildly variable. Dress lightly and bring layers.
your username is based on the class title and the last two digits of your workstation's hostname.
remember to take your work with you.