System security in UNIX

Preteen reboots a UNIX system

Unix security refers to the means of securing a Unix or Unix-like operating system. A secure environment is achieved not only by the design concepts of these operating systems, but also through vigilant user and administrative practices.

Permissions[edit]

Permissions on a file are commonly set using the chmod command and seen through the ls command. For example:

Unix permissions permit different users access to a file. Different user groups have different permissions on a file.

More advanced Unix filesystems include the Access Control List concept which allows permissions to be granted to multiple users or groups. An Access Control List may be used to grant permission to additional individual users or groups. For example:

/pvr [u::rwx, g::r-x, o::r-x/u::rwx, u:sue:rwx, g::r-x, m::rwx, o::r-x]

In this example, which is from the chacl command on the Linux operating system, the user sue is granted write permission to the /pvr directory.

User groups[edit]

Users under Unix style operating systems often belong to managed groups with specific access permissions. This enables users to be grouped by the level of access they have to this system. Many Unix implementations add an additional layer of security by requiring that a user be a member of the user privileges group in order to access the su command.

Issues[edit]

Most Unix and Unix-like systems have an account or group which enables a user to exact complete control over the system, often known as a root account. If access to this account is gained by an unwanted user, this results in a complete breach of the system. A root account however is necessary for administrative purposes, and for the above security reasons the root account is seldom used for day to day purposes (the sudo program is more commonly used), so usage of the root account can be more closely monitored.

Root access "as it should be" can be visualised by those familiar with the Superman stories using the following analogy:

Using a root account is rather like being Superman; an administrator's regular user is more like Clark Kent. Clark Kent becomes Superman for only as long as necessary, in order to save people. He then reverts to his "disguise". Root access should be used in the same fashion. The Clark Kent disguise doesn't really restrict him though, as he is still able to use his super powers. This is analogous to using the sudo program.

User and administrative techniques[edit]

Unix has many tools that can improve security if used properly by users and administrators.

Passwords[edit]

You might also like

Alternative Open Source Hosting Control Panels  — TheHostingNews.com
Zpanel – Written in PHP, Zpanel is light and flexible, working on Windows, Linux and other Unix-like operating systems. It supports modules, themes and more.