UID, GID, sticky ("") .
Userid li.
, ( ) . root.
Inode UID GID , . UID ( GID) /etc/passwd ( /etc/group), (UID GID).
UNIX 12 . , - r/w/x //. . :
1. UID ( suid);
2. GID ( sgid);
3. Sticky ( "") ( svtx).
, "rwxrwxrwx". , "x" .
Suid , "x" "rwx" "s", .. Suid , UID . ( UID , .)
:
-r-sr-xr-x 1 root sys 3254 Jun 1 11:30 myprog
myprog suid. ( alex) myprog, root. root , .
, , myprog ( - ). myprog ( suid root), root. , , root.
( suid root) "". AIX , suid- .
chmod, 4 .
Suid ( chmod) root. cp.
, suid root.
suid root. , , , .
:
-rw------- 1 alex eng 5432 Jun 2 13:45 mydata -r-sr-xr-x 1 alex eng 2345 Jun 1 11:30 myprog
myprog. userid alex mydata. myprog, myprog suid, alex, mydata , myprog.
AIX suid root. , ( , suid root) , - -.
AIX , (.Trusted Computing Base).
GID (sgid) suid, . Sgid , , , .
AIX suid sgid . "" suid UID . UNIX suid.
, . , AIX.
. , , . UNIX. , , .
( ), . - , , , /tmp, -. , , -. (, root .)
, , - ; .
( ) . , , , .
:
-r--rw-rwx 1 alex xyz 3210 Jun 3 15:15 mystuff
mystuff , , . (alex) . ( , , , , , .) xyz . - ( xyz) , , .
, , , - . , , "".
, . , , , . "---". - , .
( ) . chmod. , , , , umask.
, UNIX, umask . , ("rwxrwxrwx" ( 777) , "rw-rw-rw-" ( - 666) ) , umask ( ).
umask - 022. , : 666 022 = 644 = rw-r--r-- ( ) 777 022 = 755 = rwxr-xr-x ( )
022 027 077: 666 027=640=rw-r----- ( ) 777 027=750=rwxr-x--- ( )
umask - , umask ( ).
. umask $HOME/.profile . , .
umask SMIT. umask ( ).
UNIX, AIX, (timestamps) ( ). . Timestamps:
1. atime. - . , - .
2. ctime. - inode . ( - , , , ) inode , , , , ( ), ..
3. mtime. - . , . root.
ls mtime. -c -, ctime. -u , atime. timestamps.
AIX . - (ACL). - "" UNIX. UNIX ACL-, .
ACL AIX , . , ACL . .
( ) " " ( ) ACL ( ). ACL ACL.
acl- :
: SUID, or SGID or SVTX
:
(): rw
(): r-x
: -wx
: SUID setuid SGID setgid SVTX Savetext ( )
. (, , ) , , , , .
ACL , .
:
permit .
deny .
specify .
. "" . - . chmod - .
:
attributes: SUID, or SGID or SVTX : owner(alex): rw group(system): r-x others: --extended permissions: enabled permit rw- u:dhs deny r-- u:chas, g:system specify r-- u:lena, g:gateway, g:mail permit rw- g:account, g:finance
: .
, ACL ; .
, dhs (r) (w).
(r) chas, - system.
, lena (r), - gateway mail.
, , account finance.
ACL , . ACL , .
, GROUP1 GROUP2. ACL GROUP1 GROUP2.
:
1. SPECIFY ( userid), SPECIFY . SPECIFY, ( - userid), SPECIFY.
2. PERMIT () ( ) .
3. DENY () ( ) .
SPECIFY .
DENY PERMIT, DENY PERMIT. , - . , , ACL DENY groupids .
SPECIFY.
ACL, - ACL, chmod, .
:
aclget ACL .
aclput ACL
acledit aclget aclput.
acledit ( , EDITOR). EDITOR .
: EDITOR = /usr/bin/vi EDITOR = /usr/bin/e
: chmod ACL. - . chmod - .
hmod ( "") . ACL ( ). ACL, chmod , ACL.
, chmod + rw myfile, chmod 644 myfile. , . .
tcbck ACL (..139).
- . AIX .
errpt , SMIT :
SMIT -Problem Determination --Error Log ---Generate Error Report Change / Show Characteristics of Error Log Clean Error Log
. , errupdate. .
, ( errdemon ).
SMIT:
SMIT -System Environment --Change / Show Characteristics of Operating System
.
AIX UNIX . ls -l "l" .
:
lrwxrwxrwx 1 root system 5 Jul 22 1993 u -> home
, u. . . , .
, u home ( , u home- , ).
UNIX ( AIX) , . - , . .
, .
AIX - . SVTX. , . !
AIX, root chown, . . , .
, AIX, test, , "test".
, AIX suid . suid . root, root.
(unowned files) , . ( SMIT, ), ( ) . ( ls li) UID. : , mailbox.
find , , . find / -user username -print username. , ( chown). . find / -nouser -print.
- , /dev/console. !!
, (LAN) (WAN), . , :
1. TCP/IP:
, TCP/IP ( Internet).
, "" .
2. Dial-in ASCII .
3. Uucp. (, - dial-in , uucp ).
4. , SNA.
, . .
. " " , . , . :
1. .
2. ( , , ) .
( ). , . ( ) . , . , , .
(firewall), , .
.
, DCE (. DCE) . DCE. DCE .
, ( ) , .
TCP/IP . - ftp, rexec, telnet. . .
, telnet ( , telnet) , , .
securetcpip "" TCP/IP. securetcpip , , "" .
securetcpip - , , /etc/inetd.conf chmod, 000 (---------).
securetcpip . SRC, : STOPSRC -G TCPIP , TCP/IP. : SECURETCPIP
securetcpip, :
:
rshd rlogind tftpd
:
rlogin rcp rsh tftp trpt
securetcpip , /etc/inetd.conf , .
.
securetcpip /etc/security/config, , $HOME/.netrc, ftp rexec. , telnet rlogin rsh, ftp tftp rcp, rexec rsh.
: X- tftp, X- AIX. , X- tftp, securetcpip.
/etc/hosts , . IP . /etc/hosts:
9.12.2.32 gateway 9.12.2.95 bill 128.100.1.4 dtp
/etc/hosts , ( DNS), IP . , , /etc/hosts . . .
TCP/IP. inetd TCP/IP, . , telnet, inetd telnetd. TCP/IP, . TCP/IP, .
- (DNS), . /etc/resolv.conf . . /etc/named.boot, /etc/named.ca, /etc/named.local /etc/named.data.
netstat . . , : netstat -p tcp TCP/IP . . , - . netstat, .
, AIX (Trusted Computing Base (TCB)). TCB :
1. ()
2. , tcbck
3.
4.
5.
6.
7.
TCB AIX . TCB, tcbck, .
; TCB " " .
TCB . TCB, , . ? …
TCB . TCB , AIX. , , . . TCB , , .
, TCB ( ) suid root, ( c ) .
TCB suid root, .
(Trusted Computing Base (TCB)) - , "" ("") . TCB AIX, (), passwd, . , /etc/passwd, . , , , , . .
, , . AIX TCB , IBM , .
TCB ( AIX TCB; ).
TCB, , , . (, , , , ..) /etc/security/sysck. tcbck , (, , , .
/, TCB , .
/etc/security/sysck.cfg ( pg) , . AIX TCB- inodes. , TCB , .
(Trusted Shell) TCB , TCB inode.
TCB- ( root) chtcb.
AIX TCB, /etc/security/sysck.cfg, TCB.
tcbck -n ALL
.
tcbck "p" "y", , , , , .
. , , .
tcbck, . , TCB.
, UNIX, . : "" - ? , , , , , . , , , . userid . ( "" ). , . . - UNIX, UNIX.
AIX SAK . . SAK- .
SAK :
1. -. tpath , SAK (tsh), .
2. , SAK , tpath , ; .
, (, sak-) 600 ( 622, ).
SAK, ( SMIT ) sak_enable=true /etc/security/login.cfg. ( ), .
SAK Ctrl-x Ctrl-r.
- SAK, /etc/security/login.cfg:
/dev/console:
synonym = /dev/lft0
, tpath /etc/security/user. SMIT.
:
1. tpath=nosak. - , . SAK , . SAK .
2. tpath=on. SAK . SAK .
3. tpath=always. ( SAK) . , .
4. tpath=notsh. , SAK, , .
, tsh, , TCB-, . , .
SAK , , ( ), , .
"" , .
, SAK " " . , , :
1. , Ctrl-x Ctrl-r (SAK-). ( ). - , SAK . , SAK , .
2. .
3. , .
4. tsh, sh. .
() . , , . , , , .
, , . . .
, .
. , .
1. , / .
2. , . , mkuser . , mkuser.
3. , , , (, DB2) ( CICS). .
, , . " ", . , .
. , .
:
1. ( ) .
2. "" . .
userid root, . , root. , , , , .
root userid :
1. ( CD-ROM).
2. , shutdown -F ( root ).
3. , SERVICE ( ), .
4. F1.
5. "System Maintenance&q