Printable View
I am new in UNIX and I presently not completely aware of any system or security of it. I just require some information or knowledge about UNIX file system. If anyone has any knowledge or any other tip for UNIX file system, then please help me for completely understanding the UNIX system.
“File system security” is regarding making certain your users can just do what you wish them to be able to do. This means that you require system programs to be protected and users to merely be able to mark where you desire them to be capable to perform so.
Device Security :
Device files “/dev/null” and “/dev/tty” and “/dev/console” should be humankind writeable but not at all executable. The majority of device records or files should be incomprehensible and untradeable by ordinary users.
There are some file system listed below which help you for your query.
- NFS Security
Just run NFS (Network File System) as wanted, apply newest patches. When generating your “/etc/exports” file, be sure to utilize limited access flags while probable such as read only or nosuid. By using entirely experienced hostnames, you are definite that just the host you wish to be able to access the file system can access it.
- Script Security
Not at all write “setuid/setgid” shell scripts. In its place, write an accumulated program in a language like "C". Scripts should forever have complete pathnames.
I have one file system that is General Security Measures. Make least writable file systems. Normally, users should just be able to write in their own file path or directories, and “/tmp”. In adding up, there will be directories for a precise group to write within. This method you manage how every user can access precise areas of the system. Always make certain that significant or important files are just accessible by official staff. Use “setuid/setgid” only where required. Cops will discover a lot of these troubles.
There is one file system security “Data Security”. Companies or Corporations that rate their data need a complete backup revival method or scheme. This comprises on site backups for slightest quantity of down time, a reproduction of this data off site in case of computer area tragedies, as well as emergency strategy in position. Unluckily, a simple technique to get access to a company’s data is to increase access to backup tapes and responsive printouts. Therefore, all sensitive information should be accumulated in locked cabinets. Older sensitive printouts and tapes should be smashed or destroyed; to defend against computer injure from power outages and spikes, be sure to have your computers on a UPS. This supplies reliable power, defends against outages, as well as defends the computer from power spikes. Preferably, there should be a backup generator for production systems.