I am looking for the some document/presentation which will give me an idea about different File and Directory attributes available on Windows, Mac and Linux file system. Also wanted to know Common attributes present across all three Operating systems. I want to cross verify my work.
Thanks,
Omky
First, you want to check the File system rather the OS, is mostly a File system feature, not OS, the Operative System can "support" or not all FS features.
On Linux and OSX, there is a UNIX standard, you have the common owner/group/other where a File contains a user owner (just a user) and a group owner (a group contains a list of users).
With that knowledge, you can set permissions like read/write/executable permissions for the owner of file, the group of file and a "non user non member of the group".
Example:
I have a file called hello.out and I want to restrict a "modification" for EVERY user, but my user only can execute it and every user can read it. I will set permission 544. the first value, 5 will provide read and execute to owner, the second value, 4 will provide only read to group, and the third value, another 4, will provide only read to any other user.
You have extended permissions on some UNIX file systems, on EXT2/3/4 and others, you can set permissions for a specific user (File system extended attributes). Also, you have some "flags" with special features, like provide a root execution with the SUID flag or force exclusivity of files on a directory to owner with the sticky flag.
More info about UNIX permissions here: http://en.wikipedia.org/wiki/File_system_permissions
On Windows instead, is hard to say, first, you have FAT16/32, there is no permissions with this File system. Using FAT16/32 on Linux can "emulate" a UNIX permission, but is global for all files and will not be stored on File system.
For File systems like NTFS, is pretty similar to UNIX, but you have a longer list of control for actions on the file or folder, but basically you have read/write/read and execute/list files/modify/full permission.
For more info, you can find every basic and special attributes here: http://technet.microsoft.com/en-us/library/bb727008.aspx
Related
CWE-61 is about soft links. The basic idea is that attackers point a normal file to other system files or unexpected files through soft links to achieve arbitrary write purposes.
But I have a question, if user A tries to point fileA to fileB through a soft link and exploits this vulnerability to modify fileB; Isn't A required to have the read and write permissions on fileB? (or user A can run the program as root)
If user A already has this permission, why does user A need to use CWE-61 to modify fileB?
Say I have normal 15 user groups and 1 admin group. I have a file directory /ReadingMaterial which has 15 text files inside of it. I want the admin group to have read/write permissions to the entire directory (all 15 files). I want the user groups to only be able to read 1 specific file inside the directory. For example, UserGroup1 will only have read access to the file called UserGroup1Material.txt
I can't find the command required tho anywhere with searching, found dozens of pages which go over simply creating or editing groups and files as a whole (owners, groups, users), but none for individual groups on their own.
I'm pretty sure it can be done, but for the life of me cannot find it anywhere with google searches or in the manual
You can change the group ownership of the file with chgrp and change its permission so that only the users of UserGroup1, and its creator, are allowed to have read access to your file :
chgrp UserGroup1 UserGroup1Material.txt
chmod 440 UserGroup1Material.txt
In Samba share directory and file will be create by username and group name that's why I have to use sticky permission:
Chmod 1770 /testfolder
In this permission user can create file and folder.
Anyone can help me how can i restricted to delete file and folder.
how can I restrict users to delete file and folder.
Or, in other words, is there a permission such that a user can add files to a directory, but not delete them?
NO. The write permission given to a directory lets the user modify that directory, which means create new entries, but also means delete entries. Both operations, in fact, modify the directory, i.e. the list of files contained there. It would be very handy to discriminate between adding a file and deleting it - but things are not so.
But, depending on OS and file system, may be you can set a special attribute on a directory:
chattr -d +a nodelete/
will give the special attribute "append only" to the specified directory. "Append only" means you can create but not delete or overwrite. That will achieve, presumably, exactly what you want; see documentation for chattr, it could be your friend.
I am trying to create a unique id and attach it to a LabVIEW file so that later I can read back that id and know I am looking at exactly the same file. I must be able to generate the id and read it back programmatically. The information must be hidden from the user accessing the file and persist across operating systems and storage mediums.
I was thinking of just adding it into the file 'comment' section, but it appears the Windows no longer supports file comments.
Any ideas?
I would suggest using the Set Tag method on the VI (with persistence) and saving multiple copies of the VI using the Save Instrument method, where each copy would then have its own unique value of the tag. Note that the method is defined as a scripting method, so you would probably need to enable scripting in the LV options to access it.
I don't think there's any API for enumerating tags, so there would be no way to find the value unless you know what the tag is called. Obviously, it's encoded somewhere in the VI file itself, and presumably it would be possible to extract a list of tags if you know the structure of the file, but that's not knowledge I would expect most students to have.
I'm not sure if you can call the set tag method from Python using an external connection to VI server, but certainly the LV code for this should be pretty simple - basically a for loop with ID generation, a couple of method calls and saving a CSV file so you can keep track of which ID belongs to which student. If you use existing IDs, you don't even need to generate and save the IDs.
I want to add some files to C:\windows\XXX (windows protected folder, in Vista), under the "TrustedInstaller" for my application. I do not want to replace any file so no issues on Windows Resource(formerly file) protection.
I have the code to change "ownership" to the current logged in admin, however, I'm don't have any clue how to set its file permissions programmatically. I'm using VC++/MFC for development.
Thanks
I not 100% sure what you actually want (as do you want it to look like TrustedInstaller installed the files?) but look at this example of using SetNamedSecurityInfo. You generally need to constuct a Discretionary Access Control List (DACL) for your file, however you can "borrow" one off another file with the permissions you want to clone using GetNamedSecurityInfo as building a DACL from scratch is considerably more annoying.
An easy way to do it is to just use the system function to run icacls with whichever parameters you need. Note that it's found in cstdlib (#include <cstdlib>)
system("icacls <params>");