December 14, 2019
Amitraj
Security
• The pluggable authentication modules (PAM) system is
available under Linux.
• PAM is based on a shared library that can be used by any
system component that needs to authenticate users.
• Access control under UNIX systems, including Linux, is
performed through the use of unique numeric identifiers (uid
and gid).
• Access control is performed by assigning objects a protection
mask, which specifies which access modes—read, write, or
execute—are to be granted to processes with owner, group, or
world access.
• Linux augments the standard UNIX setuid mechanism in two
ways:
–> It implements the POSIX specification’s saved user-id
mechanism, which allows a process to repeatedly drop and
reaquire its effective uid
–> It has added a process characteristic that grants just a
subset of the rights of the effective uid.
• Linux provides another mechanism that allows a client to
selectively pass access to a single file to some server process,
without granting it any other privileges
• The pluggable authentication modules (PAM) system is
available under Linux.
• PAM is based on a shared library that can be used by any
system component that needs to authenticate users.
• Access control under UNIX systems, including Linux, is
performed through the use of unique numeric identifiers (uid
and gid).
• Access control is performed by assigning objects a protection
mask, which specifies which access modes—read, write, or
execute—are to be granted to processes with owner, group, or
world access.
• Linux augments the standard UNIX setuid mechanism in two
ways:
–> It implements the POSIX specification’s saved user-id
mechanism, which allows a process to repeatedly drop and
reaquire its effective uid
–> It has added a process characteristic that grants just a
subset of the rights of the effective uid.
• Linux provides another mechanism that allows a client to
selectively pass access to a single file to some server process,
without granting it any other privileges
