Linux 101 : Securing your filesystem - SUID, GUID and the extended files attributes

The SUID and SGID permissions when they are set on a file - allow a regular user to have the same rights over that file as its owner -, and that might present a security risk for our system.

One way to prevent users from assigning these attributes to files is to mount the filesystem with a "nosuid" parameter - in the /etc/fstab file - :

The extended file attributes:

The extended attributes help us add another layer of security around our files. 

These could prevent data from being modified or erased.

To check the extended attributes, we use the below command:

The "e" character on ubuntu/debian machines, means that we are using an ext4 filesystem.

The "a" for "append" attribute tells the filesystem that the file can't be overwritten, but only appended to.

The "i" for "immutable" means that the file is immutable and can't be deleted or modified.

We could set these attributes using the "chattr" command as described below:

Remark:

We can't delete the above file either.

To remove our "append" attribute, we use:

The below command sets the "immutable" flag on a file:

The file "file" can't be deleted, moved or renamed, it can only be viewed.

Post a Comment

Labels#Linux

IkbalC

Random thoughts, and observations about our daily lives, to make us reflect about life in general.