Introduction
A files system security is a critical and integral component of both the Linux and Windows XP file systems on a networking environment. Typically, controlled access to data stored in servers should be provided using a mechanism specific to each of the operating systems mentioned above. File system security is a mechanism that provides secure file access by protecting files on transmission on a network through unauthorized modifications or denial of services. Typically, the Linux command line uses the “chmod” command where the user is able to apply the change the mode typically defined in the syntax descriptive of the user account as “u”, use of the “g” that denotes a group which owns a file, “o” that designates others, and “a” designating all the mentioned elements. On the other hand, the Windows XP security files system is intended to provide string data integrity, with reliable transfer of data over a networked file system on the Windows XP network file systems (NFs).
Linux Security Files System
An investigative report on NFS security provides an overview of largely the same permissions with different attributes as tabulated below:
From the above table, one can note that full control access is in the domain of permissions that allow the modify directory, the read operations, ownership control and capabilities, and the permission to alter or modify the attributes of a file. All other operations for full control are typically detailed in the above table (Atkinson & Kent, 1998)
However, special permissions come with special attributes of files when they are moved on a network file system with special permissions that override the parent directory. A typical example is illustrated on the screen shot shown below typical of the modification of a password. The modification of the password is for administrative user accounts allowing for access privileges to be assigned to the file system administrator (Allison, Hawley, Borr, Muhlestein & Hitz, 1998).
Screen shot for password modification
It is important to note that the validation and verification of the user password to prevent unauthorized access on the Linux file system environment is through the pam_pwcheck.so module implemented as the context of Suse program among others. On the technical implementation level, file system security depends on the features descriptive of the create extent feature as demonstrated below.
Screenshot for file permissions
The above demonstration shows the use of the ls –l command and the resulting behavior of the system. That is typically for a normal user of the system. If the line 3 is examined, one can see the first point of the permission on the first file. A detailed examination of the permissions as mentioned elsewhere on the paper about Linux permission is on three levels Kumar, 2009). The permissions are tabulated below.
Technical research and observations indicate that the Linux command line uses the “chmod” command to enable the user to apply the change mode typically defined in the syntax descriptive of the user account as “u”, use of the “g” that denotes a group which owns a file, “o” that designates others, and “a” designating all the mentioned elements. On the other hand, the Windows XP security files system is intended to provide string data integrity, with reliable transfer of data over a networked file system on the Windows XP network file systems (NFS). A technical demonstration illustrated below (Kumar, 2009).
The flow and use of the alpha character permission can be clearly discerned from the screenshot as being rw-r–r—with the hierarchy of permission at different levels.
However, when intending to change the permissions on say file 1, the “chmod” can be used to modify the permission on the file 1 as mentioned above to enable the users of rwx group as illustrated on the following screenshot.
On the other hand, the “chgrp” command can be used to modify the group owner directory as demso9nstated below.
On the other hand, the acl that requires different levels of access demand that assignment and review permissions be applied at the granularity levels and can be used to modify the /etc/fstab file.
In comparison to Windows XP, the SELinux variant of Linux is typically defined by close to 140 permissions checks irrespective of whoever could be the user. On the other hand, these checks are defined in the context of the Windows XP as mandatory access control referred to as MAC. Security policies on the environment can be implemented through user control mechanisms.
A demonstration of the installation of the fedora allows the user to select the type of policies to be enforced.
An examination of the sestatus –v command used in the Linux environment reveals the following output.
Use of the sestatus –v command
Sticky Bit
In order to understand the use of the whole security system in the context of the Linux operating system file security system environment, the sticky Bit plays a critical role in limiting users from modification and deletion of files and directories in areas of common use by common users.
Typically, the sticky bit permission is designated by the “t” character and allows explicit transfer of information to the kernel for the protection of files as mentioned above. The security enforcement does accounts for even the world-writable environments by offering protection to files in the same environment.
Suppose a file exists with the name and extension, booklist.txt. Suppose the read operation is the only privilege granted a group of users, then, the command, chmod g=r booklist.txt applies. On the other hand, suppose the world is granted the privilege to read the file dates.dat, then the command, chmod o=rw dates.dat, applies. On the other hand, suppose the file system administrator wants to revoke group privileges on the files.lst, then the command chmod g= files.lst invokes the action.
Technically, the Linux environment incorporates a firewall which if the iptables –list command is invoked by a root user, then, a chain of a grouping of rules is identifiably demonstrated as an output below.
A practical example of the sticky Bit with a directory example is demonstrated below.
Sticky example with Directory
Access descriptions are summarized below.
A summary of operations
SUID Bit
On the other hand, the SUID Bit, simply referring to, “set user identity”, automatically defaults the identity of a program to the owner when in the running mode. Further still, the Linux environment allows non-privileged users to accommodate the functions of privileged functions.
An evaluation of the operational functionality and behavior of the system can be exemplified as follows:
The mount command allows a program to run as a root with the suid bit set, a functionality achieved by default. Technically, the default behavior of the operation is demonstrated below.
Example of command for modifying file permissions
One typical observation is that when the suid bit is invoked, it modifies the password of the directory leaving out the root only when using the command: /usr/bin/passwd.
Windows XP Share Level Security
Purpose of share level permissions and machines applicable to share level workgroups.
The purpose of the share level permissions is to allow the user and other parties to have an access to, and view files and directories that are common to groups over the network. The permissions allow users to have controlled access and capabilities to modify data and information contained in files and folders. In addition to that, the permissions allow users to have complete access to files with the entre capability to modify the files in the user groups. Therefore, the three objectives are fulfilled typically describing the three shared level permissions.
The machines affected
The machines affected by the share level permissions in the work group include Stand-alone Servers, print servers, file and print servers, domain member servers, and directory member servers, among others.
Access permissions for the machines
The following is a typical example of the access permission at the machine level.
Typical access permissions at the machine level typical of the machines include the use of the smb.conf file command with the result, [global]
workgroup = DOCS
netbios name = DOCS_SRV
security = share
[data]
comment = Documentation Samba Server
path = /export
read only = Yes
guest only = Yes
Example of access permission
Connecting a shared resource
Two resources can be connected by establishing the parameters descriptive of the DeviceName, using the ComputerNameShareName path. Other parameters will include username, password, and server name.
The role of the SAM in Microsoft sharing
Microsoft SAM is a speech utility mechanism that when invoked as a command allows sharing of speech data and information that is stored in files and related directories.
Windows XP NTFS Security
Purpose of NTFS and Resources affected by File Permissions
The purpose of the Windows XP NTFS security permissions are used to provide controlled access to files and folders. The access levels are determined at the levels of user groups, files and folders. Typically, the attributes that provide controlled access to files extends to files, folders, and sub-folders. Each access level is designated with a specific user level permission.
Access levels can be applied on users who want to perform the read and write operations. That implies that the access levels can be denied a user wanting to make a read operation or a user wanting to make a read operation. However, the read and write operations can be overridden by the use of the Deny command, allowing the security features to be completely overridden.
As discussed in the NTFS on the paper, the folder, and sub folder permissions can be under full control, susceptible to modifications, and can be modified by use of the list Folders Contents commands.
Allison, et. al, (1998) argue that a variety of resources are affected by the permissions include files being moved within a partition when the need to create a new file is not applicable. The solution to the problem is to update the specific location in the directory while maintaining the original attribute of the permission of the file.
Typically, the permissions include, in summary, file and folder permissions, and special folder permissions a discussed below.
Each permission has on files and folders
A detailed evaluation of the access permissions and classification include the all the files, folders, and sub folders mentioned above are tabulated below.
However, it is important to identify the file special permissions granted, the levels of full control attributes, the modify levels, read, and execute privileges as illustrated in the table below.
Special permissions on the tabulated files
On the other hand, the access permissions on various files are tabulated below.
Special permission privileges
In brief, special access permissions are typically a combination of different attributes characteristic of other permissions as an accumulative functionality. It is worth noting that file permissions are given greater prevalence compared with folder permissions.
Difference between the NTFS and the Share level permissions
NTFS permissions are typically defined by the sharing and visibility of the share folders and the server with typically specific levels of access. Typically, the shared level permissions and the NTFS permissions are applicable on a single folder. While the shared level permissions can be effected on the read, write, and other modification controls. A typical example is where shared permissions and NTFS permissions are shown below (Kumar, 2009).
From the view of a group of users, shared permission grants full access while NTFS grants a read level control only. On the other hand, when the shared permission is applied on a group, the NTFS acquires a full control as summarised in the table below.
Advantages of Windows ACL’s compared with the Linux equivalent
Windows can accommodate migrations from Linux while the operating system is running. Windows can support files from Linux on the Samba platform. Windows accommodated configurations from a Linux server environment without any domain on Linux (Atkinson & Kent, 1998).
Conclusion
Networking Environments File System Security for both Linux and Windows XP are mechanisms that provide controlled access to directories, files, folders, and sub folders when either being transmitted over a networked platform or when accessed remotely. The security mechanism allows modifications on the by privileged users of using various commands typical each of each operating system. Examples include the ls –l command, the “r”, “w” operations and the “t” bit. The Windows XP acl and other mechanisms offer more security advantages to Linux on a networking environment. Despite the above investigations, more research needs to be conducted on the kernel structure of the both operating systems to further inform the research.
References
Allison, B., Hawley, R., Borr, A., Muhlestein, M & Hitz, D. (1998). File System Security: Secure Network Data Sharing for NT and UNIX. Washington: Seattle.
Atkinson, R., & Kent, S. (1998). Security architecture. Oxford: Oxford University Press.
Kumar, M. (2009). An Enhanced Remote User Authentication Scheme with Smart Card. International Journal of Network Security, 10 (3), 175-184. Web.