Unix operating system security is well known. But if you say you want a Unix system in the end where the security is estimated that no one can say why and wherefore come. I also can not all of a sudden the security features of Unix systems to everyone his right. I cite here only Unix system installation design three small details. The estimate from three small details, we see the efforts Unix systems engineer in terms of safety and convenience made.
First, with a command of different users different permissions.
Date command is a commonly used Unix system command, which displays the date and time of the system. However, different user roles which have different functions. If so the system administrator user, you can change the system time by this command. But if you execute this command user is a system of ordinary users, this command can only display the time, but can not change the time. That is, by default, only the system administrator can change the system time, but with the modification time and view time is the same command. The system will automatically go to determine whether the current user has the right to modify the time.
This is a Unix system security features useful. On the one hand similar functionality using the same command, to facilitate the operation and maintenance of the system administrator; the other hand, the system will automatically command the authority to review, to ensure users can only take advantage of command consistent with the operation of their own authority. It can be seen, Unix systems, not only in safety and security, which is more valued in conjunction with a safe and convenient. Not for security, management and maintenance at the expense of convenience.
As we all know, free to change the system's date may give cause great negative impact on the system, it will make a number of operations plan confusion. The system may have multiple processes currently running in the background, then the system will be arranged according to the priority of the process, the administrator-defined work plans and so a good time to schedule these processes command execution table, the provision at a particular time to start these operations or processes. At this time if you allow a non-administrator user who arbitrarily change the system time, the system operation may be very confusing. The system administrator for security systems, set up every day 12:30 of the system to back up important files. If the 12 o'clock when the ordinary user to modify the time, the time from 12:00 to 1:00. So then the system would not have the system back up important files. If, unfortunately, the next morning due to some accident in the system hard disk damage or other system faults, the day before because there is no normal backup, the corrupted files will not be repaired. You can freely change the system time will lead to many unpredictable results.
Therefore, from this date command can be seen, Unix systems security design is indeed slightly more astute than other operating systems. Command with a different account with different operating capabilities, which allow Unix systems in the security and convenience to achieve the same.
Second, do not prompt specific error message.
Unix systems with other operating systems, but also to guarantee the basic security of the operating system by the account name and password. However, I believe that Unix in this regard may be considered a little more comprehensive.
Unix system is a multi-user operating system. Typically, Unix systems only allows the user has a login ID and password. Account a list of users often have system administrator for maintenance. System administrators to grant users permission to use the computer and information systems for meter account passwords. Later, when prompted requests for information when the user logs in, the user can only enter the system administrator provided the correct user name and password to be able to log in to the operating system. Such as when the system after the logon prompt, it means that the system terminal allows a user to log in via username and password. After you enter the account name, and then press the Enter key, you need to enter a password. The system will ask the user to enter the exact password to authenticate. After the case the user enter a password error (user name and accurate), then the system will only vague hints "login incorrect" (landing not accurate). Without prompting the user in the end goes wrong is wrong and wrong password or user name input errors.
The vague hints, will cause some obstacles to illegal attacker. Since the attacker does not know in the end illegal is wrong password or account name is wrong and this will increase the cost of the other attacks. Or, the prompt for the attacker, there are some more or less deceptive. However, this measure we can clearly improve the security of the system. Perhaps some employees would complain about such a design - friendly too bad. Not only to deceive the attacker, but also to deceive the ordinary user. However, from the security, this security measure is still necessary.
Also worth mentioning is that when the user logs, Unix system, even went to other operating systems, provides a higher level of security measures. That is, when a user logs on to the Unix system, according to the system security policy, allowing users forced to change the administrator password conferred. At this point the user is best able to immediately change the default password, set a password that only you know (with administrator may not know). After all, account name or password, if too many people know it, the operating system will bring some security risk.
When the Unix system in the landing if the user name or password validation error, the system does not provide detailed error information to prevent illegal attacker to find the cause of the error, increase the difficulty of their attacks. In fact, these similar security measures in Unix systems are everywhere. In a subsequent article, the author may also repeatedly talked about this security feature. From this small safe design, you can see the Unix operating system security really is not blowing.
Third, the output is not with the corresponding header.
Who can use the command to display the current user's login details, such as user name, approach landing, landing time and so on. In the Linux system has a similar function. However, there are differences between the two systems.
If, after the implementation of who command, will appear in the Unix system follows a similar format.
This result shows that the current system of landing those two, both for Oracle (operating system allow the same account login to the operating system through various channels, which is a characteristic of Unix systems can also be a solid line in the Linux operating system similar function, but not like in the Microsoft operating system.) route is displayed after the user logged in, login time, and so on. But let a lot of Unix systems beginners feel troubled by is that there is not even in the output of a corresponding table explain the meaning of each column header. This may make people think that look is not very friendly and the Unix operating system, but it can protect the security of Unix systems. Advanced security policy as some Unix systems are based on this feature implemented.
In addition, since the user information has a very important value, so this some security protection on a greater significance. A system administrator who can be extracted from the output of the command part of the data for the next command. As the author often use this content to the system currently logged in users to send messages. The author has designed a small program, every Friday, when (use the date command to extract every Friday from the date of the resulting output) to the current system login account (using the who command to extract one of the user-id value of a) then you can give all currently account for login to send mail through mailx command. System engineers can achieve a similar charge of maintenance functions via simple commands, this is the Unix system with the advantages of other operating systems lies.
In addition to sending e-mail, system engineers can also use this command to display the results who achieve some additional features, such as sending a message to save the currently logged on user requirements from the current job and log off the operating system, or even forced to disconnect users connected to this unit, and so on. If we do not who it is the result of information for a certain degree of protection, then a great deal of security threats to give Unix systems.
In fact, in addition to the who command a similar situation, there are many Unix systems. It is this consideration all the details, just to protect the security of the entire Unix system. From the one hand, Unix systems and sometimes even at the expense of friendly interface, to achieve security of the system, is also acceptable.