DOCSLIB.ORG

Application-Defined Decentralized Access Control

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Application-Defined Decentralized Access Control Application-Defined Decentralized Access Control Yuanzhong Xu and Alan M. Dunn, The University of Texas at Austin; Owen S. Hofmann, Google, Inc.; Michael Z. Lee, Syed Akbar Mehdi, and Emmett Witchel, The University of Texas at Austin https://www.usenix.org/conference/atc14/technical-sessions/presentation/xu This paper is included in the Proceedings of USENIX ATC ’14: 2014 USENIX Annual Technical Conference. June 19–20, 2014 • Philadelphia, PA 978-1-931971-10-2 Open access to the Proceedings of USENIX ATC ’14: 2014 USENIX Annual Technical Conference is sponsored by USENIX. Application-Defined Decentralized Access Control Yuanzhong Xu Alan M. Dunn Owen S. Hofmann ∗ Michael Z. Lee Syed Akbar Mehdi Emmett Witchel The University of Texas at Austin Google, Inc.∗ Abstract Decentralized privilege. In Linux and Windows, users and groups are principals, and can be assigned privileges. DCAC is a practical OS-level access control system that A user might consider creating another user (a “sub- supports application-defined principals. It allows normal principal”) and assigning it a subset of her privileges. users to perform administrative operations within their This allows an application to run as the sub-principal, privilege, enabling isolation and privilege separation for and thus with restricted privileges compared to the case applications. It does not require centralized policy spec- where the user directly runs the application. However, on ification or management, giving applications freedom to Linux and Windows, administrative functions on users manage their principals while the policies are still en- and groups require root privilege. As a result, current OS- forced by the OS. DCAC uses hierarchically-named at- level access control does not allow many applications to tributes as a generic framework for user-defined policies run with least privilege. such as groups defined by normal users. For both local DCAC decentralizes administrator privilege: a nor- and networked file systems, its execution time overhead mal user can perform administrative operations within is between 0%–9% on file system microbenchmarks, and her privilege, like creating principals with subsets of her under 1% on applications. privilege. Privilege separation makes complex applica- This paper shows the design and implementation of tions more difficult to exploit. But current systems re- DCAC, as well as several real-world use cases, includ- quire administrative involvement to install and deploy ing sandboxing applications, enforcing server applica- privilege-separated software. tions’ security policies, supporting NFS, and authenticat- For example, the suEXEC feature of Apache HTTP ing user-defined sub-principals in SSH, all with minimal Server allows it to run CGI and SSI programs under UIDs code changes. different from the UID of the calling web server, by using 1. Introduction setuid binaries. However, creating UIDs for CGI/SSI programs and setting up the setuid binaries requires Continued high-profile computer security failures and administrator privilege. Not only can use of administra- data breaches demonstrate that computer security for ap- tive privilege require human involvement, it also adds op- plications is abysmal. While there is extensive research portunities for configuration mistakes that can actually into novel security and access control models little of harm security. The suEXEC documentation1 warns the this work has an impact on practice. Instead of appli- user, “if suEXEC is improperly configured, it can cause cations consistently reimplementing security vulnerabili- any number of problems and possibly create new holes ties, they need a practical and expressive way to use thor- in your computer’s security. If you aren’t familiar with oughly debugged system-level primitives to achieve best managing setuid root programs and the security issues security practices. they present, we highly recommend that you not con- DCAC (DeCentralized Access Control) is our attempt sider using suEXEC.” By contrast, DCAC allows forms to make modern security mechanisms practical for ac- of privilege separation, like delegating user privileges to cess control. It has three distinguishing characteristics: it sub-principals, that even in the case of a configuration is decentralized in privilege, decentralized in policy spec- mistake, limit the effect of a compromise to the privi- ification, and allows application-defined principals and leges of the original user. synchronization requirements. Although DCAC greatly OS-level access increases the flexibility of access control, it retains a Decentralized policy specification. control typically defines its principals and policies in a familiar model of operation, with per-process metadata centralized, secure location, such as the /etc/group checked against per-object ACLs to determine the al- file, the policy.conf file in SELinux, or a central pol- lowed access. It relies on the standard OS infrastructure icy server (e.g., a Lightweight Directory Access Protocol of a hierarchical file namespace, extended file attributes, (LDAP) server). DCAC decentralizes policy specifica- and file descriptors. It is practical for distributed envi- tion: policies are stored in files and file metadata at arbi- ronments because it avoids requiring centralized storage, trary locations. DCAC generalizes the setuid mecha- consistency, or management. nism of Unix, allowing processes to use the file system 1 ∗ Work completed while at the University of Texas at Austin. http://httpd.apache.org/docs/2.4/suexec.html USENIX Association 2014 USENIX Annual Technical Conference 395 to gain fine-grained, user-defined privileges (i.e., not just 2. Modern access control idioms root). With DCAC, applications control their privileges with a mechanism implemented and enforced by the op- We discuss three access control idioms common in to- erating system, but without central coordination. day’s web-connected applications that are difficult to DCAC is particularly practical for distributed environ- achieve in modern systems: sandboxing, ad hoc shar- ments, e.g., where machines share a file system via NFS. ing, and managing users. Because these idioms are not In such an environment, applications simply use the file well served by current system security abstractions, ap- system to express access control policy, and any host that plications constantly reimplement these idioms, and im- mounts the file system will enforce identical access con- plement them poorly. Section 3.2 shows how DCAC sup- trol rules. DCAC does not add its own synchronization ports them more naturally than current systems. requirements, such as entries in a central database. Ap- Privilege separation/Sandboxing. Suppose Alice wish- plications make all access control decisions with access es to run a photo management program. By default, her only to their own files. In contrast, a centralized policy program will run with the same privileges as her user server might become a bottleneck when policy queries account. However, routines for interpreting file formats and updates are frequent, as in many server applications. are often subject to exploitable bugs (such as in the zlib library used to decompress .png files [1]). If Alice re- Application-defined principals: attributes. Attributes ceives photos from untrusted sources, or even if Alice make applications simpler and more secure by allowing makes a mistake, all of her potentially sensitive files are them to use access control implemented by the operating endangered, rather than just those that should be man- system rather than reimplementing their own. Traditional aged by her photo management application. Running OS principals, such as users, are heavy-weight abstrac- untrusted or partially-trusted applications has become tions that cannot be directly used by applications e.g., a commonplace, as users frequently download applications web application that manages its own users. from less than trusted sources, or run applications that are DCAC attributes are hierarchically named strings. often exploitable, such as pdf viewers. Strings are separated into components by the “.” char- In order to separate her application into a separate acter. The string .u.alice can represent the user Alice, privilege domain, Alice must contact an administrator to but applications are free to define their own encodings create a new user (e.g. alice-photos), potentially create a and even their own principals. For example, the string new group containing both her and alice-photos so that .p.387.1357771171 might be a principal referring to a she may easily share files, and install support for running process with identifier 387 started about 1.4 billion sec- her desired application as the new user, such as via a onds after January 1, 1970; .app.browser.password setuid binary. While it is possible to enforce privilege might be a component of a browser that is responsible restriction without superuser support, solutions that do so for storing and retrieving the user’s passwords. A pro- require complex application-level support (such as in the cess may carry multiple attributes simultaneously. Chromium web browser [6]) that are easy to get wrong, with disastrous results (e.g., the frequent exploits enabled by bugs in the Java VM’s sandboxing mechanism [2, 3]). Practicality. DCAC combines ideas from mandatory This scenario is an example of privilege separation, access control (MAC) systems [7, 16], sandboxing [6], a well-known technique for building secure applica- and decentralized information flow control
Load more

Recommended publications
  • Managing File Systems in Oracle® Solaris 11.4
    ® Managing File Systems in Oracle Solaris 11.4 Part No: E61016 November 2020 Managing File Systems in Oracle Solaris 11.4 Part No: E61016 Copyright © 2004, 2020, Oracle and/or its affiliates. License Restrictions Warranty/Consequential Damages Disclaimer This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. Warranty Disclaimer The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. Restricted Rights Notice If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial
    [Show full text]
  • File System Interface Hui Chen Department of Computer & Information Science CUNY Brooklyn College
    CISC 3320 File System Interface Hui Chen Department of Computer & Information Science CUNY Brooklyn College 12/2/2019 CUNY | Brooklyn College 1 Acknowledgement • These slides are a revision of the slides provided by the authors of the textbook via the publisher of the textbook 12/2/2019 CUNY | Brooklyn College 2 Outline • File System Interface • File Concept • Access Methods • Disk and Directory Structure • File-System Mounting • File Sharing • Protection 12/2/2019 CUNY | Brooklyn College 3 File Concept • Contiguous logical address space • Types: • Data • numeric • character • binary • Program • Contents defined by file’s creator • Many types • Consider text file, source file, executable file 12/2/2019 CUNY | Brooklyn College 4 File Attributes • Name – only information kept in human-readable form • Identifier – unique tag (number) identifies file within file system • Type – needed for systems that support different types • Location – pointer to file location on device • Size – current file size • Protection – controls who can do reading, writing, executing • Time, date, and user identification – data for protection, security, and usage monitoring • Information about files are kept in the directory structure, which is maintained on the disk • Many variations, including extended file attributes such as file checksum • Information kept in the directory structure 12/2/2019 CUNY | Brooklyn College 5 File Info/Properties: Examples 12/2/2019 CUNY | Brooklyn College 6 File Operations • File is an abstract data type • Create • Write – at write
    [Show full text]
  • File System (Interface)
    File System (Interface) Dave Eckhardt [email protected] 1 Synchronization Today Chapter 11, File system interface Not: remote/distributed (11.5.2!!) Don't forget about Chapter 13 Reviewing might help demystify readline() some “Fourth Wave” of readings posted to web site 2 Synchronization Two interesting papers about disks http://www.seagate.com/content/docs/pdf/whitepaper/ D2c_More_than_Interface_ATA_vs_SCSI_042003.p df Google for “200 ways to revive a hard drive” 3 What's a file? Abstraction of persistent storage Hide details of storage devices sector addressing: CHS vs. LBA SCSI vs. IDE Logical grouping of data May be physically scattered Programs, data Some internal structure 4 Typical file attributes Name – 14? 8.3? 255? Unicode? ASCII? 6-bit? RADIX-50? Identifier - “file number” Type (or not) Location – device, location Size – real or otherwise Protection – Who can do what? Time, date, last modifier – monitoring, curiousity 5 “Extended” file attributes BSD Unix archived nodump append-only (user/system) immutable (user/system) MacOS icon color 6 Operations on Files Create – locate space, enter into directory Write, Read – according to position pointer/cursor Seek – adjust position pointer Delete – remove from directory, release space Truncate Trim data from end Often all of it Append, Rename 7 Open-file State Expensive to specify name for each read()/write() String-based operation Directory look-up “Open-file” structure stores File-system / partition File-system-relative file number Read vs. write Cursor position 8 Open files (Unix Model) “In-core” / “Open file” file state Mirror of on-disk structure File number, size, permissions, modification time, ... Housekeeping info Back pointer to containing file system #readers, #writers Most-recently-read block How to access file (vector of methods) Pointer to file's type-specific data Shared when file is opened multiple times 9 Open files (Unix Model) “File-open” state (result of one open() call) Access mode (read vs.
    [Show full text]
  • A File Management System Based on Overlapping Sets of Tags
    VennTags: A File Management System based on Overlapping Sets of Tags N. Albadri1, Stijn Dekeyser1, Richard Watson1 1University of Southern Queensland, Australia Abstract File systems (FS) are an essential part of operating systems in that they are responsible for storing and organising files and then retrieving those when needed. Because of the high capacity of modern storage devices and the growing number of files stored, the traditional FS model is no longer able to meet modern users’ needs in terms of storing and retrieving files. So using metadata emerges as an efficacy solution for the limitations of file systems. In this paper we propose a new model dubbed VennTags to solve the FS problems. We do this by utilising the idea of overlapping the sets as in Venn diagram, and adopting DAG structure (instead of tree) to achieve that we have used tagging capability and exposed a query language at the level of the API. We evaluate the expressive power of VennTags model that shows its ability to resolve the FS limitations compared to other solutions. Citation: Albadri, N. Dekeyser, S., & Watson, R. (2017). VennTags: A File Management System based on Overlapping Sets of Tags. In iConference 2017 Proceedings, Vol. 2 (pp. 1-14). https://doi.org/10.9776/17002 Keywords: Operating Systems, File systems, metadata, tagging, Directed Acyclic Graph Contact: [email protected], [email protected], [email protected] 1 Introduction Personal computer systems, mobile and cloud-based as well as desktop oriented, are permanent companions in users daily lives, for both private and professional activities.
    [Show full text]
  • Sistemul De Fisiere
    Operating Systems Course #6 Filesystems Răzvan Daniel ZOTA Faculty of Cybernetics, Statistics and Economic Informatics [email protected] http://zota.ase.ro/os Introduction to filesystems What is a filesystem? • A filesystem is an integral part of an operating system, consisting of files, directories and all the information needed to access, locate (and recover, if needed) and manipulate them. 2 File system structure – Unix/Linux File System Structure Unix Operating System “Root” Directory Unix Operating System “Root” Directory / bin dev etc lib opt tmp usr var P K jdk-1.1 bin lib man spool 3Com SCO Skunk97 acct cron mail terminfo uucp 3 File system structure – Windows Example: 4 The most important Unix directories /bin UNIX commands /dev Devices directory Files required to boot the system and communicate, and /etc scripts to control the boot process /kernel Contains the kernel and drivers for the kernel /mnt The “mount” directory; reserved for mounting filesystems /opt locally installed packages and files Files required to start the system and scripts to control /sbin the boot process /shlib Shared libraries /tmp Temporary directory /usr User routines 5 The most important Linux directories /bin Binary (executable) files – basic system programs System boot directory. The kernel, module links, system /boot map, and boot manager reside here /dev Devices directory /etc System wide configuration scripts Process directory. Contains information and statistics /proc about running processes and kernel parameters System wide device directory. Contains information and /sys statistics about device and device names /tmp Temporary directory /usr/bin More system binaries /usr/local/bin Miscellaneous binaries local to the particular machine /usr/share/doc Documentation for installed packages 6 OSs and supported filesystems OS Filesystems Windows 7/8/10 NTFS, FAT16, FAT32 Mac OS X HFS+ (Hierarchical File System Plus) Linux Ext 2, Ext 3, Ext 4 •NTFS (New Technology File System)- was introduced in Windows NT and at present is major file system for Windows.
    [Show full text]
  • 8276 Nutanix Category: Standards Track M
    Internet Engineering Task Force (IETF) M. Naik Request for Comments: 8276 Nutanix Category: Standards Track M. Eshel ISSN: 2070-1721 IBM Almaden December 2017 File System Extended Attributes in NFSv4 Abstract This document describes an optional feature extending the NFSv4 protocol. This feature allows extended attributes (hereinafter also referred to as xattrs) to be interrogated and manipulated using NFSv4 clients. Xattrs are provided by a file system to associate opaque metadata, not interpreted by the file system, with files and directories. Such support is present in many modern local file systems. New file attributes are provided to allow clients to query the server for xattr support, with that support consisting of new operations to get and set xattrs on file system objects. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8276. Naik & Eshel Standards Track [Page 1] RFC 8276 Extended Attributes in NFSv4 December 2017 Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document.
    [Show full text]
  • File-System Interface
    C H A P T E R File -System 11 Interface For most users, the file system is the most visible aspect of an operating system. It provides the mechanism for on-line storage of and access to both data and programs of the operating system and all the users of the computer system. The file system consists of two distinct parts: a collection of files, each storing related data, and a directory structure, which organizes and provides information about all the files in the system. File systems live on devices, which we described in the preceding chapter and will continue to discuss in the following one. In this chapter, we consider the various aspects of files and the major directory structures. We also discuss the semantics of sharing files among multiple processes, users, and computers. Finally, we discuss ways to handle file protection, necessary when we have multiple users and we want to control who may access files and how files may be accessed. CHAPTER OBJECTIVES • To explain the function of file systems. • To describe the interfaces to file systems. • To discuss file-system design tradeoffs, including access methods, file sharing, file locking, and directory structures. • To explore file-system protection. 11.1 File Concept Computers can store information on various storage media, such as magnetic disks, magnetic tapes, and optical disks. So that the computer system will be convenient to use, the operating system provides a uniform logical view of stored information. The operating system abstracts from the physical properties of its storage devices to define a logical storage unit, the file .
    [Show full text]
  • Generating Computer Forensic Supertimelines Under Linux
    Generating computer forensic super- timelines under Linux A comprehensive guide for Windows-based disk images R. Carbone Certified Hacking Forensic Investigator (EC-Council) DRDC Valcartier C. Bean Certified Hacking Forensic Investigator (EC Council) Defence R&D Canada – Valcartier Technical Memorandum DRDC Valcartier TM 2011-216 October 2011 Generating computer forensic super- timelines under Linux A comprehensive guide for Windows-based disk images R. Carbone Certified Hacking Forensic Investigator (EC Council) DRDC Valcartier C. Bean Certified Hacking Forensic Investigator (EC Council) Defence R&D Canada – Valcartier Technical Memorandum DRDC Valcartier TM 2011-216 October 2011 Principal Author Richard Carbone Programmer/Analyst Approved by Guy Turcotte Head/System of Systems Approved for release by Christian Carrier Chief Scientist © Her Majesty the Queen in Right of Canada, as represented by the Minister of National Defence, 2011 © Sa Majesté la Reine (en droit du Canada), telle que représentée par le ministre de la Défense nationale, 2011 Abstract …….. This technical memorandum examines the basics surrounding computer forensic filesystem timelines and provides an enhanced approach to generating superior timelines for improved filesystem analysis and contextual awareness. Timelines are improved by polling multiple sources of information across the filesystem resulting in an approach that is surprisingly flexible and customizable. The timeline is further enhanced by incorporating key time-based metadata found across a disk image which, when taken as a whole, increases the forensic investigator’s understanding. Résumé …..... Ce mémorandum technique examine les bases entourant la création d’un calendrier des événements inforensiques des systèmes de fichier et fournit une approche améliorée pour générer des calendriers supérieurs pour une analyse améliorée des systèmes de fichiers et un meilleur éveil contextuel.
    [Show full text]
  • Z/OS UNIX Security Fundamentals
    Front cover z/OS UNIX Security Fundamentals The explanation of the z/OS UNIX security model The use of SAF to achieve superior security Professionals’ tips and recommendations to achieve superior security Patrick Kappeler Finn Christensen Jean-Marc Darees Dominique Richard ibm.com/redbooks Redpaper International Technical Support Organization z/OS UNIX Security Fundamentals February 2007 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. First Edition (February 2007) This edition applies to the z/OS UNIX System Services base component in Version 1, Release 7, of z/OS (product number 5694-A01) © Copyright International Business Machines Corporation 2007. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix The team that wrote this IBM Redpaper. ix Become a published author . x Comments welcome. xi Chapter 1. Overview of the UNIX operating system model . 1 1.1 What is UNIX?. 2 1.1.1 The POSIX standards . 2 1.2 The UNIX model of operating system . 3 1.2.1 The UNIX kernel . 4 1.2.2 The UNIX processes . 4 1.2.3 Signals . 5 1.2.4 Virtual memory and memory protection . 5 1.2.5 Shell . 5 1.2.6 The UNIX utilities . 6 1.2.7 The UNIX file system . 6 1.2.8 The /etc directory . 7 1.2.9 Daemons. 8 1.3 The UNIX security model . 8 1.3.1 Accessing UNIX . 8 1.3.2 UNIX users and groups.
    [Show full text]
  • Managing File Systems in Oracle® Solaris 11.2
    ® Managing File Systems in Oracle Solaris 11.2 Part No: E39021 July 2014 Copyright © 2004, 2014, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications.
    [Show full text]
  • File System Interface
    Operating Systems (Fall/Winter 2019) File System Interface Yajin Zhou (http://yajin.org) Zhejiang University Acknowledgement: some pages are based on the slides from Zhi Wang(fsu). Review • Page replacement: FIFO, Optimal, LRU (stack, counter), Approximation (reference bit, second chance), Counting (LFU, MFU) • Global vs local allocation • Reclaiming pages, OOM • MAJOR/Minor page fault, NUMA • Thrashing, Working-Set Model, How to track working set • Kernel memory allocation: buddy, slab • Other consideration: Prepaging, pagesize, TLB reach … File Concept • File is a contiguous logical address space for storing information • database, audio, video, web pages… • There are different types of file: • data: numeric, character, binary • program • special one: proc file system - use file-system interface to retrieve system information File Attributes • Name – only information kept in human-readable form • Identifier – unique tag (number) identifies file within file system • Type – needed for systems that support different types • Location – pointer to file location on device • Size – current file size • Protection – controls who can do reading, writing, executing • Time, date, and user identification – data for protection, security, and usage monitoring • Information about files are kept in the directory structure, which is maintained on the disk • Many variations, including extended file attributes such as file checksum File info Window on Mac OS X File Operations • OS provides file operations to • create: • space in the file system should be found • an entry
    [Show full text]
  • Linux System Administration Learn Via: Classroom / Virtual Classroom / Online Duration: 5 Gün
    Maslak Mahallesi, Maslak Meydan Sk. No:5. Spring Giz Plaza. Maslak/İstanbul +90 212 282 7700 - [email protected] Linux System Administration Learn via: Classroom / Virtual Classroom / Online Duration: 5 Gün https://bilginc.com/tr/egitim/1038/linux-system-administration-egitimi Overview Linux administration involves a fair amount of interaction with system hardware and the kernel, as well application of a large number tools and applications. This course provides a hands-on approach to acquiring the key system administration and management skills. As we traverse the administrative, networking and troubleshooting topics, we incorporate good practice, performance and security elements, all aiming to achieve a high level of proficiency in working with at the command line. With its distinctive design approach, this course is also suitable as a Unix to Linux conversion for existing Unix administrators. It is a fast-paced skills- building event, full of practical exercises and troubleshooting. The course platform will be one of the Red Hat derivatives, such as CentOS or ScientificLinux. However, the discussions and material address every major Linux strand, and wherever specific tool, technique or method is relevant, SUSE, Debian and Ubuntu specifics are covered. For example, we discuss the unique approach adopted by various systems in the areas such as system start-up and software management. Target Audience: All existing administrators, developers, analysts, indeed, all users who find themselves looking after a Linux box. Also, experienced Unix
    [Show full text]