DOCSLIB.ORG

One Identity Privilege Manager for Unix Administration Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

One Identity Privilege Manager for Unix 6.1 Administration Guide Copyright 2019 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of One Identity LLC . The information in this document is provided in connection with One Identity products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of One Identity LLC products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, ONE IDENTITY ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL ONE IDENTITY BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF ONE IDENTITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. One Identity makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. One Identity does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: One Identity LLC. Attn: LEGAL Dept 4 Polaris Way Aliso Viejo, CA 92656 Refer to our Web site (http://www.OneIdentity.com) for regional and international office information. Patents One Identity is proud of our advanced technology. Patents and pending patents may apply to this product. For the most current information about applicable patents for this product, please visit our website at http://www.OneIdentity.com/legal/patents.aspx. Trademarks One Identity and the One Identity logo are trademarks and registered trademarks of One Identity LLC. in the U.S.A. and other countries. For a complete list of One Identity trademarks, please visit our website at www.OneIdentity.com/legal. All other trademarks are the property of their respective owners. Legend WARNING: A WARNING icon highlights a potential risk of bodily injury or property damage, for which industry-standard safety precautions are advised. This icon is often associated with electrical hazards related to hardware. CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. Privilege Manager for Unix Administration Guide Updated - July 2019 Version - 6.1 Contents One Identity Privileged Access Suite for Unix 18 About this guide 19 Introducing Privilege Manager for Unix 21 What is Privilege Manager for Unix 22 Benefits of Privilege Manager for Unix 22 How Privilege Manager for Unix protects 23 Partition root safely 23 Create an indelible audit trail 24 Encryption 24 How Privilege Manager for Unix works 25 Policy configuration file (pmpolicy security policy) 26 Policy group 28 Planning Deployment 30 System requirements 31 Supported platforms 32 Reserve special user and group names 33 Required privileges 33 Estimating size requirements 33 Privilege Manager licensing 34 Deployment scenarios 35 Single host deployment 35 Medium business deployment 36 Large business deployment 36 Enterprise deployment 37 Installation and Configuration 39 Downloading Privilege Manager for Unix software packages 40 Quick start and evaluation 40 Installing the Management Console 40 Uninstalling the Management Console 42 Configure a Primary Policy Server 42 Privilege Manager for Unix 6.1 Administration Guide 3 Checking the server for installation readiness 43 TCP/IP configuration 43 Firewalls 44 Hosts database 44 Reserve special user and group names 44 Applications and file availability 45 Policy server daemon hosts 45 Local daemon hosts 45 Installing the Privilege Manager packages 46 Modifying PATH environment variable 46 Configuring the primary policy server for Privilege Manager for Unix 46 pmpolicy server configuration settings 47 Verifying the primary policy server configuration 53 Recompile the whatis database 53 Join hosts to policy group 53 Joining PM Agent to a Privilege Manager for Unix policy server 54 Configure a secondary policy server 59 Installing secondary servers 59 Configuring a secondary server 60 Synchronizing policy servers within a group 60 Install PM Agent on a remote host 60 Checking PM Agent host for installation readiness 61 Installing a PM Agent on a remote host 61 Joining the PM Agent to the primary policy server 62 Verifying PM Agent configuration 63 Load balancing on the client 63 Remove configurations 64 Uninstalling the Privilege Manager software packages 64 Upgrade Privilege Manager for Unix 66 Before you upgrade 66 Upgrading Privilege Manager packages 66 Upgrading the server package 67 Upgrading the PM Agent package 67 Removing Privilege Manager packages 67 Removing the server package 67 Privilege Manager for Unix 6.1 Administration Guide 4 Removing the PM Agent package 68 System Administration 69 Reporting basic policy server configuration information 69 Checking the status of the master policy 70 Checking the policy server 70 Checking policy server status 71 Checking the PM Agent configuration status 71 Installing licenses 72 Displaying license usage 73 Listing policy file revisions 74 Viewing differences between revisions 74 Backup and recovery 75 Managing Security Policy 77 Security policy types 77 Specifying security policy type 79 pmpolicy type policy 79 Modifying complex policies 80 Viewing the security profile changes 81 The Privilege Manager for Unix Security Policy 83 Default profile-based policy (pmpolicy) 83 Policy profiles 83 Profile-based policy files 84 Profile selection 86 Profile variables 86 Exploring profiles 101 Customizing the default profile-based policy (pmpolicy) 104 Customization example - pf_forbidusers list 104 Policy scripting tutorial 106 Install the example policy file 107 Create test users 109 Set Lesson number variable 109 Introductory lessons 110 Lesson 1: Basic policy 111 Lesson 2: Conditional privilege 112 Privilege Manager for Unix 6.1 Administration Guide 5 Lesson 3: Specific commands 113 Lesson 4: Policy optimization with list variables 113 Lesson 5: Keystroke logging 114 Lesson 6: Conditional keystroke logging 115 Lesson 7: Policy optimizations 117 Advanced lessons 118 Lesson 8: Controlling the execution environment 118 Lesson 9: Flow control 119 Lesson 10: Basic menus 120 Sample policy files 121 Main policy configuration file 121 Lesson 1 Sample: Basic policy 123 Lesson 2 Sample: Conditional privilege 124 Lesson 3 Sample: Specific commands 125 Lesson 4 Sample: Policy optimizations with list variables 126 Lesson 5 Sample: Keystroke logging 127 Lesson 6 Sample: Conditional keystroke logging 128 Lesson 7 Sample: Policy optimizations 129 Lesson 8 Sample: Controlling the execution environment 131 Lesson 9 Sample: Flow control 133 Lesson 10 Sample: Basic menus 134 Advanced Privilege Manager for Unix Configuration 136 Privilege Manager shells 136 Privilege Manager shell features 137 Forbidden commands 138 Allowed commands 138 Allowed piped commands 138 Check shell built-in commands 139 Read-only variable list 139 Running a shell in restricted mode 139 Additional shell considerations 140 Configuring Privilege Manager for policy scripting 142 Configuration prerequisites 142 Configuration file examples 143 Example 1: Basics 144 Privilege Manager for Unix 6.1 Administration Guide 6 Example 2: Accept or reject requests 145 Example 3: Command constraints 146 Example 4: Lists 147 Example 5: I/O logging, event logging, and replay 147 Example 6: More complex policies 150 Example 7: Use variables to store constraints 150 Example 8: Control the run-time environment 151 Example 9: Switch and case statements 154 Example 10: Menus 154 Use the while loop 156 Use parallel lists 157 Best practice policy guidelines 157 Multiple configuration files and read-only variables 159 Mail 160 Environmental variables 161 NIS netgroups 161 Specify trusted hosts 161 Configuring firewalls 161 Privilege Manager port usage 162 Restricting port numbers for command responses 163 Configuring pmtunneld 163 Configuring Network Address Translation (NAT) 165 Configuring Kerberos encryption 165 Configuring certificates 166 Enable configurable certification 166 Configuring alerts 168 Configuring Pluggable Authentication Method (PAM) 169 Utilizing PAM authentication 169 Authenticate PAM to client 170 Administering Log and Keystroke Files 172 Controlling logs 172 Local logging 173 Event logging 174 Keystroke (I/O) logging 175 Keystroke (I/O) logging policy variables 176 Privilege Manager for Unix 6.1 Administration Guide 7 Central logging with Privilege Manager for Unix 178 Controlling log size with Privilege Manager for Unix 179 Viewing the log files using a web browser 180 Viewing the log files using command
Recommended publications
  • Chrooting All Services in Linux

    Chrooting All Services in Linux

    LinuxFocus article number 225 http://linuxfocus.org Chrooting All Services in Linux by Mark Nielsen (homepage) About the author: Abstract: Mark works as an independent consultant Chrooted system services improve security by limiting damage that donating time to causes like someone who broke into the system can possibly do. GNUJobs.com, writing _________________ _________________ _________________ articles, writing free software, and working as a volunteer at eastmont.net. Introduction What is chroot? Chroot basically redefines the universe for a program. More accurately, it redefines the "ROOT" directory or "/" for a program or login session. Basically, everything outside of the directory you use chroot on doesn't exist as far a program or shell is concerned. Why is this useful? If someone breaks into your computer, they won't be able to see all the files on your system. Not being able to see your files limits the commands they can do and also doesn't give them the ability to exploit other files that are insecure. The only drawback is, I believe it doesn't stop them from looking at network connections and other stuff. Thus, you want to do a few more things which we won't get into in this article too much: Secure your networking ports. Have all services run as a service under a non-root account. In addition, have all services chrooted. Forward syslogs to another computer. Analyze logs files Analyze people trying to detect random ports on your computer Limit cpu and memory resources for a service. Activate account quotas. The reason why I consider chroot (with a non-root service) to be a line of defense is, if someone breaks in under a non-root account, and there are no files which they can use to break into root, then they can only limit damage to the area they break in.
  • The Linux Kernel Module Programming Guide

    The Linux Kernel Module Programming Guide

    The Linux Kernel Module Programming Guide Peter Jay Salzman Michael Burian Ori Pomerantz Copyright © 2001 Peter Jay Salzman 2007−05−18 ver 2.6.4 The Linux Kernel Module Programming Guide is a free book; you may reproduce and/or modify it under the terms of the Open Software License, version 1.1. You can obtain a copy of this license at http://opensource.org/licenses/osl.php. This book is distributed in the hope it will be useful, but without any warranty, without even the implied warranty of merchantability or fitness for a particular purpose. The author encourages wide distribution of this book for personal or commercial use, provided the above copyright notice remains intact and the method adheres to the provisions of the Open Software License. In summary, you may copy and distribute this book free of charge or for a profit. No explicit permission is required from the author for reproduction of this book in any medium, physical or electronic. Derivative works and translations of this document must be placed under the Open Software License, and the original copyright notice must remain intact. If you have contributed new material to this book, you must make the material and source code available for your revisions. Please make revisions and updates available directly to the document maintainer, Peter Jay Salzman <[email protected]>. This will allow for the merging of updates and provide consistent revisions to the Linux community. If you publish or distribute this book commercially, donations, royalties, and/or printed copies are greatly appreciated by the author and the Linux Documentation Project (LDP).
  • LM1881 Video Sync Separator Datasheet

    LM1881 Video Sync Separator Datasheet

    Product Sample & Technical Tools & Support & Folder Buy Documents Software Community LM1881 SNLS384G –FEBRUARY 1995–REVISED JUNE 2015 LM1881 Video Sync Separator 1 Features 3 Description The LM1881 Video sync separator extracts timing 1• AC Coupled Composite Input Signal information including composite and vertical sync, • >10-kΩ Input Resistance burst or back porch timing, and odd and even field • <10-mA Power Supply Drain Current information from standard negative going sync NTSC, • Composite Sync and Vertical Outputs PAL (1) and SECAM video signals with amplitude from • Odd and Even Field Output 0.5-V to 2-V p-p. The integrated circuit is also capable of providing sync separation for non- • Burst Gate or Back Porch Output standard, faster horizontal rate video signals. The • Horizontal Scan Rates to 150 kHz vertical output is produced on the rising edge of the • Edge Triggered Vertical Output first serration in the vertical sync period. A default vertical output is produced after a time delay if the • Default Triggered Vertical Output for Non- rising edge mentioned above does not occur within Standard Video Signal (Video Games-Home the externally set delay period, such as might be the Computers) case for a non-standard video signal. 2 Applications Device Information(1) • Video Cameras and Recorders PART NUMBER PACKAGE BODY SIZE (NOM) SOIC (8) 4.90 mm × 3.91 mm • Broadcasting Systems LM1881 • Set-Top Boxes PDIP (8) 9.81 mm × 6.35 mm • Home Entertainment (1) For all available packages, see the orderable addendum at the end of the data sheet. • Computing and Gaming Applications (1) PAL in this datasheet refers to European broadcast TV standard “Phase Alternating Line”, and not to Programmable Array Logic.
  • Making Linux Protection Mechanisms Egalitarian with Userfs

    Making Linux Protection Mechanisms Egalitarian with Userfs

    Making Linux Protection Mechanisms Egalitarian with UserFS Taesoo Kim and Nickolai Zeldovich MIT CSAIL ABSTRACT firewall rules, forcing applications to invent their own UserFS provides egalitarian OS protection mechanisms protection techniques like system call interposition [15], in Linux. UserFS allows any user—not just the system binary rewriting [30] or analysis [13, 45], or interposing administrator—to allocate Unix user IDs, to use chroot, on system accesses in a language runtime like Javascript. and to set up firewall rules in order to confine untrusted This paper presents the design of UserFS, a kernel code. One key idea in UserFS is representing user IDs as framework that allows any application to use traditional files in a /proc-like file system, thus allowing applica- OS protection mechanisms on a Unix system, and a proto- tions to manage user IDs like any other files, by setting type implementation of UserFS for Linux. UserFS makes permissions and passing file descriptors over Unix do- protection mechanisms egalitarian, so that any user—not main sockets. UserFS addresses several challenges in just the system administrator—can allocate new user IDs, making user IDs egalitarian, including accountability, re- set up firewall rules, and isolate processes using chroot. source allocation, persistence, and UID reuse. We have By using the operating system’s own protection mecha- ported several applications to take advantage of UserFS; nisms, applications can avoid race conditions and ambi- by changing just tens to hundreds of lines of code, we guities associated with system call interposition [14, 43], prevented attackers from exploiting application-level vul- can confine existing code without having to recompile or nerabilities, such as code injection or missing ACL checks rewrite it in a new language, and can enforce a coherent in a PHP-based wiki application.
  • Sandboxing 2 Change Root: Chroot()

    Sandboxing 2 Change Root: Chroot()

    Sandboxing 2 Change Root: chroot() Oldest Unix isolation mechanism Make a process believe that some subtree is the entire file system File outside of this subtree simply don’t exist Sounds good, but. Sandboxing 2 2 / 47 Chroot Sandboxing 2 3 / 47 Limitations of Chroot Only root can invoke it. (Why?) Setting up minimum necessary environment can be painful The program to execute generally needs to live within the subtree, where it’s exposed Still vulnerable to root compromise Doesn’t protect network identity Sandboxing 2 4 / 47 Root versus Chroot Suppose an ordinary user could use chroot() Create a link to the sudo command Create /etc and /etc/passwd with a known root password Create links to any files you want to read or write Besides, root can escape from chroot() Sandboxing 2 5 / 47 Escaping Chroot What is the current directory? If it’s not under the chroot() tree, try chdir("../../..") Better escape: create device files On Unix, all (non-network) devices have filenames Even physical memory has a filename Create a physical memory device, open it, and change the kernel data structures to remove the restriction Create a disk device, and mount a file system on it. Then chroot() to the real root (On Unix systems, disks other than the root file system are “mounted” as a subtree somewhere) Sandboxing 2 6 / 47 Trying Chroot # mkdir /usr/sandbox /usr/sandbox/bin # cp /bin/sh /usr/sandbox/bin/sh # chroot /usr/sandbox /bin/sh chroot: /bin/sh: Exec format error # mkdir /usr/sandbox/libexec # cp /libexec/ld.elf_so /usr/sandbox/libexec # chroot /usr/sandbox
  • Version 7.8-Systemd

    Version 7.8-Systemd

    Linux From Scratch Version 7.8-systemd Created by Gerard Beekmans Edited by Douglas R. Reno Linux From Scratch: Version 7.8-systemd by Created by Gerard Beekmans and Edited by Douglas R. Reno Copyright © 1999-2015 Gerard Beekmans Copyright © 1999-2015, Gerard Beekmans All rights reserved. This book is licensed under a Creative Commons License. Computer instructions may be extracted from the book under the MIT License. Linux® is a registered trademark of Linus Torvalds. Linux From Scratch - Version 7.8-systemd Table of Contents Preface .......................................................................................................................................................................... vii i. Foreword ............................................................................................................................................................. vii ii. Audience ............................................................................................................................................................ vii iii. LFS Target Architectures ................................................................................................................................ viii iv. LFS and Standards ............................................................................................................................................ ix v. Rationale for Packages in the Book .................................................................................................................... x vi. Prerequisites
  • The Oldest Rivalry in Computing Forget Apple Vs

    The Oldest Rivalry in Computing Forget Apple Vs

    Follow us on Twitter for more great Slate stories! Follow @slate BITWISE DECODING THE TECH WORLD. MAY 9 2014 9:57 AM The Oldest Rivalry in Computing Forget Apple vs. Google. Emacs and Vi have been battling for text-editor supremacy among programmers for 40 years. By David Auerbach An early Emacs manual cover from 1981. Courtesy of GNU Emacs n a world where both software and hardware frequently become obsolete right I on release, two rival programs can stake a claim to being among the longest-lived applications of all time. Both programs are about to enter their fifth decades. Both programs are text editors, for inputting and editing code, data files, raw HTML Web pages, and anything else. And they are mortal enemies. Their names are Emacs and Vi (styled by programmers as “vi”). These editors are legendary and ancient, no exaggeration. Both date back to at least 1976, making them older than the vast majority of people currently using them. Both programs are text editors, which means they are not WYSIWYG (what you see is what you get)—unlike, say, word processors like Microsoft Word, they do not format your words onscreen. Programming is very different from word processing, and the basic goal of Emacs and Vi—fast editing of source code (and any other text files)—has yet to become obsolete. Both have been in ongoing development for almost 40 years. These two wizened programs are as close to equally matched enemies as any two programs have ever been. If you know a programmer who uses one of them, there’s a good chance that she hates the other.
  • 80842-Su | Cc/Led/27W/E26-E39/Mv/50K Corn Cob Sunlite

    80842-Su | Cc/Led/27W/E26-E39/Mv/50K Corn Cob Sunlite

    Item: 80842-SU CC/LED/27W/E26-E39/MV/50K CORN COB SUNLITE General Characteristics Bulb Corn Lamp Type Corn Cob Lamp Life Hours 50000 Hours Material Aluminium & Plastic LED Type LG5630 Base Medium (E26) Lumens Per Watt (LPW) 135.00 Life (based on 3hr/day) 45.7 Years Estimated Energy Cost $3.25 per Year Safety Rating UL Listed Ingress Protection IP64 Sunlite CC/LED/27W/E26-E39/MV/50K LED 27W (100W MHL/HPSW Electrical Characteristics Equivalent) Corn Bulb, Medium (E26), Watts 27 5000K Super White Volts 100-277 Equivalent Watts 100 LED Chip Manufacturer LG5630 Sunlite's super efficient LED corn lamps were created to Number of LEDs 84 replace the equivalent but power hungry metal halide and Power Factor 0.9 high-pressure sodium lamps. Capable of withstanding water sprays from any direction in thanks to its IP64 rating, these Temperature -40° To 140° bulbs will keep outdoor paths, back yards and many more locations illuminated for a significantly longer period of time Light Characteristics when compared to a high-pressure sodium lamp or a metal Brightness 3645 Lumens halide while also lowering your electrical usage. Color Accuracy (CRI) 85 Light Appearance Super White Color Temperature 5000K • This modern corn cob lamp produces an efficient 5000K Beam Angle 360° super white beam of 360° light at a powerful 3645 lumens • On average, this multi-volt LED corn cob lamp lasts up to Product Dimensions an astonishing 50,000 hours and features 84 energy MOL (in) 7.4 saving diodes Diameter (in) 3.65 • Ideal for all post lights, Street lights, security Lighting, high Package Dimensions (in) (W) 3.70 (H) 11.90 (D) 3.80 bay lights while also designed for indoor as well as Product Data outdoor usage.
  • The Linux Command Line

    The Linux Command Line

    The Linux Command Line Fifth Internet Edition William Shotts A LinuxCommand.org Book Copyright ©2008-2019, William E. Shotts, Jr. This work is licensed under the Creative Commons Attribution-Noncommercial-No De- rivative Works 3.0 United States License. To view a copy of this license, visit the link above or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042. A version of this book is also available in printed form, published by No Starch Press. Copies may be purchased wherever fine books are sold. No Starch Press also offers elec- tronic formats for popular e-readers. They can be reached at: https://www.nostarch.com. Linux® is the registered trademark of Linus Torvalds. All other trademarks belong to their respective owners. This book is part of the LinuxCommand.org project, a site for Linux education and advo- cacy devoted to helping users of legacy operating systems migrate into the future. You may contact the LinuxCommand.org project at http://linuxcommand.org. Release History Version Date Description 19.01A January 28, 2019 Fifth Internet Edition (Corrected TOC) 19.01 January 17, 2019 Fifth Internet Edition. 17.10 October 19, 2017 Fourth Internet Edition. 16.07 July 28, 2016 Third Internet Edition. 13.07 July 6, 2013 Second Internet Edition. 09.12 December 14, 2009 First Internet Edition. Table of Contents Introduction....................................................................................................xvi Why Use the Command Line?......................................................................................xvi
  • Powerview Command Reference

    Powerview Command Reference

    PowerView Command Reference TRACE32 Online Help TRACE32 Directory TRACE32 Index TRACE32 Documents ...................................................................................................................... PowerView User Interface ............................................................................................................ PowerView Command Reference .............................................................................................1 History ...................................................................................................................................... 12 ABORT ...................................................................................................................................... 13 ABORT Abort driver program 13 AREA ........................................................................................................................................ 14 AREA Message windows 14 AREA.CLEAR Clear area 15 AREA.CLOSE Close output file 15 AREA.Create Create or modify message area 16 AREA.Delete Delete message area 17 AREA.List Display a detailed list off all message areas 18 AREA.OPEN Open output file 20 AREA.PIPE Redirect area to stdout 21 AREA.RESet Reset areas 21 AREA.SAVE Save AREA window contents to file 21 AREA.Select Select area 22 AREA.STDERR Redirect area to stderr 23 AREA.STDOUT Redirect area to stdout 23 AREA.view Display message area in AREA window 24 AutoSTOre ..............................................................................................................................
  • Unix Security Overview: 1

    Unix Security Overview: 1

    CIS/CSE 643: Computer Security (Syracuse University) Unix Security Overview: 1 Unix Security Overview 1 User and Group • Users – root: super user (uid = 0) – daemon: handle networks. – nobody: owns no files, used as a default user for unprivileged operations. ∗ Web browser can run with this mode. – User needs to log in with a password. The encrypted password is stored in /etc/shadow. – User information is stored in /etc/passwd, the place that was used to store passwords (not anymore). The following is an example of an entry in this file. john:x:30000:40000:John Doe:/home/john:/usr/local/bin/tcsh • Groups – Sometimes, it is more convenient if we can assign permissions to a group of users, i.e. we would like to assign permission based on groups. – A user has a primary group (listed in /etc/passwd), and this is the one associated to the files the user created. – Any user can be a member of multiple groups. – Group member information is stored in /etc/group % groups uid (display the groups that uid belongs to) – For systems that use NIS (Network Information Service), originally called Yellow Page (YP), we can get the group information using the command ypcat. % ypcat group (can display all the groups and their members) 2 File Permissions • File Permissions – The meaning of the permission bits in Unix. ∗ Owner (u), Group (g), and Others (o). ∗ Readable (r), Writable (w), and Executable (x). ∗ Example: -rwxrwxrwx (777) • Permissions on Directories: – r: the directory can be listed. – w: can create/delete a file or a directory within the directory.
  • Learning the Vi Editor

    Learning the Vi Editor

    Learning the vi Editor en.wikibooks.org December 29, 2013 On the 28th of April 2012 the contents of the English as well as German Wikibooks and Wikipedia projects were licensed under Creative Commons Attribution-ShareAlike 3.0 Unported license. A URI to this license is given in the list of figures on page 103. If this document is a derived work from the contents of one of these projects and the content was still licensed by the project under this license at the time of derivation this document has to be licensed under the same, a similar or a compatible license, as stated in section 4b of the license. The list of contributors is included in chapter Contributors on page 101. The licenses GPL, LGPL and GFDL are included in chapter Licenses on page 107, since this book and/or parts of it may or may not be licensed under one or more of these licenses, and thus require inclusion of these licenses. The licenses of the figures are given in the list of figures on page 103. This PDF was generated by the LATEX typesetting software. The LATEX source code is included as an attachment (source.7z.txt) in this PDF file. To extract the source from the PDF file, you can use the pdfdetach tool including in the poppler suite, or the http://www. pdflabs.com/tools/pdftk-the-pdf-toolkit/ utility. Some PDF viewers may also let you save the attachment to a file. After extracting it from the PDF file you have to rename it to source.7z.