homepage Welcome to WebmasterWorld Guest from 54.196.197.153
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
How secure is the Linux file system? [prefs and permissions]
Please share your suggestion regarding the solution
explorador




msg:4143070
 4:57 pm on May 28, 2010 (gmt 0)

Hi Webmasters (I'm currently researching on this here and there to solve a problem, your comments will be appreciated).

Long story [webmasterworld.com] short a client wants to move some online apps to a local server. Everything runs on Perl, DB and html files. The issue is how to protect my source code from being copied or modified. Remember, perl and php scripts ARE the source code.

My initial idea was to setup a local server on a Linux Box (probably Ubuntu with Xampp). Every user will have access to the app on the server [multiuser mode]. The single user mode would mean having the same PC in use, as a personal web server (this will be the solution for really small business, one user). Let's forget for a while about the Xampp security. (yes, the app is multiuser at server level)


Now the security and access:
What do you think on configuring the local server and avoid file access via user accounts and permissions? This way the app will be working fine but only I'll have the master password to log in and see the source code and original files. I know only the users with access to those folders will be able of seeing the files. I would leave a limited user account to have that PC operational but with no access to my source code. What do you think of this? how secure is it? How about booting with a live CD? would it be easy for others to gain access to my files?

I'm considering another option: encrypting the file system. It will be the same as previous but with the enhanced security of having the structure itself encrypted.

Any comments will be appreciated.

 

lammert




msg:4143412
 4:25 am on May 29, 2010 (gmt 0)

If the server is on your customer's location there is no protection at all. They only need a USB thumb drive with a small linux version, boot the system from that thumb drive and copy all your files and other stuff.

If USB booting doesn't work, they can just remove the harddisk and mount it as secondary disk in another computer.

explorador




msg:4143625
 5:15 pm on May 29, 2010 (gmt 0)

by now I'm doing tests and setting folders with no access for anyone but the admin... so far the folders work and are unreadable, not even listings. I tried with other users, even booting with other linux distro and administrator modes (on other linux distros too) and the folder remains unreadable, I think at least I'm getting to some reasonable level of security. I'll keep trying.

lammert




msg:4143787
 3:09 am on May 30, 2010 (gmt 0)

The whole principle of access rights in Linux is ignored for every user who has usercode 0. Normally this is the user who logs in as root. Booting another linux distro and login in to that distro as user root overrules all the folder settings you make.

explorador




msg:4144104
 10:51 pm on May 30, 2010 (gmt 0)

Thanks lammert, I see... I'll keep looking for alternatives.

graeme_p




msg:4144198
 4:42 am on May 31, 2010 (gmt 0)

Storing your stuff on an encrypted partition would do it, but the client would not be able to restart it after a reboot. There are probably ways they could trick you into giving away the encryption pass phrase.

How good does your security need to be?

Are there any other solutions, such as getting the client to pay extra to compensate you for source access?

lammert




msg:4144202
 5:21 am on May 31, 2010 (gmt 0)

Perl is shipped with a compiler (see man perlcc) which turns the code in a file which can be executed directly. The compiler is however marked as "highly experimental" and I don't know how it performs in production environments. This would make your source code unreadable, but access to the database is still possible.

explorador




msg:4144359
 2:36 pm on May 31, 2010 (gmt 0)

graeme_p:
Storing your stuff on an encrypted partition would do it, but the client would not be able to restart it after a reboot.

You are right, configuring the server to auto load it will be almost like not having encryption

How good does your security need to be?

Are there any other solutions, such as getting the client to pay extra to compensate you for source access?

I just want to stop others from using the app without authorization. Compensation? there is an issue there. My app is server-side-multiuser (many users at the same company), multi client (diff companies using it with no problem). I could install it locally as a "single user" solution that should cost less. Or as a private app on a local server that should cost more for the private use.

lammert:
Perl is shipped with a compiler (see man perlcc) which turns the code in a file which can be executed directly. The compiler is however marked as "highly experimental" and I don't know how it performs in production environments. This would make your source code unreadable, but access to the database is still possible.

thanks, I'm reading about it. I used a forum app app in the past that had perl code and one sort of library that was not pure text. I'm researching on this, perhaps is a perlcc compiled script.

Thanks, I'll keep researching and will post results here.

ksrao




msg:4163448
 2:30 pm on Jul 2, 2010 (gmt 0)

Hi,
Linux is having great security in its file system. It is different form others in the Hierarchy itself. Which is the root (/) is on the top and all other directories are mounted under it.

It maintains Security accepts with the help of following
1. Basic File permissions
rwx read write Execute
2. Special File permissions
SUID
GUID
Sticky Bit
3. ACL ( Access Control List)
4. Password Encryption( using MD5 & DES Algorithems)
5. Through RAID levels

TO enhance your knowledge in RHEL-4 practice online tests.
[wiziq.com ]

Regards
Kolla Sanjeeva Rao

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved