Welcome to WebmasterWorld Guest from 54.147.10.72

Forum Moderators: bakedjake

Message Too Old, No Replies

How secure is the Linux file system? [prefs and permissions]

Please share your suggestion regarding the solution

     

explorador

4:57 pm on May 28, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Hi Webmasters (I'm currently researching on this here and there to solve a problem, your comments will be appreciated).

Long story [webmasterworld.com] short a client wants to move some online apps to a local server. Everything runs on Perl, DB and html files. The issue is how to protect my source code from being copied or modified. Remember, perl and php scripts ARE the source code.

My initial idea was to setup a local server on a Linux Box (probably Ubuntu with Xampp). Every user will have access to the app on the server [multiuser mode]. The single user mode would mean having the same PC in use, as a personal web server (this will be the solution for really small business, one user). Let's forget for a while about the Xampp security. (yes, the app is multiuser at server level)


Now the security and access:
What do you think on configuring the local server and avoid file access via user accounts and permissions? This way the app will be working fine but only I'll have the master password to log in and see the source code and original files. I know only the users with access to those folders will be able of seeing the files. I would leave a limited user account to have that PC operational but with no access to my source code. What do you think of this? how secure is it? How about booting with a live CD? would it be easy for others to gain access to my files?

I'm considering another option: encrypting the file system. It will be the same as previous but with the enhanced security of having the structure itself encrypted.

Any comments will be appreciated.

lammert

4:25 am on May 29, 2010 (gmt 0)

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



If the server is on your customer's location there is no protection at all. They only need a USB thumb drive with a small linux version, boot the system from that thumb drive and copy all your files and other stuff.

If USB booting doesn't work, they can just remove the harddisk and mount it as secondary disk in another computer.

explorador

5:15 pm on May 29, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



by now I'm doing tests and setting folders with no access for anyone but the admin... so far the folders work and are unreadable, not even listings. I tried with other users, even booting with other linux distro and administrator modes (on other linux distros too) and the folder remains unreadable, I think at least I'm getting to some reasonable level of security. I'll keep trying.

lammert

3:09 am on May 30, 2010 (gmt 0)

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



The whole principle of access rights in Linux is ignored for every user who has usercode 0. Normally this is the user who logs in as root. Booting another linux distro and login in to that distro as user root overrules all the folder settings you make.

explorador

10:51 pm on May 30, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Thanks lammert, I see... I'll keep looking for alternatives.

graeme_p

4:42 am on May 31, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month



Storing your stuff on an encrypted partition would do it, but the client would not be able to restart it after a reboot. There are probably ways they could trick you into giving away the encryption pass phrase.

How good does your security need to be?

Are there any other solutions, such as getting the client to pay extra to compensate you for source access?

lammert

5:21 am on May 31, 2010 (gmt 0)

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Perl is shipped with a compiler (see man perlcc) which turns the code in a file which can be executed directly. The compiler is however marked as "highly experimental" and I don't know how it performs in production environments. This would make your source code unreadable, but access to the database is still possible.

explorador

2:36 pm on May 31, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



graeme_p:
Storing your stuff on an encrypted partition would do it, but the client would not be able to restart it after a reboot.

You are right, configuring the server to auto load it will be almost like not having encryption

How good does your security need to be?

Are there any other solutions, such as getting the client to pay extra to compensate you for source access?

I just want to stop others from using the app without authorization. Compensation? there is an issue there. My app is server-side-multiuser (many users at the same company), multi client (diff companies using it with no problem). I could install it locally as a "single user" solution that should cost less. Or as a private app on a local server that should cost more for the private use.

lammert:
Perl is shipped with a compiler (see man perlcc) which turns the code in a file which can be executed directly. The compiler is however marked as "highly experimental" and I don't know how it performs in production environments. This would make your source code unreadable, but access to the database is still possible.

thanks, I'm reading about it. I used a forum app app in the past that had perl code and one sort of library that was not pure text. I'm researching on this, perhaps is a perlcc compiled script.

Thanks, I'll keep researching and will post results here.

ksrao

2:30 pm on Jul 2, 2010 (gmt 0)

5+ Year Member



Hi,
Linux is having great security in its file system. It is different form others in the Hierarchy itself. Which is the root (/) is on the top and all other directories are mounted under it.

It maintains Security accepts with the help of following
1. Basic File permissions
rwx read write Execute
2. Special File permissions
SUID
GUID
Sticky Bit
3. ACL ( Access Control List)
4. Password Encryption( using MD5 & DES Algorithems)
5. Through RAID levels

TO enhance your knowledge in RHEL-4 practice online tests.
[wiziq.com ]

Regards
Kolla Sanjeeva Rao
 

Featured Threads

Hot Threads This Week

Hot Threads This Month