Three Details reflect the security of Unix operating systems

Source: Internet
Author: User

The security of Unix operating systems is well known. However, if you want to say where the Unix system is secure, it is estimated that no one can say why.

1. Different users have different permissions for the same command.

The Date command is a common command in Unix systems. It displays the Date and time of the system. However, different user roles have different functions. If you are a system administrator, you can use this command to change the system time. However, if the user who executes this command is a common user of the system, the command can only display the time, but cannot change the time. That is to say, by default, only the system administrator can change the system time, but the modification time and viewing time use the same command. The system automatically determines whether the current user has the right to modify the time.

This is a useful security feature in Unix systems. On the one hand, similar functions use the same command to facilitate the operation and maintenance of the system administrator. On the other hand, the system automatically reviews the command permissions, to ensure that users can only use commands to perform operations that are consistent with their own permissions. It can be seen from this that Unix systems are not only secure, but also focus on a combination of security and convenience. It will not sacrifice the convenience of management and maintenance for security.

As we all know, changing the date of the system at will may have a great negative impact on the system, which may lead to confusion in some job plans. For example, the system may have multiple processes running in the background. At this time, the system schedules the execution of these command processes based on the priority of the processes, the job plan defined by the Administrator, and so on, specify to start these jobs or processes at a specific time. In this case, if a non-administrator user is allowed to change the system time at will, the operations in the system may be messy. For example, for the sake of system security, the system administrator sets up to back up important files in the system at every day. If the average user modifies the time at noon, change the time from. At this time, the system will not back up important system files. Unfortunately, due to unexpected damage to the system hard disk or other system faults on the morning of the next day, the damaged files cannot be repaired due to the previous day's absence of normal backup. Changing the system time at will result in many unpredictable results.

Therefore, we can see from the date command that the Unix system is indeed slightly better than other operating systems in terms of security design. Different accounts with the same command have different operation functions, which makes the Unix system secure and convenient.

2. No error message is displayed.

Like other operating systems, Unix also ensures the basic security of the operating system through the account name and password. However, I think Unix may be more comprehensive in this regard.

Unix is a multi-user operating system. Generally, Unix systems only allow users with accounts and passwords to log on. The user's account list is usually maintained by a system administrator. The system administrator grants the user the permission to use the computer and calculates the system account, password, and other information for the user. When the system prompts that the user is required to log on, the user can only log on to the operating system after entering the correct user name and password provided by the system administrator. If the system prompts a logon prompt, it indicates that the system terminal allows a user to log on through the account and password. After entering the account name, press enter to enter the password. The system requires the user to enter an accurate password for authentication. In case of a wrong password (Accurate user name), the system will only vaguely prompt "login incorrect" (inaccurate login ). It does not prompt the user where the error is, whether the password is incorrect or the user name is entered incorrectly.

This vague reminder will cause some obstacles to illegal attackers. Because the attacker does not know whether the password is incorrect or the account name is incorrect, this will increase the attack cost. In other words, this prompt is more or less deceptive for attackers. However, this measure can significantly improve the security of the system. Some employees may complain about the poor design friendliness. It not only deceives attackers, but also common users. However, for security, this security measure is still necessary.

It is also worth mentioning that the Unix system provides a higher level of security measures like other operating systems during user logon. That is, when a user logs on to a Unix system, the user can forcibly change the password granted by the Administrator according to the system security policy. In this case, you are advised to change the default password immediately and set a password that only you know (even the Administrator may not know ). After all, if too many people know the account name or password, it will bring some security risks to the operating system.

When a Unix system fails to verify the user name or password during login, the system does not provide detailed error information, so that illegal attackers are not allowed to find the cause of the error and increase the difficulty of the attack. In fact, these similar security measures are everywhere in Unix systems. In subsequent articles, I may talk about this security feature many times. From this small security design, we can see that the security of Unix operating systems is indeed not a blow.

3. The output does not contain the corresponding header.

The command "who" can display the details of the current Login User, such as the user name, login path, and login time. Similar functions are available in Linux. However, there are differences between the two systems.

This result indicates that two of the login users of the current system are all Oracle (the operating system allows the same account to log on to the operating system through different channels, which is also a feature of the Unix system. Similar functions can also be implemented in Linux, but they do not seem to work in Microsoft. The logon path, logon time, and so on will be displayed later. However, many beginners of Unix systems are troubled by the fact that there is no corresponding header in the output results to describe the meaning of each column. This may seem to make people feel that the Unix operating system is not very friendly, but it can ensure the security of the Unix system. For example, some advanced security policies of Unix systems are implemented based on this feature.

In addition, because this user information has a very important value, it is of greater practical significance to carry out some security protection. For example, the system administrator can extract some data from the output results of the who command for the next command.

In fact, in addition to the who command, there are many similar Unix systems. It is precisely these details that ensure the security of the entire Unix system.


 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.