Thư mục Thesis phần các dữ liệu thô cho các trang con người. Trong Red Hat Linux, Có tám phần của các trang người đàn ông. Ngoài ra, phần thư mục con tương ứng ĐÃ TỪNG NPAC đó phiên bản cửa hàng chế biến của các trang | System Security 401 Chapter 20 Most of the time though data is not just destroyed. A more common problem is that the data is captured. This could be actual company secrets or system configuration files. It is very important to keep an eye on the system files. It is also a good idea to occasionally search for programs that have suid or sgid capability. It might be wise to search for suid and sgid files when the system is first installed. Then later searches can be compared to this initial list. suid and sgid Many people talk about suid set user ID and sgid set group ID without really understanding them. The concept behind these powerful yet dangerous tools is that a program not a script is set so that it is run as the owner or group set for the program not the person running the program. For example say you have a program with suid set and its owner is root. Anyone running the program runs that program with the permissions of the owner instead of his or her own permissions. The passwd command is a good example of this. The file etc passwd is writable by root and readable by everyone. The passwd program has suid turned on. Therefore anyone can run the passwd program and change their password. Because the program is running as the user root not the actual user the etc passwd file can be written to. The same concept holds true for sgid. Instead of the program running with the permissions and authority of the group associated with the person calling the program the program is run with the permissions and authority of the group that is associated with the program. How to Find suid and sgid Files The find command once again comes in handy. With the following command you can search the entire system looking for programs with their suid or sgid turned on find -perm -200 -o -perm -400 -print It is probably best to run the preceding find command when you first load a system saving its output to a file readable only by root. Future searches can be performed and compared to .