You're working with a Linux system with physical access to it. The passwords to user accounts on this system are lost but you would like to log in to the operating system. The system is your typical home Linux installation with no LDAP or disk encryption configured, for instance. You can use the provided virtual machine appliance as a throwaway test target. The .ova has been tested in current VirtualBox but should also work with VMWare, Xen etc.
You are encouraged to try the above in practice, though just writing the report is enough if you're confident in your procedure.
Important: it was discovered that at least Ubuntu, 11.04 has an outdated version of chntpw which does not work with Windows 7. Please use a more recent version available at http://pogostick.net/~pnh/ntpasswd/chntpw-source-110511.zip. You don't have to compile it yourself, the package contains a statically linked binary.
Using traditional Unix access control, give reasonable (= sanely fill in missing details) chmod commands for implementing the below access control requirements. Always specify the complete set of permissions (for user, group, other).
Let's assume you're on a relatively safe machine; let other users to enter your home directory and list its contents. Your username is johndoe. Your home directory is then ~johndoe, or simply ~.
Your personal web documents are located at ~/public_html. Protect your public_html so that others cannot list the directory's contents. This is what you can do if you don't want a listing of your web documents publicly visible.
Finally, protect your ~/.ssh directory (containing your SSH keys and else) so that others (except root, of course) have no access to the directory at all.
Next, implement the same access controls in Windows, using access control lists. For simplicity, let's use the same directory structure as above. We call your 'home directory' and username johndoe, web document directory johndoe\public_html and SSH directory johndoe\.ssh. You will have to create access control entries to the access control list of each directory. For each directory, describe the final access control entries after your modifications. For each ACE, include: trustee of this ACE; permission type; allow/deny. Note that you do not have to create any additional users or groups to do this.
Again, it is not mandatory to do the above in real life, but obviously you have to write the report.
Write your report in plain text format - no .doc, .pdf but ASCII text instead. Submit URL to Rubyric: https://rubyric.cs.hut.fi/submit/645. Deadline: Sunday 23.9.2012, 23:59. Do not copy your answers or parts of your answer directly from the Internet, from a friend or any other source - please write them yourself and clearly mark if you have quoted something you didn't write yourself.
SPECIAL NOTE: you may not be able to submit the exercise immediately as the final course participant lists are not yet available. We'll put a news item in Noppa when we insert the student info into Rubyric. In case of technical problems we'll accept late submissions for Ex1.
T-110.4206 Information Security Technology 2012 - t-110.4206 @ tkk.fi