How To Protect Your Website From Remote Code Execution

Reading Time: 5 minutes

What is Remote Code Execution?

Remote code execution, also known as code injection, is one of the most common ways hackers compromise a website. This term encompasses multiple techniques which have one aspect in common. The attacker passes off their code as legitimate in the server’s eyes, using a data submission method typically reserved for regular users.

Continue reading “How To Protect Your Website From Remote Code Execution”

How to Configure Windows Remote Desktop Users Group

Reading Time: 4 minutes

The most common way to remotely manage a Windows server is through Remote Desktop Protocol. By default, Liquid Web’s Windows servers only allow the members of the administrators’ group remote desktop access. However, the Remote Desktop Users group grants its members access to securely connect to the server through RDP (Remote Desktop Protocol) as well.

This article will go over the basics of the Remote Desktop Users group. By the end, you will be able to add users to the group, understand permissions, and basic user management.

Continue reading “How to Configure Windows Remote Desktop Users Group”

How to Install and Configure OpenSSH on Windows Server 2019

Reading Time: 6 minutes

What is OpenSSH?

OpenSSH logo

OpenSSH is an open-source utility developed by The OpenBSD Project. SSH stands for “Secure SHell.” This service encrypts traffic on both ends, eliminating security risks from hackers or eavesdroppers. It can be used for remote operations like file transfers and offers key-based passwordless authentication. In this tutorial, we will demonstrate how to harness the power of SSH’s on your Windows server to send basic remote commands and transfer files using password authentication.

Continue reading “How to Install and Configure OpenSSH on Windows Server 2019”

Grant Permissions to a MySQL User on Linux via Command Line

Reading Time: 2 minutes

Preflight Check

  • These instructions are intended for granting a MySQL user permissions on Linux via the command line
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.
Continue reading “Grant Permissions to a MySQL User on Linux via Command Line”

How to Set Up and Manage Sudo Permissions

Reading Time: 7 minutes

What Is Sudo?

sudo-sudoers

credit to: XKCD

Sudo is a Linux program meant to allow a user to use root privileges for a limited timeframe to users and log root activity.  The basic thought is to give as few privileges as possible to a user while allowing  the user to accomplish a task. The term “Sudo” means substitute user, and do. It is a program used for managing of user permission based on a system configuration file. It allows users to run programs with the privileges of another user, by default, the superuser. The program is supplied for most UNIX and Linux-based operating systems.

Continue reading “How to Set Up and Manage Sudo Permissions”

How To Add a User and Grant Root Privileges on Ubuntu 18.04

Reading Time: 2 minutes

Adding a user and granting that user root privileges is one of the many tasks of a system admin.  Once a user has been added and granted root privileges they’ll be able to login to your Ubuntu VPS and perform vital functions for the upkeep of the system. Afterward, they’ll be able to use sudo before commands to perform elevated tasks.  In this quick tutorial, we’ll show you how to add a new user and grant root permissions.

Continue reading “How To Add a User and Grant Root Privileges on Ubuntu 18.04”

What Is Umask and How to Use it Effectively

Reading Time: 5 minutes

What is Umask?

Umask, or the user file-creation mode, is a Linux command that is used to assign the default file permission sets for newly created folders and files. The term mask references the grouping of the permission bits, each of which defines how its corresponding permission is set for newly created files. The bits in the mask may be changed by invoking the umask command.

When using the term Umask, we are referring to one of the following two meanings:

  • The user file creation mode mask that is used to configure the default permissions for newly created files and directories
  • The command “umask” which is used to set the umask value

As you probably already know, all Unix-based operating systems have a set of properties that are used to define who is allowed to read, write, or execute specific files or directories. There are three categories called “permissions classes” to which these permissions apply, and they are noted as follows.

fig_permissions_chmod-command
  • User: The User, by default, is the owner or creator of a file or folder. The ownership of the new file defaults to this user.
  • Group: A Group is a set of users that share the same access level or permissions to a file or folder.
  • Other: The Other group is defined as any user not included in the previous two categories. These users have not created a file or folder, nor do they belong to a specific usergroup. This group includes everyone not identified as a user or as being part of an usergroup. When we set the permission level of a file or folder to Other, it gives permissions level access to anyone that accesses the file or folder.

So, what happens when a user creates new files and directories? The system automatically assigns the following permissions a file if using the touch command.

[root@host ~]# touch test.txt
[root@host ~]# stat test.txt
  File: test.txt
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd03h/64771d Inode: 654750 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2020-04-21 12:53:25.612051178 -0400
Modify: 2020-04-21 12:53:25.612051178 -0400
Change: 2020-04-21 12:53:25.612051178 -0400
 Birth: -

If we create a directory, it assigns the following permission set to it, 

[root@host ~]# mkdir test
[root@host ~]# stat test
  File: test
  Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: fd03h/64771d Inode: 654751 Links: 2
Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2020-04-21 12:54:25.172601585 -0400
Modify: 2020-04-21 12:54:25.172601585 -0400
Change: 2020-04-21 12:54:25.172601585 -0400
 Birth: -
[root@host ~]#

The Umask Command Syntax

The complete manpage entry for umask is as follows.

umask [-p] [-S] [mode]
The user file-creation mask is set to mode.  

If mode begins with a digit, it is interpreted as an octal number; otherwise it is interpreted as a symbolic mode mask similar to that accepted by  chmod(1). If mode is omitted, the current value of the mask is printed.  

The -S option causes the mask to be printed in symbolic form; the default output is an octal number. 

If the -p option is supplied, and mode is omitted, the output is in a form that may be reused as input. The return status is 0 if the mode was successfully changed or if no mode argument was supplied, and false otherwise.

To view the current umask value, we use the umask command. Running the umask command by itself provide the default permissions that are assigned when a file or folder is created.

[root@host ~]# umask
0022
[root@host ~]#

To change these values, we will use the following command.

[root@host ~]# umask ###
[root@host ~]# umask 022

The ### symbols in the first command are used in lieu of an actual octal number.

Below, we can see the translated values of the octal and how they are related.

Number Permission
4 read
2 write
1 execute
  Read     Write   Execute Total Value Symbolic Equivalent:
0 0 0 0  
0 0 1 1 x
0 2 0 2 w
0 2 1 3 wx
4 0 0 4 r
4 0 1 5 rx
4 2 0 6 rw
4 2 1 7 rwx

So, when we run a ls command, the octal or symbolic permissions values are shown at the beginning of the output.

[root@host ~]# ls
drwxr-xr-x 2 root root 4096 Apr 21 12:54 test/
-rw-r--r-- 1 root root    0 Apr 21 12:53 test.txt
permission structure

The permissions set for the test directory is 755 or ‘rwx’ ‘r-x’ ‘r-x’.
The permissions set for the test.txt file is 644 or ‘rw -‘ ‘r – -‘ ‘r – -‘.
A dash signifies a 0 value.

Symbolic Headings

--- no permission
--x execute
-w- write
-wx write and execute
r-- read
r-x read and execute
rw- read and write
rwx read, write and execute

Numeric Headings

0 --- no permission
1 --x execute
2 -w- write
3 -wx write and execute
4 r-- read
5 r-x read and execute
6 rw- read and write
7 rwx read, write and execute

How Umask Works

The umask command masks permission levels by qualifying them with a certain value. To explain further how the umask value is applied, we will illustrate with an example. Let’s say that we want to set the default permissions for all new files or folders to 644 and 755. We would then use the following command.

[root@host ~]# umask 022

The number “2” permission (write permission) will be “filtered” from the system’s default permissions of 666 and 777 (hence the name “mask.”) From now on, the system will now assign the default permissions of 644 and 755 on new files and directories. Simply put, to calculate the permission bits for a new file or directory, we just subtract the umask value from the default value, like so.

  • 666 – 022 = 644
  • 777 – 022 = 755

Octal value : Permission

  • 0 : read, write and execute
  • 1 : read and write
  • 2 : read and execute
  • 3 : read only
  • 4 : write and execute
  • 5 : write only
  • 6 : execute only
  • 7 : no permissions

We can use above information to calculate our file permissions. For example, if our umask is set to 077, the permission can be calculated as follows:

Bit Targeted at File permission
0 Owner read, write and execute
7 Group No permissions
7 World No permissions

0 : read, write and execute
7 : no permissions
7 : no permissions

A umask of 000 will make newly created directories readable, writable and executable by everyone (the permissions will be 777). 

Umask Configuration Location

In most Linux distributions, the umask value can be found and configured in the following locations:

  • /etc/profile – this is where system-wide default variables are stored
  • /etc/bash.bashrc – this is where default shell configuration files are stored

Umask Symbols

As noted in the umask man page above, we can use specific symbols to specify permission values we want to set. To preview the currently set umask value in symbols, we use the following command:

umask -S

To change it, we can use the command in which the letters “u,” “g,” and “o” represent the user, group, and other or world, as shown below.

umask u=$, g=$, o=$

When settings permissions this way, we supplement each “$” placeholder with the desired permission symbol(s). The equal “=” sign is not the only operator at our disposal when setting umask with symbolic values. We can use plus “+” and minus “” operators as well.

  • The = symbol allows permissions to be enabled, prohibiting unspecified permissions
  • The + symbol allows permissions to be enabled, ignoring unspecified permissions
  • The – symbol prohibits permissions from being enabled, ignoring unspecified permissions
Note:
Using spaces after commas won’t work, and bash will display the “invalid symbolic mode operator” error message.

There’s an additional symbol that can be used when we want to set the same permission for all permissions classes at once (user, group, and other), and that is:

umask a=

Conclusion

Now that we better understand the function of the user file mode creation mask, we can put it to good use. Not only does it save us precious time and improve security, but it also provides us with better permission management capabilities.

Get Started Today!

Still have questions about how to utilize umask? Give us a call at 800.580.4985, or open a chat or ticket with us to speak with one of our knowledgeable Solutions Team or an experienced Hosting Advisors today!

How to Install and Configure Samba on Ubuntu 18

Reading Time: 9 minutes

What is Samba?

Samba is an open-source software package that is released under a GPL (General Public License). It allows us to access a shared network drive and printers across various operating systems using the SMB/CIFS protocol. Samba has both client and server components. Samba uses the SMB protocol, which is necessary when accessing assets on a file server from a Microsoft computer. Samba can also work as a domain controller that is compatible with Microsoft Active Directory. 

Continue reading “How to Install and Configure Samba on Ubuntu 18”

How to Install Wireguard on Ubuntu 18

Reading Time: 9 minutes

A Fast, Modern and Secure VPN Tunnel

Objective

In this tutorial we will learn what Wireguard is, what it is used for, how to install and configure it, and lastly, how to use it to it wisely. 

What is Wireguard? 

Wireguard is an open-source, dependable, advanced, VPN tunneling software you can install and use right now to create a secure, point-to-point connection to a server.

Continue reading “How to Install Wireguard on Ubuntu 18”

How Do I Set Up Setuid, Setgid, and Sticky Bits on Linux?

Reading Time: 6 minutes

What Are Linux File Permissions?

Setuid, Setgid and Sticky Bits are special types of Unix/Linux file permission sets that permit certain users to run specific programs with elevated privileges. Ultimately the permissions that are set on a file determine what users can read, write or execute the file. Linux provides more advanced file permissions that allow you to do more specific things with a file, or directory.  Typically, these file permissions are used to allow a user to do certain tasks with elevated privileges (allow them to do things they normally are not permitted to do). This is accomplished with three distinct permission settings.  They are setuid, setgid, and the sticky bit.

Continue reading “How Do I Set Up Setuid, Setgid, and Sticky Bits on Linux?”