[ FBSD ] About Sticky bit

Sticky bit (黏著位元) 使用在 Unix/Linux 的檔案管理上，是幫檔案設上一個特殊標籤，當這個標籤被打開時，只有檔案的擁有者才能刪除這個檔案(root 除外)，其它使用者就算具有 w 的權限，也只能修改檔案的內容，而不能將檔案刪除。如果一個目錄具有這個位元標籤，那麼其下所建立的檔案，也都將具有這個標籤屬性。

Examples：

FreeBSD 的 /tmp 目錄即為一個典型的 Sticky bit 標籤目錄，Other 權限的使用者就算具有 w 的權限，也只能修改檔案的內容，而不能將檔案刪除。

# ls -ld /tmp # 查看 /tmp 目錄權限的最後會顯示 t ，這表示 /tmp 為具有 Sticky bit 的目錄。
drwxrwxrwt 8 root wheel 512 2 27 03:32 /tmp

# mkdir /test ; chmod +t test # 建立一個目錄並指定 Sticky bit 標籤給它。

# ls -ld /test # 查看是否成功，目錄權限顯示多一個 t。
drwxr-xr-t 2 root wheel 512 2 27 11:11 /test

Ref.

http://en.wikipedia.org/wiki/Sticky_bit
http://www.cyberciti.biz/faq/find-all-world-writable-directories-have-stickybitsset-on/

[ FBSD ] The /var/spool/clientmqueue to fill up disk space

A long time ago, my partner turnoff sendmail(daemon) on our Unix boxes(FreeBSD) but sending email must be still working. After turning off, mails being sent got stucked in /var/spool/clientmqueue.The recently ran out of disk space on our FreeBSD system. When I invesitgated this, I found that /var/spool/clientmqueue was occupying 1.5GB of disk space (as revealed by issuing "du -h /var/spool" ).

(一) Open System MTA

# vi /etc/rc.conf # mark sendmail_enable="NONE", sendmail MTA service is only for localhost(127.0.0.1)

#sendmail_enable="NONE"

(二) Clean up Disk Space

# rm -rf /var/spool/cilentmqueue/* # can't delete file and show Argument list too long
/bin/rm: Argument list too long.

How to clean up disk space on /var/spool/clientmqueue ?

Solution 1.

# rm -rf /var/spool/cilentmqueue
# mkdir /var/spool/cilentmqueue
# chown smmsp:smmsp /var/spool/cilentmqueue

Solution 2.

# cd /var/spool/clientmqueue
# ls| xargs rm -f

[ Crypto ] One-time password / Hash chain

One-time Password / Hash Chain



Notation：
h(X)：a one-way hash fuction
S： a password of client
m：number of hash

Initial：hm(S)
The user computes α = hm(S) = h(h...h(h(S)...)) to Server.

Authentication Process：

Client->Server：α'
1) Compute α' = hm-1(S)

Server->Client：accept/reject
1) Compute α' = h(hm-1(S))
2) Verify α' and α
3) Save α'

While the user wants to be authenticated again, the Client computes α"= h(hm-2(S)) send to the Server. Identical to above steps, the Server then computes α" and compare α' determine whether this authentication is passed or not.

Ref.
http://en.wikipedia.org/wiki/One-time_password
http://en.wikipedia.org/wiki/S/KEY

[ Crypto ] Simple Authentication Procedure

The Simple Authentication Procedure.



Notation：
t：time stamp.
r：random number.
ID：identifier of Client.
PW：a password of client.
h(X)：a one-way hash function
α, α'：two secure one-way hash functions.

Authentication Process：

Client->Server：t, r, ID, α
1) Generate t
2) Generate r
3) Compute α=h(t, r, ID,PW)

Server->Client：accept/reject
1) Compute α'=h(t, r, ID,PW)
2) Verify α' and α
3) Verify t

PW has been pre-stored in Server database. If α' is equal to α authentication is passed. The time stamp can be avoided reply attack, It is record client sent time.