I l @ ve RuBoard |
Information itself will often have associated authorization definitions that indicate which users are allowed which access rights. All access to files in UNIX systems is controlled by the permissions of that file, and everything in UNIX systems is a file. There are a variety of types of files, including a regular file, which contains either text or binary data or programs; a directory, which contains information about the location of a file; a device file, which may be either a block or character device and represents a logical or physical device; a named pipe, which is used for inter-process communication; and a symbolic link, which is a file that points to another file. Some implementations may expand this list of file types to include sockets, mounted directories, or others. Discretionary Access ControlsDiscretionary access controls are those access controls that are controlled by the information owner. Discretionary access control is a method by which a user has control over the access of the files which he owns. Standard UNIX file system permissions are discretionary access controls. With standard UNIX file system permissions, every file has a list of three permissions for each of three groups of users plus three miscellaneous modes. Each of these three groups of users can have a differing set of these permissions to this file. They are user (the owner of the file), group (the users in the group to which the file belongs), and world (all other users). The owner of a file is usually the person who creates the file. However, on some systems you can change the ownership of a file with the chown command. This is disallowed on some systems because it would allow you to hide your disk utilization by giving large files to someone else while retaining access rights and the ability to remove the file. The chown command allows the owner of the file to give the file to another user by changing the owner of the file. This can also be used to give a file, and its associated costs, to another user. The owner of a file can change the file's group association by using the chgrp command. The group is the people whose group ID in the password file matches the group ID of the file. A user can temporarily change his group affiliation with the newgrp command if he is listed in the /etc/group file or belongs to a number of groups with the use of the /etc/logingroup file. The world permission bits apply to all users who are neither the file owner nor are in the group with which the file is associated. UNIX file permission bits define the access rights of read, write, and execute to the file's owner, group, and everyone else. These coarse grain access rights are the fundamental access rights on UNIX systems. There are three permissions: read, write, and execute. For a regular file, these permissions are fairly obvious. They allow the user to read the file, write to the file, and to execute the file. If the file is a directory, the meaning is a little more involved. Read permission means that you can access the information about the files in the directory, write permission means that you can change the information about the file, including renaming or deleting the file, and execute permission means that you can access and search the directory. Only the owner of a file (and the superuser) can change its permissions. The permissions are generally represented by a string of nine characters, three characters for the permissions for each of the three groups of users. The characters are "r" for read, "w" for write, and "x" for execute. For example the string " rwxr-x--- " means that the owner of the file has read, write, and execute permissions, while the people which belong to the same group as the file have read and execute permissions, and everyone else has no permissions. This is very straightforward for files. The three miscellaneous modes are set-user-ID on execute, set-group-ID on execute, and sticky bit. Originally these three modes were pertinent only to program files, that is, files that are either binary executables or shell scripts. The set-user-ID and group-ID modes change the effective user or group-ID of the program that is executing so it appears to the program that it was executed by that user or group. The sticky bit tells the program scheduler to keep the program in virtual memory because it is likely that the program will be executed again soon and it will not have to be reloaded from disk, possibly across the network, if it is still there. Some vendors have disabled the set-user-ID and set-group-ID modes for shell scripts because of the related security problems. Some vendors have extended these modes to represent other behaviors when applied to other files. One common extension is that if the sticky bit is set on a directory, then only the owner of files in that directory can delete them. The built-in shell command umask is used to set the shell's default file creation permission mask. When a file is created, each bit in the file mode creation mask that is set causes the corresponding permission bit in the file mode to be cleared. This means that any file created will have the permissions bits set that are not set in the umask mask. This mask can be set by the user and it remains active until the user changes it or the user's session is over. Each invocation of a shell will have an independent mask that can be reset by the user. Generally there is a system mask that is set in one of the start-up scripts. This mask is the default unless a user either has invoked the command directly or has it in his personal start-up script. It is advisable to set the global mask value to as strict a value as possible. A value of 037 will allow the owner to read and write the file while the group will have read permissions and all world will have no permissions. The actual value you set should be dependent on your data security policy. The chmod command allows the owner of a file to set the file's permissions, which can be done with either a symbolic or numeric syntax.
|
I l @ ve RuBoard |