The task of implementing a protection scheme that will provide controlled access to specific files in a system is not only an important but also a necessary task to ensure that the integrity as well as the availability of that file is maintained throughout. This paper is designed to put into perspective a protection scheme to facilitate the scenario where a system has 5000 user and 4990 of those users will need to have access to a particular file within the system. It will also provide clarity on Access control list (ACL’s) their roles as well as the different flavors available. It will also try to prove that proper implementation and utilizations of groups within a security scheme provides not only organization and structure but also control over massive amounts of users in a central location. It will also show that alternate file protection scheme AFS ACL Permissions if implemented correctly can outweigh the traditional permission settings provided by UNIX. Access Control Lists (ACLs)
One way to accomplish this task would be to create an access control list and assigning users to one of two groups. An access control list (ACL) is used to list permissions attached to a directory and the object within that directory. An ACL outlines which users, groups or system processes are allowed access to an objects and what operations are allowed on those objects and in what circumstances. With an ACL there are a list on seven permissions that can be set on an object, (lookup, insert, delete, administer, read, write, lock) versus the three available on UNIX (read, write and execute). There are two main types of Access Control Lists; access ACLs and default ACLs. The access ACL are file or directory specific whereas the default ACL is associated only with directories. If an access ACL is not active on a file within a directory the file conforms to the rule assigned by the default ACL for that directory. Configuration of access control list can be can be...
Please join StudyMode to read the full document