POS355 Week 2 File Management
File Management
A system that supports 5000 users would use Access Control Lists (ACLs) to manage the file system in Unix, which would be adequate, but an alternative protection scheme may be more efficient for the system to allow access to all but 10 users. Traditional Unix systems use file access control to prevent unauthorized access to certain files and file directories. This type of protection works well for systems supporting small numbers of users and groups. For larger numbers of users and groups, access control lists are more effective.
Unix File Management
Traditional Access Control. Under the traditional Unix system, each user is identified by a user ID, which is a unique identification number assigned to each user. Along with user IDs, users are also designated to groups. Each group is then identified using a group ID. As files are created, they are designated “owned” by a particular user and a particular group. The group is normally the primary group of the files creator, but can be the group’s parent directory if the directory has the SetGID permission enable.
Each file is assigned a set of 12 protection bits. Nine of the protection bits assigned to a file are used to specify read, write, and execute permission for the owner, members of the group, and all other users. The other three bits are used to specify the file’s other behaviors. Two of the remaining bits are the SetUID and SetGID, and the final bit is known as the “Sticky” bit. The Sticky bit is no longer used, but was used to tell the system to keep a file in many after it is executed.
Unix also utilizes the “superuser” ID. Superuser is used to identify user that have access to all files. These users are exempt to all access control permissions. This means that they are allowed to read, write, execute, remove, and create files. This designation should not be granted to just any user, as it grants unrestricted system wide access.
Access Control Lists. For larger
A system that supports 5000 users would use Access Control Lists (ACLs) to manage the file system in Unix, which would be adequate, but an alternative protection scheme may be more efficient for the system to allow access to all but 10 users. Traditional Unix systems use file access control to prevent unauthorized access to certain files and file directories. This type of protection works well for systems supporting small numbers of users and groups. For larger numbers of users and groups, access control lists are more effective.
Unix File Management
Traditional Access Control. Under the traditional Unix system, each user is identified by a user ID, which is a unique identification number assigned to each user. Along with user IDs, users are also designated to groups. Each group is then identified using a group ID. As files are created, they are designated “owned” by a particular user and a particular group. The group is normally the primary group of the files creator, but can be the group’s parent directory if the directory has the SetGID permission enable.
Each file is assigned a set of 12 protection bits. Nine of the protection bits assigned to a file are used to specify read, write, and execute permission for the owner, members of the group, and all other users. The other three bits are used to specify the file’s other behaviors. Two of the remaining bits are the SetUID and SetGID, and the final bit is known as the “Sticky” bit. The Sticky bit is no longer used, but was used to tell the system to keep a file in many after it is executed.
Unix also utilizes the “superuser” ID. Superuser is used to identify user that have access to all files. These users are exempt to all access control permissions. This means that they are allowed to read, write, execute, remove, and create files. This designation should not be granted to just any user, as it grants unrestricted system wide access.
Access Control Lists. For larger
References: Stallings, W. (2012). Operating Systems Internals and Design Principles (7th ed.). Retrieved from The University of Phoenix eBook Collection.