File Protection
Files must be kept safe for reliability ( against accidental
damage ), and protection ( against deliberate malicious
access. ) The former is usually managed with backup copies. For later
simple protection scheme is to remove all access to a file. However this makes
the file unusable, so some sort of controlled access must be arranged.
Types of Access
·
The following low-level
operations are often controlled:
o
Read - View the contents of the
file
o
Write - Change the contents of
the file.
o
Execute - Load the file onto the
CPU and follow the instructions contained therein.
o
Append - Add to the end of an
existing file.
o
Delete - Remove a file from the
system.
o
List -View the name and other
attributes of files on the system.
·
Higher-level operations, such as
copy, can generally be performed through combinations of the above.
Access Control
One approach is to have complicated Access Control Lists,
ACL, which specify exactly what access is allowed or denied for
specific users or groups.
·
The AFS uses this system for
distributed access.
·
Control is very finely
adjustable, but may be complicated, particularly when the specific users
involved are unknown.
UNIX uses a set of 9 access control bits, in three groups of three. These
correspond to R, W, and X permissions for each of the Owner, Group, and Others.
The RWX bits control the following privileges for ordinary files and
directories:
bit
|
Files
|
Directories
|
R
|
Read ( view ) file contents.
|
Read directory contents. Required to get a listing of the directory.
|
W
|
Write ( change ) file contents.
|
Change directory contents. Required to create or delete files.
|
X
|
Execute file contents as a program.
|
Access detailed directory information. Required to get a long listing,
or to access any specific file in the directory. Note that if a user has X
but not R permissions on a directory, they can still access specific files,
but only if they already know the name of the file they are trying to access.
|
No comments:
Post a Comment