Understanding file protection
Because
UnixWare
is a multiuser system,
you usually do not work alone in the filesystem.
System users can follow pathnames
to various directories and read and use files belonging
to one another, as long as they have permission to do so.
This chapter discusses file attributes that have security
relevance.
Protection attributes common to all file types include
-
owner--the file owner
-
group--users who are part of the group may have special access
permissions
-
discretionary access control(DAC)--these are mechanisms set by the
file owner to determine who may access the file. Two mechanisms
supported by this release are permission bits and access control
lists (ACLs).
Other file attributes with security relevance include
-
set-UID and set-GID bits--these bits, when set on an executable file,
give the user's process that is executing the file the identity of
the owner (or group) of the executable.
-
privileges--the system recognizes a distinct set of
privileges. Each privilege allows the possessor to override a
specific system restriction. Privileges are described more fully
in
``Administering privilege''
and
``Trusted facility management''.
File attributes not treated elsewhere are described in this chapter,
along with their security relevance.
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004