Free Essay

Unix Protection Scheme

In:

Submitted By chadirish
Words 722
Pages 3
UNIX Protection Scheme
The UNIX filing system is a hierarchical structure that supports directories and a sub-directories. It uses simple commands making it easy to create and navigate within this structure. With this type of file system you can control which users have access to your files and directories, and also determines what access modes are granted. Let’s consider a system that supports 5,000 users, and only 4,990 of those users are able to access one file. I will break down the process and show you the protection scheme that would be needed in UNIX.
UNIX has three access modes read, write, and execute. The way the UNIX is set up with these access modes the user must have read access to read the file. They must have write access to modify any data within the file. Lastly you must have execute access to run the file. Every one of these access modes run separately, so just because you have the ability to write the file does not mean you have the access to be able to read the file. There is a slight difference in access modes when it comes to directories. Stallings says, “Directories are structures in a hierarchical tree. Each directory can contain files and or other directories. You have to have execute access to be able to do anything inside of a directory.” (pg. 556) If the user does not have execute power then it is simple they cannot do or have any access to anything within it. The user must have read access to list the contents of a directory. If do not have read access to a directory, but you have execute power you can still have access to an object in a directory if you know the name of it. Having write and execute access give you the ability to create and modify the object.
There are three access categories that will help give access to those we want to access certain objects. A way to control which users have which access rights, each object is given an owner and a group. An object only has one owner the one who created it. Only the super-user can change the ownership of the other objects. A group is a named collection of users. The system admin is responsible for making groups and giving assignments of its users. The object has only one group but the user can belong to multiple groups. When the user tries to access a file the system automatically places you in one of the three categories user, group, or other.an object carries three sets of access modes, one for each of the three categories. If you own the object then the user access modes controls the access rights. If you are a member of the objects group and you are not the owner, then the group access modes controls your access rights. If you do not own the object and are not a member of the group then the other access modes control your access rights. Only one category will apply to you. If you try to access an object in a mode that is not instructed for your category the system will not allow you to have access and will not try anything of the other categories. This gives a way users to have access to certain files in different ways and not allowing loop holes to find another way in.
Now that we know and understand the access modes and categories it will allow us to set up the protection scheme to have 5,000 users and only giving 4,990 of the user’s access to one file. When the super-user makes a new object, it has to be assigned a group. It then makes the group of 5,000, but we do not want to give all 5,000 of them rights to the file. The super-user then gives access modes to the 4,990 of them that they want to be able to access the file. UNIX filling system being a hierarchical structure tree makes it easy to set up protection schemes to make its guidelines of access points.

References
Stallings, W. (2015). Operating Systems: Internals and Design Principles (8th ed.). Retrieved from The University of Phoenix eBook Collection database.

Similar Documents

Free Essay

Pos 355

...UNIX Protection Scheme Cedric Lee POS/355 Scott Stewart March 25, 2013 UNIX Protection Scheme There is an operation system that supports 5,000 users, and the company only wants to allow 4,990 users permission to access one file. In order to have a protection scheme in UNIX, a number of operations need to be performed first in order for this to work. UNIX file management hierarchy is very essential to know in order to understand and devise a plan that will allow this protection scheme to protect the files. Without knowledge of the hierarchy of the file management system within the UNIX operating system, there is no way that the 4,990 will have access to only one file. A file access control scheme will be the design of UNIX operating system. Therefore, user ids and passwords are needed in order to gain access to the system. All users of the UNIX operating system will each be given a user id and a user password. These user ids and passwords will be kept by the assigned users only. The protection of these ids and passwords depend on how well the user protects them. Encryptions and decryptions can also be used when the users are attempting to login. The administrator can put each user into different groups that allow access or deny access to certain files within the operating system. By doing this, there can be control on who can access what file due to the permission given to them by the administrator. The administrator is referred to as the super user because...

Words: 385 - Pages: 2

Free Essay

Unix File Access

...Unix File Access The Outlandish Shirt Printers is a solid company that has an organizational system that supports 5000 users. The company has a file that 10 of the users do not need to have access to. There are two ways to specify the protections scheme in Unix to ensure that 4,990 users have access to this file. This goal can be achieved by setting up access control list and groups. Outlandish Shirt Printers is also looking for a suggestion for another more effective protective scheme than the one provided by Unix. Access Control Lists and Groups The first protection scheme in Unix to allow 4,990 of the companies users access to this file is to set up an access control list. Access Control Lists allow more control over file permissions than the general Unix file permissions. Access Control Lists enable higher file security by defining file permissions for specific users, groups, owner, and owner’s group. ACL’s also give the ability to set default permissions for all of the categories. The protection provided by Unix only allows read, write, and execute permission for ower, group, or other system users (Softpanorama, 2013). To ensure that the 10 not given permissions to access file the company will create an access control list with the names of the 4,990 users that do have access to the file. Another way to establish that 4,990 users have access to the file is to set up a group. Gilman (2013) “The concept of groups in Unix is related to the permissions placed upon...

Words: 592 - Pages: 3

Free Essay

Unix

...Protection Scheme with Unix Adam Macon POS/355 8-10-13 Mr. Groves When considering a protection scheme that will protect up to 5,000 users the best choice would be Unix. Unix is an operating system developed in the 70’s in AT&T Bell Laboratories. The unique thing about Unix is that it is written in C, which gives it the ability to be portable and able to be integrated with other Unix machines. Program written on one Unix machine can be easily adapted to other Unix machines (C is particularly well-integrated with the operating system itself) (David 2013). We will discuss exactly what the protection scheme is with Unix and how 4900 users can be one file. Unix system has the ability to serve many users and these users can be organized in groups. A Unix file can distribute ownership to three different classes of users, which are user, group, and other. User is the directory owner, which is the person who created the file, group is the members of the group, and others are the users who aren’t members of the group and are not the file owner. There are three permissions for User, Group, and Others, which are Read, Write, and Execute. A user with Read permission can look at contents of that particular file, a user with Write permission can change contents in that file, and a user with Execute permission can use that particular file as a Unisex system command. Permissions only an be changed by the chmod command. To be able to achieve having 4,990 users on one file you can...

Words: 287 - Pages: 2

Free Essay

File Management Protection Scheme

...File Management Protection scheme File Management Protection scheme When considering a system that supports 5,000 users, wanting to allow 4,990 of those users to be able to access one file can be accomplished in many different ways. This paper will discuss two different options on how to complete this task. One of the ways that this task could be completed is to create an access control list with the name of all 4990 users. The second option will be to put the 4,990 user in one group and set the group access accordingly. The last topic this paper will discuss will be to suggest another protection scheme that can be used more effectively for this purpose than the scheme provided by UNIX. There are two types of Access Control Lists (ACLs), ACLs and default ACLs. An access ACL is access control list for a specific file or directory. A default ACL can only be associated with a directory; if a file within the directory does not have an access ACL; it uses the rule of the default ACL for the directory. ACLs can be configured in several different ways, per the user, per group, via the effective rights mask, and for users not in the user group for the file. Access control list can provide a greater control over file permissions when traditional UNIX file permissions are not enough. UNIX file protection provides read, write, and execute permissions for three user classes: owners, groups and other. An ACL provides better file security by enabling you to define file permissions...

Words: 410 - Pages: 2

Premium Essay

File Management

...discuss how I would specify a protection scheme in UNIX® for 4990 users out of 5000 to access one file I think we need to first discuss what file management is in UNIX® and how security is implemented for this type of request. File management is a lot like file management in the DOS days of computers operating systems. Even with the early days of Windows up to Windows 3.11 file management and security were perfumed much the same way UNIX® still does it. Why? Because it works. In DOS and still in the most current version of Windows, Windows 8.1, security to files and directories is performed the same way. You have an attributed command with switches for specific action: R- Read Only, A- Archive, S- System Files, H- Hidden Using the + and – symbols before each instructs the system whether to add or remove the attribute. Example: Attrib –R Text.doc. This command will allow the file text.doc to be editable. Where in DOS and Windows upper and lowercase mean the same thing. I file called. TEXT.DOC is the same as a file named text.doc. Not so in UNIX®. A file with uppercase, DOCUMENT.TXT, or lowercase, document.txt, are two totally different files. UNIX® already provides a way for a system administrator to grant access to files and directories for other users. There are three classes of users who may have access to files and directories. They are: User (u) – the owner or creator of the file Group (g) – In UNIX® all users are assigned to...

Words: 754 - Pages: 4

Free Essay

File Management

...File Management UNIX systems are based on the access control of files scheme which was introduced in the very early versions of UNIX. The way this works is that each UNIX user has an assigned unique user identification number which also puts this user ID into a primary group as well as other groups if the user ID needs it. These groups are identified, like the user’s ID, with a group ID. When a user creates a file, it is designated as owned solely by that user and marked with that user’s ID. This file can also be associated with a group with a unique group ID. This file is protected by a set of 12 protection bits. These bits along with the group and owner ID are part of the file’s index node or inode. This inode is a data structure that houses all the information about a file system object except the data content and name. Nine of these protection bits specify execute, write and read permissions for the owner of the file, the other members of the group and all other users. The remaining three outline special behavior for files and directories. A particular user ID is the superuser. This superuser ID is freed from the normal file access control constraints and also has system wide access. Whenever a file or program is set as owned by the superuser, the superuser potentially has unrestricted access to the system and to the users that are using the program. This scheme is acceptable when file access requirements are the same with users and a large number of groups of...

Words: 550 - Pages: 3

Free Essay

File Management

...File Management In a computer systems protection is needed for data to keep it from unauthorized access. Protection can be accomplished in many ways. For a small single user system, we might provide protection by physically removing the floppy disks and locking them in a desk drawer or file cabinet. In a multiuser system, however, other mechanisms are needed. Utilizing controlled access to limit the type of access to files is one such protection mechanism. Some of the types of controlled access are read, write, list, execute, append, delete, renaming, copying and editing. Protection mechanisms may differ depending on the type of computer system and the environment it is used in. The protection required for a library may need to be less restrictive than a system supporting a health clinic. Access control list (ACL) is a general scheme of associating specific usernames and access types for each user to files and directories. Of major concern with ACL is their length. If you allow four hundred users to read a file, you must list each user. Drawback of creating ACL is the time and effort needed to build it and the variable size of the directory entries. To counter these issues condensed version of the list using three classifications of users is recognized by many systems to associate to each file. The three classifications of users are: * Owner: The user who created the file is the owner * Group: A set of users who are sharing the file and need similar access is a group...

Words: 663 - Pages: 3

Premium Essay

File Management

...File Management: File Access in UNIX POS/355 July 7, 2014 File Management: File Access in UNIX The Problem Company X is an organization that utilizes a UNIX operating system supporting approximately 5,000 users. Recently, the IT Department has received a request from the CEO of the company; 4,990 out of its 5,000 users on the network need to be able to access one file. How would the IT Department specify the protection scheme in UNIX where the other ten users would not be able to gain access to that one file? Traditional UNIX File Access Control According to Stallings (2012), “Most UNIX systems depend on, or at least are based on, the file access control scheme introduced with the early versions of UNIX.” Because the 4,990 users only need access to one file versus many different files, the traditional file access control UNIX provides is sufficient. The premise of UNIX file access control is based on file permissions that can assign ownership to three categories of users. The first is the user, who is the file or directory owner, usually the user who created the file. The owner of a file assigns the permissions to the file, such as the right to read the file, to write to the file (make changes to it), or, to execute the file if the file is a command (Oracle, 2012). The second category is a group. A group is “members of a group of users” (Oracle, 2012). In this case the owner of the file would create a group, assign the permissions to the group, and then add...

Words: 727 - Pages: 3

Free Essay

File Management

...restriction (Stallings, 2012). The only user with full access rights and the power to grant rights to others is the owner of the file created. There are also three classes of users provided said access by the owner. One- third of the class is a specific user, which are individual users who are assigned by a user id. User groups is the another class with a set of users that are not defined individually. The final class is granted to all users because the files are unrestricted (Stallings, 2012). In a system that supports 5,000 users whereas 4,990 of those users are to be allowed access to a particular file, those users can be grouped up with their own specific access that has been set by administrative access. Most UNIX systems depend on file access control scheme with each user assigned unique user identification number or user ID. Since the access...

Words: 793 - Pages: 4

Free Essay

Pos355 Week 2 File Management Paper

...Week 2 File Management Paper POS/355 Joey Turner JR Professor Alicia Pearlman Most UNIX systems that you will come across are usually based on the control scheme of file access associate with early versions of the UNIX system. In UNIX, every individual user is assigned their own unique user ID that they may use to access files saved in memory. Users are identified by being a part of a private group or various groups which can be identified then by their group ID. When a file is created in LINUS it is identified as being owned by a particular user and marked with the user that created the file’s user id. The file also belongs to whatever group the user is associated with as well or else the group of its parent directory but only if that parent directory has SetGID permission configured. SetGID (SetGIUD) are access rights flags that allow users to run executable (.exe) files with the permission of user ids or group id. Protection bits in sets of twelve are associated with each file as well. The owner ID, group ID, and protection bits are part of the file’s index node-which are a data-structure used to represent a file-system object which can be a file or file directory. There are 9 of the 12 protection bits that are advocated to the user and group ids owners of the files which control reading, writing, and execute permissions. These nine protection bits then form a system of hierarchy of user id, group id, and all others. The hierarchy is also coupled with the...

Words: 884 - Pages: 4

Free Essay

Unix Access

...Unix Access Heather Flores POS355 Sept 8, 2014 Alicia Pearlman Unix Access In the Unix system it is “very simple to set permissions via groups or users at the administrative level” (Finch, 2014). This allows the system administrator the ability to control access to files, folders even whole directories based on the needs of the company and the appropriate tier of access for the user. Given the scenario presented: “a system that supports 5,000 users. Suppose that you want to allow 4,990 of those users to be able to access one file. Suggest another protection scheme that can be used more effectively for this purpose than the scheme provided by UNIX®?” There are a couple of options available to the system administrator. The first option is to allow access to all users and then create a group of the users that do not need access and deny them access to the directory that contains the file. For this, though, the best practice in Windows is always to create permissions at a directory and group level. “When you start putting permissions on individual files and giving permission to individual users things can get dicey in a large environment”. (Finch, 2014) Another option, depending on where those users are located in your environment is that it might be easier to deny access to that file on the network level by making it so they can not even see the directory the file is in. There are a couple of different ways to accomplish that. Denying access at the network level...

Words: 338 - Pages: 2

Free Essay

File Management

...access to the group and file. This way all those in the group are granted access to the file and there is not a chance of an unauthorized user gaining access. The file is linked to the specific group and only those in the group are allowed to access it. The paper will also look at another way to protect the system. It will identify a protection scheme that can be used efficiently than what is provided by the UNIX. First look at the Access Control Lists, which there are two different types, ACLs and default ACLs. With an access ACL it is a list for a specific file or directory. A default ACL can only be associated with directory. With a file that is in the directory and does not have a access ACL it will use the rule of a default ACL for the directory. There are several ways that an ACL can be configured, per group, per user, via the effective rights mask, and for any users not in a group for the file. When it comes to file permission the Access Control List will provide a greater control over the file than that of the UNIX file permission that may not be enough. With the three user classes, owner, groups, and others; the UNIX file protection...

Words: 558 - Pages: 3

Premium Essay

File Access

...company has 5000 employees who have access to the computer system and there is a need to restrict 10 users from accessing a specific file, there is a need to establish protocols to prevent access. How this is done differs in each operating system. In Unix there are ways to set parameters for the 4990 users to access a single file. These are set within the types of files. They are called regular, directory, special, named pipes, links and symbolic links. Unix operating systems operate these files and routes them into a uniformed system that operates in the background supporting files and giving disk space as needed for files. This is done by using inode (Index node) which controls information the system needed for a specific file. Multiple files can be connected to one inode, but if active the inode will only be associated with one file and a file will be controlled by one inode. A file’s attributes, permissions, and control information are stored within the inode. In the FreeBSD inode for example has a structure that includes the type and access mode, file owner and group-access identifiers, block points and physical blocks of the file. These are used in file allocation, directories and volume structure. This scheme is part of the Unix file access control The file access control is how a user is allowed to have access to a specific file. In this instance 4990 out of 5000 are to have...

Words: 654 - Pages: 3

Free Essay

File Management

...Stephen Sylvester File Management POS:335 John Demory May 26th 2014 In this paper on file access I will be covering two different ways that a system that can support 5,000 users, specifically a protection scheme in UNIX. Please note that out of these 5,000 users, only 4,990 of those users will have access to a specific file. I will first begin with the explanation of one of the ways that a system can support 5,000 users and then move on to the second way that a system can support 5,000 users. The first way that a system can support 5,000 users is for the administrator or facilitator to set up an access control list of all 4,990 users that he or she wants to have access to the specific file. A great real world example of controlled access would be at my current place of employment at the Department of Veteran’s Affairs. Every employee within the company is assigned user roles. These user roles reflect their job position within the company. Every employee has access to our shared drive folder on our network based on the employee’s credentials and need to know privileges (based on their specific duties and user role). Based on their credentials it will grant that employee access to specific folders. I personally deal with medical records and often, at times the doctors use our network shared drive to upload patient information to be indexed into our system. The doctors must be on the access control list in order to access our shared network drive. Being that I...

Words: 654 - Pages: 3

Free Essay

Eed 430 Week 5 Assignment Integrated Unit

...a 2-page paper that explains the differences in memory management between Windows® and Linux®. Format your paper consistent with APA guidelines. UNIX/Linux Versus Mac Versus Windows Write an 8- to 10-page paper that compares and contrasts the basic system differences between UNIX®/Linux®, Mac®, and Microsoft ® Windows® operating systems. Include discussion and comparison of the following: ·  Memory management ·  Process management ·  File management ·  Security Format your paper consistent with APA guidelines. Create a 10- to 12-slide Microsoft® PowerPoint® presentation based on the paper. Discussion Question Main Memory Should DMA access to main memory be given higher priority than processor access to main memory? What is the purpose and technique of DMA logic? Note: Be prepared to discuss in class.  Do not submit a written response. POS 355 Week 2 Individual Assignment File Management Paper For this assignment, you will choose one of the following options: ·  Option 1, File Access: Write a 2-page paper that discusses the following: Consider a system that supports 5,000 users. Suppose you want to allow 4,990 of those users to be able to access one file. How would you specify this protection scheme in UNIX®? ·  Option 2, Protection Scheme: Write a 2-page paper that discusses the following: Consider a system that...

Words: 355 - Pages: 2