UNIX offers a file protection system that is straightforward and simple to use. However, many people are not aware of the value of this powerful mechanism.
A secure environment is achieved not only by the operating system, but also through vigilant user and administrative practices. There are many schemes and mechanisms used in the UNIX operating system, as well as some simple tricks that are available to give the kind of file protection administrators want. For the purpose of this paper, a company with 5,000 employees, where 4,990 employees are allowed access to a specific file will be assessed.When using Unix OS, as a bare minimum, the administrator needs to understand file-level security management at its most basic form. Failing to understand this could cause major problems later on.
The key to file security on a UNIX system is to restrict file permissions as much as possible without keeping the system from doing what it needs to do, and without preventing access to a shared file. UNIX default protection needs to be enhanced to provide the proper level of protection that a company is look for in an operating system.The first front line protection involves using a unique user ID and password combination to restrict access to a system. Once a user has gained access to a system, further protection is needed to prevent unauthorized access or change to protected files.
One way this can be done is by using the Access Control Lists (ACL’s), which an administrator can give individuals or groups varying levels of privileges. ACL lists users and their authorized access rights. UNIX file permissions have three classes of users. The first is the user, which is the owner of the file or directory.They are also the creator of the file. The user is the one who can decide who has what rights, such as read or write to the file (make changes).
Next there is the group class. These members belong to a group of users. Lastly, others are users who are neither the files owner, nor members of the group. The owner of the file is the only one who can assign or modify file permissions. One primary way to ensure protection of a file for 4,990 users is for the file owner or administrator to use the sticky bit permission. The sticky bit is a way to protect files within a directory.
If a sticky bit has been set in the directory, a file can only be deleted by the file owner, directory owner, or by a privileged user. Another advantage to using sticky bit is that it prevents a user from being able to delete other users' files from a public directory such. Another method to control the access of a file to a specified group would be to use Encryption protection. Here a software tool converts a file or scrambles it in such a way that it is completely different from its original version. This newly encrypted file is a process known as encryption.If a person has the privileges to view a decrypted file, the process is reversed or decrypted.
The user will be prompted to enter a key or password for the editor to decrypt the file. The file will then automatically decrypt when it is loaded, and it will encrypt the file again when the person is finished. In conclusion, ACLs provide the most secure and reliable way of controlling what files users can and cannot view. It is a flexible tool that can provide companies with a better option of protecting their files.
It is this flexibility that gives administrators more choices when setting up a UNIX level security.References Bishop, M. (n. d. ). File Protection in UNIX.
ucdavis. edu. Retrieved May 10, 2013, from http://www. google. com/url? sa=t;rct=j;q=;esrc=s;source=web;cd=1;ved=0CC4QFjAA;url=http%3A%2F%2Fnob. cs.
ucdavis. edu%2Fbishop%2Fpapers%2F1987-decpro%2Ffilepro. ps;ei=gqORUZzGGem70gHX0oGICw;usg=AFQjCNFkWp7ekP675HOm2Y0er8g4-HKerg;bvm=bv. 46471029,d. dmQ Using UNIX Permissions to Protect Files - Oracle Solaris Administration: Security Services. (n.
d. ). Oracle Documentation. Retrieved May 10, 2013, from http://docs. oracle.
com/cd/E23824_01/html/821-1456/secfile-60. html