Notes - Computer Security MT24, Access control in UNIX
Flashcards
@Describe how access control works in UNIX.
- Each object is associated with a user, a group and an “other”
- Each object has nine permission flags:
- Read (
r
), write (w
), execute (x
), (ors
instead ofx
) - For each user, group and other.
- Read (
- Each object belongs to one UID and one GID.
- When a process requests access:
- If its UID matches the object’s UID, the user permissions are used
- If its GID matches the object’s GID, the group permissions are used
- Otherwise, the other permissions are used
Explain the permissions on a file where ls -l
shows
drwxrws---
.
ls -l
showsdrwxrws---
-
d
means that the file is a directory -
rwx
means that the owner has read, write and execute permissions (executing a folder means you can navigate into it) -
rws
means that the group owning the file can read, write and execute. Thes
instead of anx
means that any user (allowed) to execute it will have their GID set to the owning group. -
---
means that all other users cannot read, write or execute.