UNIX systems are based on the access control of files scheme which was introduced in the very early versions of UNIX. The way this works is that each UNIX user has an assigned unique user identification number which also puts this user ID into a primary group as well as other groups if the user ID needs it. These groups are identified, like the user’s ID, with a group ID. When a user creates a file, it is designated as owned solely by that user and marked with that user’s ID. This file can also be associated with a group with a unique group ID. This file is protected by a set of 12 protection bits. These bits along with the group and owner ID are part of the file’s index node or inode. This inode is a data structure that ...view middle of the document...
Whenever a file or program is set as owned by the superuser, the superuser potentially has unrestricted access to the system and to the users that are using the program.
This scheme is acceptable when file access requirements are the same with users and a large number of groups of users. In the example or the assignment where a company has 5,000 employees and the company wants to give access to a file to 4,990 employees, there would need to be at least two user groups. User group A would have access to this file while user group B would not have access to this file. This way the company would just have to add each user to the group instead of going in and granting access to each user. Now, if the company wanted to give access to another file to some of user group A, there would need to be another user group and the users that need access would be in both of these groups. UNIX allows many groups and many users in each group but UNIX does put a limit on the maximum number of groups the user may belong to. These groups are protected by a simple protection domain. The domain is related to a specific user ID in which changing the domain will change the user ID temporarily.
The UNIX protection scheme has a great way of creating and protecting files that have been created. It goes a lot further by granting superuser access to the creator of the file or program and can also grant access to specific users or groups of users. These users that have access can be given rights to just read or read, write and execute the program or file. This makes the protection of the file higher and more secure from being accidently deleted, changed or moved.
Stallings, W. (2012). Operating Systems: Internals and Design Principles (7th ed.). Upper Saddle River, NJ: Prentice Hall.