Explain how the UNIX permission system implements access control. Describe an extension of this system that permits finer control.
Access Control in Unix
UNIX has an implementation of access control lists for providing the features of security to its users. Every user has a right to log into the system with his/her credentials (username and password) and initiate a process which can further make system requests. Every process is assigned a unique identifying number called the process “uid”. This number can be obtained from the /etc/password file. A sample record from this file looks like below:
“uid” essentially is the user id ...view middle of the document...
There are 12 mode bits which are used to encode the privileges related to protection. Out of these 12 bits, first 9 bits are divided into 3 groups. Each group contains 3 bits describing the permissions related to user (u), group (g) and others (o). If a bit is set to “ON”, the corresponding privilege is enabled (r – read, w – write, x – execute).
Extension of Unix security system
A finer security mechanism can be enabled in Unix by setting the bits in the last remaining triplet. First two out of the remaining last 3 bits are called the “suid” (set user id) and “sgid” (set group id). Usually, one process is started and maintained by one user under one group id or to say one domain. But for higher level of programs exchanging data among different domains, more focused security is needed. When the suid of a file is set to “ON”, it does not run under the uid of the process initiating a call to it, but under the “effective uid” of the uid of the user who is the actual owner of that file. The sgid is used in a similar fashion on the group level.
1. Montecino, Virginia. Unix Permissions. Available from: <http://mason.gmu.edu/~montecin/UNIXpermiss.htm>
2. YoLinux. Managing Group Access. Available from: <http://www.yolinux.com/TUTORIALS/LinuxTutorialManagingGroups.html>
3. Dart Mouth. Understanding file permissions on Unix: a brief tutorial. Available from: <http://www.dartmouth.edu/~rc/help/faq/permissions.html>