When it comes to UNIX systems all user data is organized and stored in files. These files are subsequently organized into a management structure comprising of directories and sub-directories. Much like forest and organizational units when it comes to active directory, UNIX also has the directories and sub-directories organized into a tree-like structure that it calls a file system. UNIX also has three basic types of files.
When it comes to security files can be secured through UNIX file permissions as well as access control lists (ACLs). One of the most important things to keep in mind when giving permissions is to establish file and directory ownership. Traditional UNIX file permissions can assign ownership to three classes of users that are: user, group, and others. The user class is usually the file or directory owner, and that is the individual that created the file.
The owner of a file can decide who has the right to read the file, or have the ability to write the file; which means they can make changes. This is effective if you had an organization that has five thousand employees and you only wanted four thousand nine-hundred ninety people to have permission to view and/or make changes. Another ability that the owner has is to decide if the file is a command or to execute the file. Groups are where you can put a number of users together to establish permissions.
It is an effective way to manage policies for users. The others class is all other users who are not the file owner and are not members of the group. An important thing to note is that the owner of a file can usually assign or modify file permissions. Additionally the root account can change a file’s ownership to override system policy. In UNIX there are four different types of file permissions. The first permission is read and it designates which users can open and read the contents of a file only, but cannot make any changes.
The second is the write permission, and that designates which users can modify the contents of a file or even delete the file. The next file permission that can be given is the execute permission. This permission designates which users can execute the file if it is a program or shell script. Another thing it does is that those individuals with this permission can also run the program with one of the exec system calls. The denied permission designates which users cannot read, write, or execute file.
The types of file permissions apply to regular files, and to special file such as devices, sockets, and named pipes (FIFOs). A great way for any business organization to protect their files effective and to ensure that only people that have the need to access the appropriate is information is to apply the few protective measure that was discussed. You can protect the files in a directory by setting restrictive file permission on that directory.