Object Security and File Permissions in Operating Systems: Unix and Windows, Slides of Computer Science

An overview of object security in operating systems, focusing on file permissions in unix and windows. Topics include access control, access control lists, access matrix, unix file security, unix file permissions, changing file permissions, windows permissions, windows domains, and users and groups. The document also covers access conflicts and resolution.

Typology: Slides

2012/2013

Uploaded on 03/20/2013

dharmaketu
dharmaketu 🇮🇳

4.6

(165)

99 documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Object Security
Operating Systems 1
Object Security
COMP755 Advanced Operating
Systems
Object Permissions
Operating systems must determine if a
user has permission to perform an action
upon an object.
The objects that we are usually concerned
with are files and printers.
Access Control
The definition of access rights can be
defined for a user or an object.
Capabilities specify what a user can do.
Access Control Lists (ACL) are created
for each object and specify who can
perform what action.
Access Matrix
Row are capabilities
Columns are access control lists
list /
write
print /
manage
read /
execute
read /
write
userB
listprintread /
execute
readuserA
/dirPrt1FileYFileX
Complex Security Access
Imagine you have a file of sensitive
information. You want users to be able to
run your program to add data to the file but
you don’t want users to be able to read the
file.
Imagine you are a manager going on
leave. You want to give your assistant
certain privileges while you are gone. You
don’t want them to be able to do anything
and you want to rescind privileges on your
return.
Unix File Security
Unix files use Access Control Lists.
Each file has 9 bits defining the access
rights
user group world
RWX RWX RWX
Rights can be expressed as a three digit
octal number
Docsity.com
pf3

Partial preview of the text

Download Object Security and File Permissions in Operating Systems: Unix and Windows and more Slides Computer Science in PDF only on Docsity!

Object Security

COMP755 Advanced Operating Systems

Object Permissions

  • Operating systems must determine if a user has permission to perform an action upon an object.
  • The objects that we are usually concerned with are files and printers.

Access Control

  • The definition of access rights can be defined for a user or an object.
  • Capabilities specify what a user can do.
  • Access Control Lists (ACL) are created for each object and specify who can perform what action.

Access Matrix

  • Row are capabilities
  • Columns are access control lists

list / write

print / manage

read / execute

read / write

userB

read / print list execute

userA read

FileX FileY Prt1 /dir

Complex Security Access

  • Imagine you have a file of sensitive information. You want users to be able to run your program to add data to the file but you don’t want users to be able to read the file.
  • Imagine you are a manager going on leave. You want to give your assistant certain privileges while you are gone. You don’t want them to be able to do anything and you want to rescind privileges on your return.

Unix File Security

  • Unix files use Access Control Lists.
  • Each file has 9 bits defining the access rights user group world RWX RWX RWX
  • Rights can be expressed as a three digit octal number

Docsity.com

Unix File Permissions

  • 400 read by the user
  • 200 write by the user
  • 600 read and write by the user
  • 604 read/write by user, read by world
  • 701 user anything, world can execute
  • 751 user anything, group read/execute

world can execute

Changing File Permissions

  • chmod - Changes permission codes

chmod 604 myfile

Set the permissions for myfile so I can read and write it while everyone else can only read it.

Windows Permissions

  • Windows NT, 2000 and XP provide security for objects.
  • The NTFS file system allows access rights to be set for files and directories.

Windows Domains

  • A Microsoft Windows system can belong to a workgroup or domain.
  • Domains have a domain controller, a server that authorizes user login.
  • When you enter your userid and password on a domain, the domain controller verifies you password.
  • Users on a domain can access resources in the domain.

Windows File Permissions

  • A user can allow or deny the following actions on a file: - read - read & execute - write - modify - full control - special

Windows Printer Permissions

  • A user can allow or deny the following actions with a printer: - print – send a file to the printer - manage documents – reorder or cancel the documents to be printed. - manage printer – change printer parameters or disable the printer.

Docsity.com