Data Management

File Management

Anthony Staler

POS/355

February 24, 2014

Alicia Pearlman

*

Introduction

Thus the scenario begins; there is a new system that is currently supporting 5,000 users. The system is new and is ever changing at this point. Many of the files available are not finalized and outside of the creator, who has super user authority, 4,990 users are able to access only one file. The question: how would you specify this protection scheme in UNIX?

The basics

Most UNIX systems are based on the traditional file access system, and most depend upon it. Each user is fitted with a unique user identification number (User ID) which then also places them in a primary user group and possibly other groups as well, each identified with its own group ID. When a file is created, it is designated as owned by a particular user, thus marked with that user’s ID. The file also belongs to the creator’s primary group. In addition, each file has a series of 12 protection bits. The owner ID, group ID, and protection bits are all part of the file’s i-node. (stores the attributes and the disk block locations of the filesystems object data)

The first three protection bits are read, write and executable for the owners of the file, the other members of the group that that user belongs to, and all other users. Read and annotated with an “r”, write is annotated with a “w” and executable is annotated with an “x”. Read and write access grants the user the right to list, create, rename and delete files in the directory. Executable access gives the user the right to search the directory for a particular component of the file name. Generally, when the owner has read and write access, the group class has read only privileges, while all others have no access.

The remaining three protection bits are for the special additional behavior of the files and directories. Two of these bits are the set user ID (SetUID) and the set group ID (SetGID). This is more like an...