UNIX Protection Schemes

In a system that supports five thousand users, and where only 4,990 of the users need access to a single file, UNIX can be used to design a process by which the ten remaining individuals are not allowed access to the file. This type of security metric is achieved through the use of an access control list of the systems users, which are lists of users in UNIX that determine access permission settings to specific files, file types, and predetermined file listings. Specifically, access control lists enable the information technology manager the ability to assign permission groups and tags to the entire population of the database, and otherwise form an effective system through which control can be designated for specific groups.

In UNIX, groups are seen as permission and tag labels that allows the system to determine whether or not a particular user is allowed access to a specific file. UNIX groups enable the system manager to access and share files between users assigned to that specific group and it achieves this via membership in a specific group. All users are, once inputted and parsed into the UNIX system, organized and sorted into different groups that are directly linked to their respective level of file access. Thus, group access determines whether or not a particular user will be able to access the specific file in question.

Each user is given a primary, or dominant, user group tag and assignment. However, a user can also receive a subgroup, or secondary group, that will enable the user to obtain the permission mask for files involved in other groups and security priorities. Once assigned to a primary group permission mask, this new default group becomes the basis for access to files on the system.

In a UNIX protection scheme designed to allow access to 4,990 out of 5,000 users, both access control lists and group labels can be used to determine proper access to specific files in accordance with the pre-determined security policies. Once all the users involved have been assigned to a primary group, and where the remaining ten users who do not need access have been assigned to an additional group, UNIX permissions modes must be enabled and set up per UNIX system guidelines. On the file end of the UNIX protection scheme, each file receives both a username and group name. This means that each file has been given a designated owner, in the form of a specific user, and each file also has a given group that controls both the file and the directory in which it belongs. A directory, moreover, is simply a “collection of files and possible other sub-directories” (UNIX Groups, 2013). While both the file username and the group name can be used to limit access to a particular file and determine proper permission settings, the group name is best used in this example.

In order to construct a UNIX system in which 5,000 user system allows 4,990 of the users to access a file, the best approach would be to create a group permission label for the users that need access to the file. This can be done by assigning each user to a primary user group, and then assigning the 4,990 users to an additional subgroup that has access to the file or directory in question. This has the added benefit of enabling individuals and users, as well as system managers, access to all other files in the site hierarchy, while limiting access to the file in question as much as possible. The other option is to create an access control list, which allows the system manager the ability to change and manipulate file access on the file end of the UNIX protection scheme. This approach is equally effective, and allows the system manager to assign access to specific and particular files and group names. Moreover, the access control list can let the users determine who has access, whether or not access can be given to a particular user or group of users, and which groups have access to the stated file.

Both options are viable, and it seems that the access control list method is likely the best approach to create a protection scheme in UNIX that allows access to 4,990 out of 5,000 users. The disparity in the number of users that need access makes the access control list option more appealing.

Reference

UNIX Groups. (2013). UD IT. Retrieved from http://www.udel.edu/it/help/unix/unixgroups.html