1. Access Control

2. Many models Traditional Unix model Windows model Role-based access control (SE Linux)‏ Access control for confidentiality (Bell-La Padula model)‏ other models All based on subject/object nomenclature.

3. Traditional Unix model Based on users and groups Both users and groups have an external “name” and an internal id number Each user gets membership in a collection of groups. user id number 0 is “special” or “privileged” and has access to the whole machine. uid 0 usually has the name root, but that can (should) be changed.

4. Unix model (cont)‏ Objects (files, devices, etc. have a uid and a gid assigned to them. They also have a set of permission bits assigned to them. Subjects (processes) have a “real” and an “effective” user id; in addition, they have a “real” and an “effective” group id; usually the real and the effective uid/gid are the same, but not always. Files have permission bits assigned to them,

5. Unix model (cont; permission bits) Every file has three groups of three bits each. The three groups represent:  user  group  other The three bits represent:  read  write  execute

6. More bits There are 3 more bits associated with each file:  setuid  setgid  sticky/text bit

7. Unix model (cont: setting and changing permissions)‏ When a file is created a mode is specified; the actual mode given to the file is the result of mode & ~umask The chmod command/system call can be used to change the permission bits. The chown command/system call can be used to change file ownership. Some unices have a “newgrp” command/system call to change the gid of the process.

8. Unix Access control programming chmod/fchmod have two arguments second one is mode, S_Ixwwy, where x is one of S or RWX, wwy is UID, GID, VTX, USR GRP OTH  Don't use chmod, to prevent race conditions. chown/fchown have three args: file, user, grp.  Don't use chown, to prevent race conditions.  A newgrp is never necessary to change a group. umask sets and changes umask