Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sharing Files Richard Newman based on Smith “Elementary Information Security”

Published byMonica Collins Modified over 8 years ago

Similar presentations

Presentation on theme: "Sharing Files Richard Newman based on Smith “Elementary Information Security”"— Presentation transcript:

1 Sharing Files Richard Newman based on Smith “Elementary Information Security”

2 File Sharing Policies Generic – Isolation – Share everything Tailored – Privacy – Shared Reading – Shared Updating

3 Tailored File Sharing Policy Considerations Which objects are involved – By owner – By project – By type Which users are granted new rights – Individual – Group – Role – Role relative to X Default access – Deny or allow? What access rights to enforce – R, W, X,... – Conditions?

4 File Sharing on Windows Default: Isolation Per folder file sharing – Chose people to share with – Permission level Permission levels – Owner – full access, owns folder – Co-owner – full access, doesn't own folder – Contributor (not in Windows 7) – create files, modify own files – Reader – read files in folder

5 User Groups Unix, “professional” Windows Implementation of group access – File has group owner attribute, and group access rights – Group named on ACL with access rights Implementation of groups – Special file – edited – System file accessed through utilities – Built-in groups Administrators, wheel group, per-user group – Associate user ID with group upon login Allows more precise audit

6 Least Privilege Administrator access – Log in as admin – Log in as user with admin rights (in group) – Log in as regular user, but ability to authenticate as admin for specific programs, actiions (sudo, etc.) – Switch mode as needed (setuid) – UAC – User Account Control - “permission to continue”

7 Posix File Permissions Three classes of entity relative to a file – User (Owner) – one uid per file – Group – one gid per file – Other (World) – Of course, there is always root.... Access permission bits – rwx – r – read file or directory listing – w – write/modify file or create/rename/delete files in directory – x – execute file or use directory in path Changing permissions – chmod – chown – chgrp

8 Rights Ambiguity Conflicting rights bits – e.g, group allowed to write but user not allowed to write – e.g. other allowed to read but group not allowed to read – Any user attempting access belongs to “all” and zero, one, or two other categories How are conflicting rights bits treated – OpenVMS - “OR” bits of all applicable classes – Unix – use bits of most specific applicable class – explicit denial Root User Group Other

9 Access Control Lists (ACLs) Need for ACLs – Policy with read access for group A, read/write access for group B – Can't do it in Unix rwx bits Multics – Pioneered ACLs – Subject matched to a.b.c with wildcards – a is user name, b is project name, c is compartment – rew rights Modern systems – Posix.1e – Apple Macintosh OS-X – MS Windows – NFSv4

10 Posix.1e ACLs Classes – User – user::rwx – Group – group::rwx – World – other::rwx – Specific user – user:user-name:rwx – Specific group – group:group-name:rwx – Mask applied to specific users/groups – mask::rwx

11 Windows/Mac ACLs Per file/directory – Owner rights – Everyone rights – Specific user rights – Selection of no access/read only/read-write Special considerations: Must have admin rights on Mac

12 Apple OS/X ACLs Entities – Owner – Everyone – Specific individuals – Groups Access rights – No access – Read-only – Read-write – “OR” of rights apply to requester Groups – Created under “System Preferences -> User Accounts” – Requires admin access

13 Windows ACLs Entities – Owner – Everyone – Specific individuals – Groups Access rights – “Full Control” – Modify – Read & Execute – Read – Write – Special Permissions – Allow and deny flags – Apply deny first, then check for allow

Download ppt "Sharing Files Richard Newman based on Smith “Elementary Information Security”"

Similar presentations

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.

1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
1 CSE 390a Lecture 4 Persistent shell settings; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller

1 CSE 390a Lecture 4 Persistent shell settings; users/groups; permissions slides created by Marty Stepp, modified by Jessica Miller
File Security. Viewing Permissions ls –l Permission Values.

File Security. Viewing Permissions ls –l Permission Values.
User Accounts and Permissions Chapter IV / Part II.

User Accounts and Permissions Chapter IV / Part II.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
G22.3250-001 Robert Grimm New York University Protection and the Control of Information Sharing in Multics.

G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.

1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.

Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.
LERSAIS.  Access Control in Unix  Access Control in Windows  Port Redirection 2.

LERSAIS.  Access Control in Unix  Access Control in Windows  Port Redirection 2.
Group Accounts; Securing Resources with Permissions

Group Accounts; Securing Resources with Permissions
Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.

Authentication and authorization Access control consists of two steps, authentication and authorization. Subject Do operation Reference monitor Object.
File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.

File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.
Chapter 3.3: Filesystem Security 1. General Definitions Files and folders (directories) are managed by the operating system Applications, including shells,

Chapter 3.3: Filesystem Security 1. General Definitions Files and folders (directories) are managed by the operating system Applications, including shells,
Operating System Security CS460 Cyber Security Spring 2010.

Operating System Security CS460 Cyber Security Spring 2010.
Chapter 4 Sharing Files. Chapter 4 Overview Tailored File Sharing User Groups File Permission Flags Access Control Lists Apple OS X Access Control Lists.

Chapter 4 Sharing Files. Chapter 4 Overview Tailored File Sharing User Groups File Permission Flags Access Control Lists Apple OS X Access Control Lists.

Similar presentations

Ads by Google