Explain File Protection In Detail
File Protection In Detail
File systems often contain information that is highly valuable to their users. Protecting this information against unauthorized usage is, therefore a major concern of all the file systems.
Access Control :
The access to a particular file can be controlled by limiting the types of file access that can be made.
Following are the few file operations that can be controlled:
|Read||Read a file|
|Write||Write a file|
|Append||Append a file|
|Delete||Delete a file|
|List||List the name and attributes of a file|
|Rename||Rename a file|
|Edit||Changing the content of a file|
|Copy||Make a copy of a file|
One way to control these operations in through access control lists (ACLs) and groups. An access list may be associated with each file and directory. This list may contain the user name and the types of access allowed for each user. The operating system checks this access control list (associated with a file) whenever a user requests an access to a particular file. Ifthat user is listed for the requested access, the access is allowed. Otherwise, user is denied access to the file.
The main problem with controls list (ACLs) is their length. If we want to allow every-one to read a file, we must list all users with read access. To overcome this problem many systems classify the users of a file into three types :
- Owner: The user who created the file.
- Group: A set of users who are sharing the file and need similar access.
- Universe: All remaining users in the system constitute the universe.
Thus, if a person has created a file, he/she is owner of the file. If the owner has given execute- only permission (on his file) to some set of users, then this set of users constitute a group and all users in this group have execute-only permission for the file. All the other possible users will fall into the universe category and probably may be given readonly access to the file. UNIX operating system uses this method to provide protection to the files. Access control lists should be created and maintained by some administrator, file owner or any other manager of the organization.
Other Protection Mechanisms :
Files can be protected by a password. The owner of a file can control its access by assigning a password. Thus, only those users who know the password, can access a particular file.
Disadvantages of the scheme are :
- If a separate password is associated with each file, the user will have to remember so many passwords and the scheme will become impractical.
- If only one password is used for protecting all files, then cracking of one password by an unauthorized user will enable him to access all the files.
This problem can be dealt by associating a password with a subdirectory rather than with an individual file.