Solaris Trusted Extensions User's Guide

User Responsibilities for Protecting Data

As a user, you are responsible for setting the permissions to protect your files and directories. Actions that you can perform to set permissions use a mechanism called discretionary access control (DAC). You can check the permissions on your files and directories by using the ls -l command or by using the File Manager, as described in Chapter 3, Working in Trusted Extensions (Tasks).

Mandatory access control (MAC) is enforced automatically by the system. If you are authorized to upgrade or downgrade labeled information, you have a critical responsibility to ensure that the need for changing the level of information is legitimate.

Another aspect of protecting data involves email. Never follow instructions that you receive in email from an administrator. For example, if you followed emailed instructions to change your password to a particular value, you would enable the sender to log in to your account. In limited cases, you might verify the instructions independently before following the instructions.