test

System Administration Guide, Volume 2

File Security

The SunOS operating system is a multiuser system, which means that all the users logged in to a system can read and use files belonging to one another, as long as they have permission to do so. The table below describes file system administration commands. See Chapter 17, Securing Files (Tasks) for step-by-step instructions on securing files.

File Administration Commands

This table describes the file administration commands for monitoring and securing files and directories.

Table 16-1 File Administration Commands

Command 

Description 

ls(1)

Lists the files in a directory and information about them. 

chown(1)

Changes the ownership of a file. 

chgrp(1)

Changes the group ownership of a file. 

chmod(1)

Changes permissions on a file. You can use either symbolic mode (letters and symbols) or absolute mode (octal numbers) to change permissions on a file. 

File Encryption

Placing a sensitive file into an inaccessible directory (700 mode) and making the file unreadable by others (600 mode) will keep it secure in most cases. However, someone who guesses your password or the root password can read and write to that file. Also, the sensitive file is preserved on backup tapes every time you back up the system files to tape.

Fortunately, an additional layer of security is available to all SunOS system software users in the United States--the optional file encryption kit. The encryption kit includes the crypt(1) command which scrambles the data to disguise the text.

Access Control Lists (ACLs)

ACLs (ACLs, pronounced "ackkls") can provide greater control over file permissions when the traditional UNIX file protection in the SunOS operating system is not enough. The traditional UNIX file protection provides read, write, and execute permissions for the three user classes: owner, group, and other. An ACL provides better file security by enabling you to define file permissions for the owner, owner's group, others, specific users and groups, and default permissions for each of those categories. See "Using Access Control Lists (ACLs)" for step-by-step instructions on using ACLs.

The table below lists the commands for administering ACLs on files or directories.

Table 16-2 ACL Commands

Command 

Description 

setfacl(1)

Sets, adds, modifies, and deletes ACL entries 

getfacl(1)

Displays ACL entries