test

System Administration Guide

File Security

The SunOS 5.x operating system is a multiuser system, which means that all the users logged in to a system can read and use files belonging to one another, as long as they have permission to do so. Table 50-1 describes file system administration commands. See Chapter 51, Securing Files (Tasks) for information on file security.

File Administration Commands

Table 50-1 lists the file administration commands that you can use on files or directories.

Table 50-1 File Administration Commands

Command 

Description 

ls(1)

Lists the files in a directory and information about them. 

chown(1)

Changes the ownership of a file. 

chgrp(1)

Changes the group ownership of a file. 

chmod(1)

Changes permissions on a file. You can use either symbolic mode (letters and symbols) or absolute mode (octal numbers) to change permissions on a file. 

File Encryption

Placing a sensitive file into an inaccessible directory (700 mode) and making the file unreadable by others (600 mode) will keep it secure in most cases. However, someone who guesses your password or the root password can read and write to that file. Also, the sensitive file is preserved on backup tapes every time you back up the system files to tape.

Fortunately, an additional layer of security is available to all SunOS 5.x system software users in the United States--the optional file encryption kit. The encryption kit includes the crypt command which scrambles the data to disguise the text.

Access Control Lists (ACLs)

ACLs (ACLs, pronounced "ackkls") can provide greater control over file permissions when the traditional UNIX file protection in the SunOS operating system is not enough. The traditional UNIX file protection provides read, write, and execute permissions for the three user classes: owner, group, and other. An ACL provides better file security by enabling you to define file permissions for the owner, owner's group, others, specific users and groups, and default permissions for each of those categories.

See Chapter 51, Securing Files (Tasks) for information about setting ACLs on files.