The SunOS operating system is a multiuser system, which means that all the users who are logged in to a system can read and use files that belong to one another, as long as they have the file permissions to do so. Table 14–1 describes the commands for file system security. For step-by-step instructions on securing files, see Chapter 15, Securing Files (Tasks).
This table describes the commands for monitoring and securing files and directories.
Table 14–1 Commands for File System Security
Command |
Description |
Man Page |
---|---|---|
Lists the files in a directory and information about them. | ||
Changes the ownership of a file. | ||
Changes the group ownership of a file. | ||
Changes permissions on a file. You can use either symbolic mode (letters and symbols) or absolute mode (octal numbers) to change permissions on a file. |
By placing a sensitive file into an inaccessible directory (700 mode) and making the file unreadable by other users (600 mode), you will keep it secure in most cases. However, someone who guesses your password or the root password can read and write to that file. Also, the sensitive file is preserved on a backup tape every time you back up the system files to tape.
Fortunately, an additional layer of security is available to all SunOS system software users in the United States: the optional file encryption kit. The encryption kit includes the crypt command, which scrambles the data to disguise the text. For more information, see crypt(1).
ACLs (pronounced “ackkls”) can provide greater control over file permissions when the traditional UNIX file protection in the SunOS operating system is not sufficient. The traditional UNIX file protection provides read, write, and execute permissions for the three user classes: owner, group, and other. An ACL provides better file security by enabling you to define file permissions for the owner, owner's group, others, specific users and groups, and to define default permissions for each of those categories. For step–by–step instructions on using ACLs, see Using Access Control Lists (ACLs).
The following table lists the commands for administering ACLs on files or directories.
Table 14–2 ACL Commands
Command |
Description |
Man Page |
---|---|---|
setfacl |
Sets, adds, modifies, and deletes ACL entries | |
getfacl |
Displays ACL entries |