Question

UNIX treats file directories in the same fashion as files; that is, both are defined by the same type of data structure, called an inode. As with files, directories include a nine-bit protection string. If care is not taken, this can create access control problems. For example, consider a file with protection mode 644 (octal) contained in a directory with protection mode 730. How might the file be compromised in this case?

Answer 1

Compromising the access control problems:

• The file has only read permission for the group and others. The file has no write and execute permissions for the group and others whereas the directory has the write and execute permissions for the users of the group. So, the member of the group may change the content of the file or file may be deleted. Thus, the permissions given to the file are of no use.

• The file has the read permission for the others whereas the directory has no permission for others. Thus, the content of the file cannot be read by the others. The permissions given to the file are of no use.

File permissions:

The file and directory permissions contain ten digits (xxxxxxxxxx).

• The first digit represents that one is a file or directory.

• The next nine digits (2-10) represent the allowed access permissions to the user and it is categorized as three groups.

o Each group contains three digits (2-4), (5-7), (8-10).

• The three digits may contain dash (-), r (read), w (write), x (execute) characters.

o The digits (2-4) shows the user access privileges granted to the owner of the file.

o The digits (5-7) shows the access privileges granted to the group user.

o The digits (8-10) shows the access privileges granted to anyone.

File is having the octal code 644 then the file permission code is -rw-r--r--

• The number 6 represents rw- that provides a read and write access privilege to the owner of the file.

• The number 4 represents r-- that provides a read access privilege to the users of a group.

• The number 4 represents r-- that provides a read access privilege to others.

Directory is having the octal code 730 then the file permission is -rwx-wx---

• The number 7 represents rwx that provides a read, write and execute access privilege to the owner of the directory.

• The number 3 represents -wx that provides write and execute access privilege to the users of a group.

• The number 0 represents --- that provides a “Null” access privilege to others.