File System and Group

Unix File Access
POS/355

UNIX® is provides security to directory and the file system. For security reason a file or directory has assigned permissions to use them and every user in the UNIX system is assigned set of permission while creating user account.
Before going to discuss the file permission, let’s discuss the user account types in the UNIX. There are three types of user accounts on a UNIX system that are root account, system account and normal user account. Root account: It is a super account in UNIX system and created when the Operating System installed. It has complete, unfettered control of the system and can run any commands without any restriction. This user account in UNIX system is treated as an administration. System accounts: System accounts are those accounts that are needed for a specific system operation or function of system-specific components. For emailing activity mail system accounts are created. These accounts can perform some specific function on system, and any modifications to them could adversely affect the system. User accounts: User accounts are those accounts that through which system interactive operations can be performed by normal users and groups of users. General users are typically assigned to these accounts and usually have limited access to critical system files and directories.
All these accounts are managed by the system administrator (it is a root account). UNIX supports Group Account concept in which a number of user accounts can be combined with certain permissions and policies. Group account controls the file and directory handling and mange permissions to use these files.
A group account must be created before the creation of user account and it must be added into a group account by using the groupadd UNIX command.
In UNIX every file and directory has read, write and execution access modes. These read, write and execution permission is defined by the Owner or the system administrator. These permissions are differently defined for the owner, group and others.
In UNIX ls –l command is used to view file or directory permissions. It is represented by a 10 character sequences. The first character shows whether the content is a file(-) or a directory(d). The permissions are broken into groups of three owner, group and others and each position in group denotes read (r), write (w), execute (x) permission. The three characters sequence (2-4) represent the permissions for the file or directory owner. If this character sequence is rwx (2-4) that means onwer has permission to read (r), write (w) and execute (x) of this file or directory. The second group of three characters (5-7) consists of the permissions for the group to which the file belongs. The last group of three characters (8-10) represents the permissions for other users of the system. Normally other system users have read (r) only permission.
Read (r), write (w) and execute (x) permissions can be changed for any group through the UNIX chmod command.
File access mode read, write and execute is different from the directory access mode. In the file access read mode a file contents are readable by the user but in case of directory he can read the file names only. In write access mode user can add some contents to the file where as in case of director user can add a file into directory.
In this case of a system that can supports maximum 5000 users to access a file. And this system is restricted to access a file no more than 4990 users. To protect a file for a limited access, it would be better to use group user accounts.
The system administrator will create all 5000 user accounts and will create a group account. Administrator will add all 4990 user into a group. All the user and group accounts will require administrative access. All 4990 user are in a group and these users are allowed to access the file for read, write or execution purpose depends on the group’s permissions.
Other 10 users are outside the group, so these are general user accounts and not have any permission to access any file or directory that is permitted for the group users only.
To make a system that allow to access a file for 4990 user out of 5000 user, it is necessary to create a group account of 4990 users. Other 10 user are general user accounts, would not allow to access group’s files.

References UNIX permissions help. Retrieved from http://www.zzee.com/solutions/unix-permissions.shtml Unix - User Administration. Retrieved from http://www.tutorialspoint.com/unix/unix-user-administration.htm File-System Interface. Retrieved from http://www.dia.unisa.it/professori/rescigno/SO/Silb_exerc/10-sol.pdf