Controlling access to files Access to files as a special case of access to
shared resources The files are private, although the most popular form of shared
resources, access to which the operating system must control. There are other
kinds of resources that users online sharing. First is the variety of external
devices: printers, modems, plotters, etc. The area of memory used for data
exchange between processes is also an example of a shared resource. But trials
in some cases serve that role, for example, when users of OS send signals, which
must respond. In all these cases, a common pattern: people are trying to comply
with the shared resource of certain operations, and OS must decide whether users
of this right. Users are subjects of access, and shared resources-sites. The
user has access to the operating system directly, but through the application of
processes that run on its behalf. For each type of a set of operations that they
can perform. For example, to file this operation read and write, delete, execute;
Printer re-cleaning queue documents, the suspension of the press, etc. OS access
control system should provide a means to specify the rights of users to the
sites diversified operations, for example, a user may be permitted to read and
operation of the file and delete operations - is prohibited. Many operating
systems implemented mechanisms, which enable the access to the sites of various
types with one voice. Thus, the presentation of I / O devices in a special file
in the UNIX operating system is an example of such an approach: in this case,
with access to devices used by the same attributes and algorithms that of a
normal access to files and directories. Even more advanced in this area Windows
NT. It uses a unified structure-security facility, which is not only for files
and external devices, but also for any shared resources: Sections memory
primitives synchronize Mutexes and semaphore type, etc. This allows you to use
Windows NT for access control the resources of any kind of common kernel module-safety
manager. As players can access as individual users or groups of users.
Definition of individual access rights for each user allows the greatest
flexibility to set spending policies shared resources in the computer system.
However, this method leads to a large system administrator excessive loading
routine work on repeating the same operations for users with the same rights.
Combining such users in the group and give access to the group as a whole is one
of the main methods of administration of large systems. Each object access is
the owner. The owner can be otdelnyy- 'user or group of users. The owner has the
right to object to every possible facility for the transaction. Many operating
systems have a particular user (superuser, root, administrator), which is all
right with respect to any of the system, not necessarily their own. Under this
name is the system administrator who needs full access to all files and devices
for access control policies. There are two basic approaches to the definition of
access rights. Selective access is a place where every object the owner can
determine the allowable transactions with objects. This approach is also called
the arbitrary (from the discretionary - granted at their own discretion) access,
as well as allows the administrator and owners of the right to determine
arbitrarily, in their desire. Between users and groups of users access to the
electoral system is rigid hierarchical relationships, ie relationships, which
are defined by default and can not be changed. An exception is made only for the
administrator, by default nadelyaemogo all rights. Mandatny access (from the
mandatory-binding, forced) is an approach to determining access rights, in which
the system gives the user certain rights with respect to each shared resource (in
this case file) according to which group a user assigned. On behalf of a system
administrator, and the owners are deprived of the possibility to control access
to them at their discretion. All users of such a system, a strict hierarchy,
with each group enjoys all the rights of groups of lower-level hierarchy, which
added to the right level. Members of a group are not allowed to provide the
right team members at lower levels of hierarchy. Mandate way to access similar
to the scheme used to access secret papers: the user can log in to one of the
groups that are the right of access to classified documents with the secrecy,
such as "for official use", "secret", "secret" and " State secrets ". This user
group "secret" may work with the documents "secret" and "for official use", as
they are allowed access to lower in the hierarchy of groups. However, we are not
managed access, the opportunity is just a special official institutions.
Mandated access systems are considered more reliable, but less flexible, usually
used in specialized computer systems with higher security requirements
information. In the universal system used typically polling access methods,
which will be discussed below. To be certain, will continue to consider
mechanisms to control access to such facilities as files and directories, but it
must be understood that the same tools could be used in modern operating systems
to control access to any type and contrast are only set of operations specific
to one or a class of objects. Access Control Mechanism Each person and each
group of users tend to have a symbolic name, as well as a unique numeric
identifier. In carrying out procedures logical login user submits its symbolic
name and password, and the operating system determines the appropriate numerical
identifiers and user groups to which he belongs. All identifying information,
including names and identifiers of users and groups of users passwords, as well
as information on the incorporation of user groups stored in a file (/ etc /
passwd in UNIX) or a special database (Windows NT). Logging system generates
protsess- sheath, which supports dialogue with the user and starts for him other
processes. Protsess- envelope is symbolic of a user name and password and is on
numerical identifiers and user groups. These identifiers associated with each
process running casing for the user. They say that on behalf of the user data
and user groups. In the most typical case caused any process inherits user IDs
and groups from the parent. Determine the right of access to a resource is to
identify each user a set of transactions that allowed him to apply to this
resource. Different operating systems for the same types of resources can be
determined his list differentiated access operations. To file of the list may
include the following operations: Creating a file; The destruction of the
file; Open a file; closure of the file; read from the file; write to the
file; Further file; The search for a file; Obtaining file attributes;
The installation of new attribute values; Rename; To file; reading
catalogue; The change in ownership; change access rights. Set operations OS
file may consist of a large number of elementary operations, and may include a
few larger operations. The above list is an example of the first approach, which
allows very fine control access rights of users, but also creates a significant
burden on the administrator. Example broad approach demonstrated UNIX family of
operating systems, in which there are only three operations files and
directories: read (read, d), write (write, w) and run (execute, x). Although
UNIX is used for the operations of all three titles, in fact, it corresponds
more operations. For example, the operation to depend on what object it is
applied. If execute file intuitive, the operation is interpreted as a directory
to search a directory listing. So UNIX administrator, in fact, has a large list
of operations than it appears at first glance. In Windows NT developers have
used the flexibility they have implemented to work with operations to the files
on two levels: the default administrator working on the broad level (level of
standard operations), and, if desired, can go to the elementary level (the level
of individual transactions). In the most general case of access rights can be
described matrix access, in which the columns are all system files, line-users,
and at the intersection of rows and columns are permitted operation (Figure 7.28).
Almost all operating systems matrix access stored "in part", that is, for each
file or directory is called access control list (Access Control List, ACL),
which describes the right to carry out operations of users and user groups from
the same the file or directory. List management access is part of a file or
directory and stored on the disk in the field, such as index descriptor inode
ufs file system. He supports all file system access control lists, for example,
it does not support the FAT file system as it was designed for single
odnoprogrammnoy MS-DOS operating system for which the task of protection against
unauthorized access is not valid. Generally a list of access control can be
provided as a set of user IDs and user groups, which indicates identifier for
each set of allowed operations of the object (figure 7.29). It is said that ACL
is a list of the elements of access control (Access Control Element, ASE), with
each element corresponds to one identifier. ACL added to the list to the ID
holder called in security features.
|