Rice SCL - Security: UNIX vs. VM

Security: UNIX vs. VM

The default access rights for a user's directories and files is vastly different in the UNIX world compared to the VM mainframe world.

Mainframe VM users have a default access authority that makes all their directories and files private. Their data is readable, writeable, and executable only by themselves. In order to share any data with another user, a VM user must explicitly grant another user access to their data, in either "read" or "read-write" mode.

In the UNIX world, a much more permissive access authority is the default. A user's directories and files are readable, writeable and executable by themselves, but they also are, in general, readable and executable by all other users. A user must explicitly change their access permissions to make their files private-- unreadable by other users.

One of the easiest and safest ways for a UNIX user to protect specific data, is to create a sub directory and set the access so that it is readable and writeable by them, but unreadable by other users. Files placed in this directory will not be accessible to other users. In fact, other users will not even know if there are files or directories within that directory.

Having one or more private subdirectories is a convenient way to protect or segregate particular data from regular user data. To help our new vet users be able to easily protect their data, we will be setting up a secure subdirectory for them, in their regular directory. This secure directory will be called "secure.data".

The directory called "secure.data" has these permissions: drwx--S---
The listing looks like this:

% pwd
/vet2/bambam/secure.data
% ls -al
total 32
drwx--S--- 2 bambam rstaff 512 Mar 22 11:30 .
drwxr-sr-x 3 bambam rstaff 512 Mar 22 11:28 ..
-rw-r--r-- 1 bambam rstaff 430 Mar 22 11:29 midterm.test.data
-rw-r--r-- 1 bambam rstaff 368 Mar 22 11:30 student.grades
%

The directory hierarchy denoted by the '.' and '..' should be familiar to those with dos experience. The single '.' denotes the current directory and the double '..' is the parent directory. The permissions string has 10 positions, the first position denoting a directory, followed by three sets of three showing the permissions for, from left to right, the user, the group, and all others. Each set of three has a position for the different access permissions- the first position is "r" for readable, the second is "w" for writeable and the third is "x" or possibly "s" for the e(X)ecutable permission.

In the above example the current directory permissions show that the directory is not r (readable), w (writeable),or x (executable) by any in the group "rstaff" or any other users in the system. Notice that a "s" in the executable position has two forms, each with a different meaning. An upper case "S" means there is no executable permission, but the set group id function is active- that is, a file in this directory will belong to the same groupid as the directory itself. A lower case "s" means that both the executable permission is active, and the set group id function is active. Even if files are created within the directory with the default "world readable" permissions, since only the owner, "bambam" in this case, has access to the directory the files are inaccessible by and unreadable by other users. See what happens when another user tries to see the files, even if they know the name and path:

smcclure@vet:~> cd ~bambam
smcclure@vet:/vet2/bambam> ls -ali
total 48
drwxr-sr-x 3 bambam rstaff 512 Mar 22 11:28 .
drwxr-sr-x 67 root system 1536 Mar 19 10:25 ..
-rw-r--r-- 1 bambam rstaff 1507 Jan 08 08:24 .cshrc
-rw-r--r-- 1 bambam rstaff 1472 Jan 08 08:24 .login
-rw-r--r-- 1 bambam rstaff 1386 Jan 08 08:25 .logout
drwx--S--- 2 bambam rstaff 512 Mar 22 11:30 secure.data

smcclure@vet:/vet2/bambam> cd secure.data bash: secure.data: Permission denied smcclure@vet:/vet2/bambam> more /vet2/bambam/secure.data/midterm.test.data /vet2/bambam/secure.data/midterm.test.data: The file access permissions do not allow the specified action.

To store "safe" files, put them within the "secure.data" directory with a move (mv) command or actually create them while within the secure.data directory.

Users may also want a directory for data that they want to share with members of their group (faculty, rstaff, student) but do not want any other users to be able to access. To accomplish this we will also set up a subdirectory for you called "xxxx.data" where xxxx is replaced with the name of the group you belong to. The following output shows an example of the directory called "rstaff.data" and its group permissions set to readable and executable:

% ls -al /vet2/bambam
total 56
drwxr-sr-x 4 bambam rstaff 512 Mar 22 11:46 .
drwxr-sr-x 67 root system 1536 Mar 19 10:25 ..
-rw-r--r-- 1 bambam rstaff 1507 Jan 08 08:24 .cshrc
-rw-r--r-- 1 bambam rstaff 1472 Jan 08 08:24 .login
-rw-r--r-- 1 bambam rstaff 1386 Jan 08 08:25 .logout
drwxr-s--- 2 bambam rstaff 512 Mar 22 11:46 rstaff.data
drwx--S--- 2 bambam rstaff 512 Mar 22 11:30 secure.data

Creating secure subdirectories is the simplest way to protect specific data. To learn more about directory and file permissions in UNIX, look in the man (manual) pages for the "chmod" command. If you need help in setting up specific kinds of subdirectories or protecting sensitive files, create a problem incident in APRIORI, and a consultant will assist you in defining the proper directories to meet your security needs. Or, as always during this transition, send a note to "statlab@stat.rice.edu". We are here to help you with this transition.

Back to SCL Data Points

Contact us at Rice SCL if you have any que stions or comments about this page.
Last update on 7/22/96 by Steve Tseng (hungjie@i s.rice.edu).