In a system that supports 5,000 users protection and accessibility are key roles for the system. On a system of 5,000 users allowing only 4,990 users to access one file must make good use of protection as well as accessibility. Protection of files needs to be set up so that there is access given to users on a system in three different permission categories. The first is the permission to read a file. The second is the permission to write or make changes to a file. The final is the permission to run or execute a file. A UNIX system sets up three classifications for its users; an owner or user, a group, and the other.
First is the owner, which is the creator of a file, or the user at a specific time of a file. A group is a class to which the user or owner belongs. A group could be a department of a company or any other type of grouping with specific members. Last, the other is the general World Wide Web audience (“Unix Protection and Permissions”, n. d. ). A review of how users are set up should be understood first and permissions can then be set. A UNIX system administrator sets up each user of the system to have a unique user name, whereas the UNIX operating system identifies users with a number, known as the user identifier or UID.
Users are not limited to the humans that work on the system but the system functions are considered users as well (“Practical Unix & Internet Security”, n. d. ). User names have a parameter of up to eight characters in length when created. A typical scheme would be the user’s first two initials of the first name and the full last name. In instances in which there were two users with the same name, such as two Marsha Grants, adding a number can create uniqueness, for example mg1grant. Even though the user names are a convenience for administration by humans, there is still a need for a user name to be unique.
Group names can be assigned by the administrator the same way, fitting the same scheme of eight characters in length, to give further ease of set up and protection. The operating system sets up or assigns unsigned integers for user identification numbers. UNIX usually assigns user identifiers between zero to nine to system functions (“Practical Unix & Internet Security”, n. d. ). Human users typically start at 20 or 100. For the scenario for a system that currently supports 5,000 users, the user identifiers will start at 100 and go up to 5,099.
Group identification numbers are set up by the system administrator (“Practical Unix & Internet Security”, n. d. ). Setting permissions based on user identification numbers or group identification numbers sets up the protection of the files on the system. Permission to files are given at a user level or at the group level. Depending on the number of user identifications to be included or excluded will drive how the permissions are to be set. Permissions should be given as well as restricted with caution.
Just as giving to many permissions to a file will limit the protection of the file, over restricting a file can impede some processes and work. Setting permissions at group levels will give ease to administration. Removing a user from a group removes that user from all group file access. There are two different ways to reach resolution for meeting the needs of the scenario for allowing only 4,990 users of 5,000 to have access to one file. Assigning individual access per each user ID is a means to reaching resolution, but it is a very manual and lengthy process.
One way to handle the task would be to create an Access Control List with the 4,990 users who have access to the file and assign access in the system. Another resolution would be to create a group ID that included the 4,990 users who should have access to the file and assign access to the file to the group ID. If the file fits a specific scenario and the grouping of the 4,990 users is a onetime grouping, creating a group ID that includes the users restricted from access from the file may be the simplest of the solutions.
Practical UNIX & Internet Security. (n.d.). Retrieved from
http://www.diablotin.com/librairie/networking/puis/ch04_01.htm Unix Protection and Permissions. (n.d.). Retrieved from http://www.mtholyoke.edu/~easokolo/unix/perm.htm