Data could be considered the most important asset for a company. Newspapers and television report data theft almost as often as they report sports or the weather. Just as you determine who can enter your house or use your car, UNIX provides a mechanism to ensure the right people have access to the right data. Data files should be the focus of your security policies. Most UNIX systems are built on a file access control platform (Stallings, 2012). The file access control scheme allows UNIX administrators to determine who has access to what files.
Suppose a company needed a UNIX system that supported 5000 users. Of those users, the company only wants 4990 to have access to a particular file. As an administrator, the first thing that is needed to implement the required solution is that each user be given a unique user identifier and a password. The unique user identifier helps the system differentiate the users requesting access to system resources. In addition to a user ID, each user is a member of at least one group in the system. The group that the user is assigned to is given a unique group identifier (GID) as well. The user ID and GID allow the super user, or root to assign permissions to system resources. The system resource in this scenario would be the file that the organization only want 4990 users to be able to access. Permissions like read, write, execute are common across all systems and define exactly what a user can do with the file once he or she has access to it. Read permission allows the user to view the file. Write permission allows the user to modify the file. Execute allows the user to run a file, and is required for all executable files.
There is more than one way to make sure only the 4990 users that the organization specifies get access to the file. Both solutions involve the root user creating groups and assigning the proper permissions to the appropriate groups using an access control list (ACL). The root user could log...