Maintaining system security

The owner and group attributes

Each file on the system has an owner. Generally, the creator of the file is also the owner. However, a file owner can generally reassign ownership rights using the chown(C) command.

If you own a file, you can decide who has the right to read it, write to it, or, if it is a program, to execute it. You can also restrict permissions for directories. When you grant execute permission for a directory, you allow the specified users to change directory to it and list its contents with the ls(C) command. Only the owner or a privileged user can define the following:

which users have permission to access data
which types of permission they have (that is, how they are allowed to use the data)

Because this type of access control is mediated at the discretion of the owner of the file, it is called Discretionary Access Control (DAC).

Each file is also assigned to a particular group. A group is a collection of users. Each user may be assigned to one or more groups. The users in a file's group may have special DAC permissions set.

Next topic: Discretionary access control (DAC): permission bits
Previous topic: Protecting the data on your system

© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005