Explain how the UNIX permission system implements access control.

Describe an extension of this

system that permits finer control.
Access Control in Unix
UNIX has an implementation of access control lists for providing the features of
security to its users. Every user has a right to log into the system with his/her
credentials (username and password) and initiate a process which can further make
system requests. Every process is assigned a unique identifying number called the
process uid. This number can be obtained from the

/etc/password

file.

sample record from this file looks like below:

uid essentially is the user id of the user who started the process. Every process
may also carry an effective uid, which may or may not be different from its uid.

Access control lists are also categorized with the use of group ids or group names.
Every process has a list of groups, it is associated with. This is the basic level of
authentication implemented in Unix.

Since Unix understands everything as a file, it is important to see how security is

ensured for files in Unix. There are 12 mode bits which are used to encode the
privileges related to protection. Out of these 12 bits, first 9 bits are divided into 3
groups. Each group contains 3 bits describing the permissions related to user (u),
group (g) and others (o). If a bit is set to ON, the corresponding privilege is
enabled (r read, w write, x execute).

Extension of Unix security system

A finer security mechanism can be enabled in Unix by setting the bits in the last
remaining triplet. First two out of the remaining last 3 bits are called the suid (set
user id) and sgid (set group id). Usually, one process is started and maintained by
one user under one group id or to say one domain. But for higher level of programs
exchanging data among different domains, more focused security is needed. When
the suid of a file is set to ON, it does not run under the uid of the process initiating
a call to it, but under the effective uid of the uid of the user who is the actual
owner of that file. The sgid is used in a similar fashion on the group level.

References
1. Montecino, Virginia. Unix Permissions. Available from:
<http://mason.gmu.edu/~montecin/UNIXpermiss.htm>
2. YoLinux. Managing Group Access. Available from:
<http://www.yolinux.com/TUTORIALS/LinuxTutorialManagingGroups.html>
3. Dart Mouth. Understanding file permissions on Unix: a brief tutorial. Available
from: <http://www.dartmouth.edu/~rc/help/faq/permissions.html>