Linux File System Security Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

File system security is about making sure your users can only do what you want them to be able to do. This means that you want system programs to be secure and users to only be able to write where you want them to be able to do so.

Linux file system security

The Linux security model is based on the one used on UNIX systems, and is as rigid as the UNIX security model (and sometimes even more), which is already quite robust. On a Linux system, every file is owned by a user and a group user. There is also a third category of users, those that are not the user owner and don't belong to the group owning the file. For each category of users, read, write and execute permissions can be granted or denied

For the system admin to not be bothered solving permission problems all the time, special access rights can be given to entire directories, or to separate programs. There are three special modes:

Sticky bit mode: After execution of a job, the command is kept in the system memory. Originally this was a feature used a lot to save memory: big jobs are loaded into memory only once. But these days memory is inexpensive and there are better techniques to manage it, so it is not used anymore for its optimizing capabilities on single files. When applied to an entire directory, however, the sticky bit has a different meaning. In that case, a user can only change files in this directory when she is the user owner of the file or when the file has appropriate permissions. This feature is used on directories like /var/tmp, that have to be accessible for everyone, but where it is not appropriate for users to change or delete each other's data. The sticky bit is indicated by a t at the end of the file permission field:

mark:~> ls -ld /var/tmp

drwxrwxrwt 19 root root 8192 Jan 16 10:37 /var/tmp/

The sticky bit is set using the command chmod o+t directory. The historic origin of the "t" is in UNIX' save Text access feature.

SUID (set user ID) and SGID (set group ID): represented by the character s in the user or group permission field. When this mode is set on an executable file, it will run with the user and group permissions on the file instead of with those of the user issuing the command, thus giving access to system resources

Windows XP share level security

Windows XP lets you share a computer's disks and folders with other computers on the network, using a method called Simple File Sharing. And it really is simple. If a disk or folder is shared, everyone on the network can access it. There are no user permissions and no passwords. Because sharing in this way is so wide open, Windows XP tries to protect you from some potential security risks.

Note: Windows XP Professional has a much more powerful way to

control file sharing..

Right click the disk or folder that you want to share and select Sharing and Security.

The disk or folder that you share, along with all of the folders that it contains, will be accessible by other network users. If you're sharing an entire disk, Windows XP gives a warning. The implication of the warning is that it's better to share a specific folder, since only that folder (and its subfolders) will be accessible by others, and the rest of the disk will be inaccessible. Click where indicated if you want to go ahead and share the entire disk. This screen doesn't appear if you're sharing a folder.

Windows XP NTFS security

NTFS stands for New Technology File System. Microsoft created NTFS to compensate for the features it felt FAT (File Allocation Table) was lacking. These features include increased fault tolerance and enhanced security

NTFS has many security options. You can grant various permissions to directories and to individual files. These permissions protect files and directories locally and remotely.

NTFS also includes the Encrypting File System (EFS). EFS uses public key security to encrypt files on an NTFS volume, preventing unauthorized users from accessing those files. Encryption ensures that only the authorized users and designated recovery agents of that file or folder can access it.

Users of EFS are issued a digital certificate with a public key and a private key pair. EFS uses the key set for the user who is logged on to the local computer where the private key is stored. Users work with encrypted files and folders just as they do with any other files and folders. Encryption is transparent to any authorized users; the system decrypts the file or folder when the user opens it. When the file is saved, encryption is reapplied. However, intruders who try to access the encrypted files or folders receive an "Access denied" message if they try to open, copy, move, or rename the encrypted file or folder.

Note I: EFS is not available in Windows XP Home Edition.

Note II: It is recommended that you encrypt at the folder level to ensure that new files are automatically encrypted and that temporary files created during the editing process remain encrypted.

NTFS Security

Windows ACLs

An access control list (ACL) is a table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. The most common privileges include the ability to read a file (or all the files in a directory), to write to the file or files, and to execute the file (if it is an executable file, or program). Microsoft Windows NT/2000, Novell's NetWare, Digital's OpenVMS, and Unix-based systems are among the operating systems that use access control lists. The list is implemented differently by each operating system.

In Windows NT/2000, an access control list (ACL) is associated with each system object. Each ACL has one or more access control entries (ACEs) consisting of the name of a user or group of users. The user can also be a role name, such as "programmer," or "tester." For each of these users, groups, or roles, the access privileges are stated in a string of bits called an access mask. Generally, the system administrator or the object owner creates the access control list for an object.


Both Windows and Linux have almost same options for securing files. However Linux is more secure.