INVITATION TO CYBERSECURITY 204 Besides these basic permissions, OSs can define many other permissions, including the permission to assign permissions, and more granular permissions, such as a modify permission that permits a file to be modified but not deleted. Some OSs, such as Windows, also include negative permissions. A negative permission is an explicit denial of an action (see Figure 8.5). Figure 8.5 Windows OS file permissions showing positive (Allow) and negative (Deny) permissions. The objects in the first column of Table 8.2 are fully qualified. This means their full directory path is provided, uniquely identifying them in the file system. The file system is the organization of the files in an OS. The beginning forward slash / is the root directory. The root directory contains files and subdirectories, and those subdirectories in turn may contain files and additional subdirectories, and so on. The result is a file tree structure with branches and levels (see Figure 8.6). Each directory creates a namespace. Within a namespace, there can be no name collisions. A name collision is when two objects have the same name. It is possible for two files to have the same name in a file system as long as they are not in the same directory. For example, in Table 8.2, there are two files named lab1. Presumably Alice created a copy of the lab1 document from the instructor labs folder. Her copy is in her home directory, and since she created the copy, she has read and write permissions on her copy. In Table 8.2, the user alice has the permission to read and execute (i.e., run) gedit, but bob does not. (Gedit is a text editor for Linux similar to Notepad in Windows.) The student group also has permission to read and execute gedit. If the user bob is in the student group, then his privileges for gedit are ambiguous. Do the group permissions trump the user permissions? This begins to illustrate some of the complexities that can arise with
RkJQdWJsaXNoZXIy MTM4ODY=