HostedDB - Dedicated UNIX Servers
fips191_18 FIPS PUB 191 User  access  may  exist  at  the  directory  level,  or  the  file  level.   Access  control  at  the  directory level places the same access rights on all the files in the directory.  For example, a user that has read  access  to  the  directory  can  read  (and  perhaps  copy)  any  file  in  that  directory.   Directory access rights may also provide an explicit negative access that prevents the user from any access to the files in the directory. Some LAN implementations control how a file can be accessed. (This is in addition to controlling who can access the file.) Implementations may provide a parameter that allows an owner to mark a file sharable, or locked.   Sharable files accept multiple accesses to the file at the same time. A  locked  file  will  permit  only  one  user  to  access  it.    If  a  file  is  a  read  only  file,  making  it sharable allows many users to read it at the same time. These  access  controls  can  also  be  used  to  restrict  usage  between  servers  on  the  LAN.   Many LAN operating systems can restrict the type of traffic sent between servers.   There may be no restrictions, which implies that all users may be able to access resources on all servers (depending on the users access rights on a particular server).   Some restrictions may be in place that allow only certain types of traffic, for example only electronic mail messages, and further restrictions may allow no exchange of traffic from server to server.   The LAN policy should determine what types of information need to be exchanged between servers.   Information that is not necessary to be shared between servers should then be restricted. Privilege  mechanisms  enable  authorized  users  to  override  the  access  permissions,  or  in  some manner legally bypass controls to perform a function, access a file, etc.  A privilege mechanism should  incorporate  the  concept  of  least  privilege.    [ROBA91]  defines  least  privilege  as  "a principle where each subject in a system be granted the most restrictive set or privileges needed for the performance of an authorized task."   For example, the principle of least privilege should be implemented to perform the backup function.  A user who is authorized to perform the backup function  needs  to  have  read  access  to  all  files  in  order  to  copy  them  to  the  backup  media. (However  the  user  should  not  be  given  read  access  to  all  files  through  the  access  control mechanism.)   The user is granted a ’privilege’ to override the read restrictions (enforced by the access  control  mechanism)  on  all  files  in  order  to  perform  the  backup  function.    The  more granular the privileges that can be granted, the more control there is not having to grant excessive privilege to perform an authorized function. For example, the user who has to perform the backup function does not need to have a write override privilege, but for privilege mechanisms that are less granular, this may occur.   The types of security mechanisms that could be implemented to provide the access control service are listed below. Mechanisms •     access control mechanism using access rights (defining owner, group, world permissions), •     access control mechanism using access control lists, user profiles, capability lists, •     access control using mandatory access control mechanisms (labels), 20