DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Guidelines for writing trusted software

Assigning access controls

All trusted data must be protected from unauthorized changes. This decision is based on the question ``does any non-administrator need to use this information?'' not ``is this information too sensitive for non-administrators to see?''

Discretionary access controls provide a finer access granularity. These permissions should be assigned based on logical groupings of data according to the needs of a set of commands and administrators. Since the discretionary controls are the only protections available to the base system, they should be assigned as though they were protecting a system on which all files are public and writable unless restricted by DAC.

The actual permissions placed on a given file depend entirely on the needs of the commands that use the file. The group bits, however, should be used instead of the owner bits to grant controlled access to files. This methodology allows the designer to use set-uid root for non-access related privilege and still take advantage of DAC controls on a least privilege system.


Next topic: Assigning privileges and special permissions
Previous topic: Installing trusted commands and data

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 27 April 2004