Sharing Files Richard Newman based on Smith “Elementary Information Security”

File Sharing Policies Generic – Isolation – Share everything Tailored – Privacy – Shared Reading – Shared Updating

Tailored File Sharing Policy Considerations Which objects are involved – By owner – By project – By type Which users are granted new rights – Individual – Group – Role – Role relative to X Default access – Deny or allow? What access rights to enforce – R, W, X,... – Conditions?

File Sharing on Windows Default: Isolation Per folder file sharing – Chose people to share with – Permission level Permission levels – Owner – full access, owns folder – Co-owner – full access, doesn't own folder – Contributor (not in Windows 7) – create files, modify own files – Reader – read files in folder

User Groups Unix, “professional” Windows Implementation of group access – File has group owner attribute, and group access rights – Group named on ACL with access rights Implementation of groups – Special file – edited – System file accessed through utilities – Built-in groups Administrators, wheel group, per-user group – Associate user ID with group upon login Allows more precise audit

Least Privilege Administrator access – Log in as admin – Log in as user with admin rights (in group) – Log in as regular user, but ability to authenticate as admin for specific programs, actiions (sudo, etc.) – Switch mode as needed (setuid) – UAC – User Account Control - “permission to continue”

Posix File Permissions Three classes of entity relative to a file – User (Owner) – one uid per file – Group – one gid per file – Other (World) – Of course, there is always root.... Access permission bits – rwx – r – read file or directory listing – w – write/modify file or create/rename/delete files in directory – x – execute file or use directory in path Changing permissions – chmod – chown – chgrp

Rights Ambiguity Conflicting rights bits – e.g, group allowed to write but user not allowed to write – e.g. other allowed to read but group not allowed to read – Any user attempting access belongs to “all” and zero, one, or two other categories How are conflicting rights bits treated – OpenVMS - “OR” bits of all applicable classes – Unix – use bits of most specific applicable class – explicit denial Root User Group Other

Access Control Lists (ACLs) Need for ACLs – Policy with read access for group A, read/write access for group B – Can't do it in Unix rwx bits Multics – Pioneered ACLs – Subject matched to a.b.c with wildcards – a is user name, b is project name, c is compartment – rew rights Modern systems – Posix.1e – Apple Macintosh OS-X – MS Windows – NFSv4

Posix.1e ACLs Classes – User – user::rwx – Group – group::rwx – World – other::rwx – Specific user – user:user-name:rwx – Specific group – group:group-name:rwx – Mask applied to specific users/groups – mask::rwx

Windows/Mac ACLs Per file/directory – Owner rights – Everyone rights – Specific user rights – Selection of no access/read only/read-write Special considerations: Must have admin rights on Mac

Apple OS/X ACLs Entities – Owner – Everyone – Specific individuals – Groups Access rights – No access – Read-only – Read-write – “OR” of rights apply to requester Groups – Created under “System Preferences -> User Accounts” – Requires admin access

Windows ACLs Entities – Owner – Everyone – Specific individuals – Groups Access rights – “Full Control” – Modify – Read & Execute – Read – Write – Special Permissions – Allow and deny flags – Apply deny first, then check for allow