It is very difficult for me to explain UNIX system wide permission setup in One word.work of over 37 years went behind this!
gx sourav said:
How is Unix permission system is better then Windows, all of us Windows users would like to know, care to elaborate.???
Linux offers advanced UNIX file system permissions which in brief can be :
user,groups,others with each having rwx(read,write,execute) option available for setting.also,there is SUID,SGID,Sticky Bits,POSIX ACLs,octal permissions to name a few.it is too complex to get a crack
It needs time to totally understand UNIX system wide permission system
OK.here it is in simple words :
Linux—and Unix-like systems in general—have a “user, group, other” approach to filesystem permissions at a minimum.[72] This can be seen by typing ls -l in a text terminal on a Linux system. There also Access Control Lists available on some filesystems, which extends the traditional Unix-like permissions system. Security patches like SELinux and PaX add Role-Based Access Controls, which add even finer-grained controls over which users and programs can have access to certain resources or perform certain operations. Some distributions, such as Fedora, CentOS, and Red Hat use SELinux out of the box, although most do not.[73]
Most Linux distributions provide different user accounts for the various daemons.[74] In common practice, user applications are run on unprivileged accounts, to provide Least user access. In some distributions, administrative tasks can only be performed through explicit switching from the user account to the root account (tools such as su and sudo are very common).
*en.wikipedia.org/wiki/File_system_permissions
*en.wikipedia.org/wiki/Comparison_of_Windows_and_Linux#Security
*en.wikipedia.org/wiki/Comparison_of_privilege_authorization_features
and
windows:
I just found out about an important security update for Vista: KB943078. Betanews published the related article Microsoft acknowledges Vista kernel elevation vulnerability on December 14, 2007 that links to the Microsoft Security Bulletin MS07-066 - Important. Basically, a vulnerability has been found that enables a trojan to elevate itself to full administrator without the user's knowledge, thereby gaining complete control of the system. (This is what they mean when they say that UAC is not a security boundary.)
While we are on the subject of vulnerabilities, here are some other oldies worth knowing about...
PC World published the article Vista's UAC Warnings Can't be Trusted, Symantec Says on February 22, 2007. Basically this is a vulnerability that tricks a user into thinking it is safe to elevate a process. It does this by tricking the system into displaying the trusted green elevation dialog that indicates that the elevation request is coming from a trusted Windows process rather than from an unknown process (that would be displayed with a yellow/orange title bar). You can see samples of the various elevation dialogs here: Getting Started with User Account Control on Windows Vista
That was followed up by eWeek.com on May 16, 2007 with the article Researcher Reveals 2-Step Vista UAC Hack. This article shows that the theoretical vulnerability found by Symantec could actually be exploited. Remember, that this exploit is a weakness in the design of UAC so it won't be patched like was done with the critical security update above. This is a good reminder that your user population should not be given administrator privileges unnecessarily.
While we're on the topic of weakness in UAC design, you will want to have a look at ZDNet's article Hacker, Microsoft duke it out over Vista design flaw posted February, 2007. It points out the compromises made to Vista's elevation procedures when it comes to installing legacy applications. It is important to note that Vista's requirement that you must be admin to install some of these applications is less secure than XP where sometimes you had the opportunity to install products with only basic user rights.
*vistavitals.blogspot.com/2007/12/uac-vista-uac-vulnerabilities.html
UAC Vulnerabilites!
Vista have UAC(copied from UNIX
) which may be good,but cannot be as worthy and do not give the complex options that can be set on files.
Because of Microsoft’s aggressive marketing practices, millions of users who have no idea what an operating system is have been using Windows operating systems given to them when they purchased their PCs. Many others are not aware that there are operating systems other than Windows. But you are here reading an article about operating systems, which probably means that you are trying to make conscious OS decisions for home use or for your organizations. In that case, you should at least give Linux/Unix your consideration, especially if the following is relevant in your environment.
Advantages of Unix
- Unix is more flexible and can be installed on many different types of machines, including main-frame computers, supercomputers and micro-computers.
- Unix is more stable and does not go down as often as Windows does, therefore requires less administration and maintenance.
- Unix has greater built-in security and permissions features than Windows.
- Unix possesses much greater processing power than Windows.
- Unix is the leader in serving the Web. About 90% of the Internet relies on Unix operating systems running Apache, the world's most widely used Web server.
- Software upgrades from Microsoft often require the user to purchase new or more hardware or prerequisite software. That is not the case with Unix.
- The mostly free or inexpensive open-source operating systems, such as Linux and BSD, with their flexibility and control, are very attractive to (aspiring) computer wizards. Many of the smartest programmers are developing state-of-the-art software free of charge for the fast growing "open-source movement”.
- Unix also inspires novel approaches to software design, such as solving problems by interconnecting simpler tools instead of creating large monolithic application programs.
*linux.about.com/cs/linux101/a/unix_win.htm
and last,but not the least,Vista permission system is a failed copying of UNIX File Permission system