Unix
10 Pages 2480 Words
eaves few resources available for others. Also, if many large jobs are
run simultaneously, swap space may run out, causing a panic. It should be
evident that excessive consumption of disk space, files, swap space, and
processes can easily occur accidentally in malfunctioning programs
as well as at command level. In fact is essentially defenseless against
this kind of abuse, nor is there any easy fix. The best that can be said is
that it is generally fairly easy to detect what has happened when disaster
strikes, to identify the user responsible, and take appropriate action.
In practice, we have found that difficulties in this area are rather rare,
but we have not been faced with malicious users, and enjoy a fairly generous
supply of resources which have served to cushion us against accidental
overconsumption. The picture is considerably brighter in the area of protection
of information from unauthorized perusal and destruction. Here the degree of
security seems (almost) adequate theoretically, and the problems lie more in
the necessity for care in the actual use of the system. Each file has
associated with it eleven bits of protection information together
with a user identification number and a usergroup identification number (UID
and GID). Nine of the protection bits are used to specify independently
permission to read, to write, and to execute the file to the user himself,
to members of the user's group, and to all other users. Each process
generated by or for a user has associated with it an effective UID and
a real UID, and an effective and real GID. When an attempt is made to access
the file for reading, writing, or execution, the user process's effective
UID is compared against the file's UID; if a match is obtained, access is
granted provided the read, write, or execute bit respectively for the user
himself is present. If the UID for the file and for the process fail to
match,...