Protecting the data on your system

Because SCO OpenServer is a multiuser system, you usually do not work alone in the filesystem. System users can follow pathnames to various directories and read and use files belonging to one another, as long as they have permission to do so.

This chapter discusses file attributes that have security relevance. Protection attributes common to all file types include:

• owner -- the file owner

• group -- users who are part of the group may have special access permissions

• discretionary access control (DAC) -- these are mechanisms set by the file owner to determine who may access the file. Two mechanisms supported by this release are permission bits and access control lists (ACLs).

SCO OpenServer systems also include important filesystem features that extend the protection of UNIX systems. These features greatly enhance the security of the system. One of them, SUID and SGID bit-clearing upon file writes, is passive in that it requires no action by the system administrator. Other features are active, meaning that you can select them for particular objects. These active features include:

• ``SUID/SGID bits and security''

• ``SUID, SGID, and sticky bit clearing on writes''

• ``The sticky bit and directories''

• ``Data encryption''

• ``Imported data''

• ``Terminal escape sequences''