SF101 Permissions - ITPro

After authentication (covered in the last lecture SF101 User Authentication - ITPro), the next step is authorization, what resources and actions that a user is permitted to access or perform. This is also the second step in the Authentication Authorization Accounting (AAA) framework. Authentication may give you access to a system, but authorization (granting permissions) controls what resources you have access to.

Permissions

Permissions Definition
  • [i] Permissions) - (definition:: Alternatively called rights and privileges, access details given by a user or network administrator that define access rights to resources on a network) - (subject:: Cybersecurity

Permissions Details

Permissions are often maintained through Access Control procedures and Access Control List (ACL)s. There are multiple types of permissions.

Effective Permissions

Effective Permissions

Effective Permissions Definition
  • [i] Effective Permissions) - (definition:: Cumulative access rights a user has to a resource based on their individual permissions and group memberships) - (subject:: Information Technology

Effective Permissions Examples

When a user is a member of multiple groups, or has both user-level and group-level permissions, the effective permissions are determined by the most permissive access allowed. This is known as the "highest permission wins" principle.

Operating System Permissions

Operating System Permissions

Different operating systems use different forms of permissions scaling.

Windows Permissions

In a Windows environment, there are two sets of permissions that can be applied.

  1. New Technology File System (NTFS) Permissions: These permissions are applied at the file system level and always apply, regardless of how the resource is accessed.
  2. Share Permissions: These permissions are applied when a resource is shared over the network. They control access when the resource is accessed remotely.

The most restrictive permission between the two becomes the effective permission.

Linux and MacOS Permissions

Linux and macOS file systems use a different permission model compared to Windows.

  • Permissions are assigned to the file/folder owner, the owner's group, and other users.
  • Basic permissions are read, write, and execute.
  • Permissions are displayed in a 3 digit octal format, where each digit represents the permissions for owner, group, and others.

-rwx-rwx-rwx

So that chunk says the owner, group, and others have full rights to the file, to read, write and execute.