|
Most file systems have methods to assign permissions or access rights to specific users and groups of users. These systems control the ability of the users to view or make changes to the contents of the filesystem. ==Operating system variations== Unix-like and otherwise POSIX-compliant systems, including Linux-based systems and all Mac OS X versions, have a simple system for managing individual file permissions, which in this article are called "traditional Unix permissions". Most of these systems also support some kind of access control lists, either proprietary (old HP-UX ACLs, for example), or POSIX.1e ACLs, based on an early POSIX draft that was abandoned, or NFSv4 ACLs, which are part of the NFSv4 standard. Microsoft and IBM DOS variants (including MS-DOS, PC DOS, Windows 95, Windows 98, Windows 98 SE, and Windows Me) do not have permissions, only file attributes. There is a read-only attribute (R), which can be set or unset on a file by any user or program, and therefore does not prevent him/her from changing/deleting the file. There is no permission in these systems which would prevent a user from reading a file. Other MS-DOS/PC DOS-compatible operating systems such as DR DOS 3.31 and higher, PalmDOS, Novell DOS and OpenDOS, FlexOS, 4680 OS, 4690 OS, Concurrent DOS, Multiuser DOS, Datapac System Manager and IMS REAL/32 support read/write/execute/delete file/directory access permissions on FAT volumes. With the exception of FlexOS, 4680 OS, and 4690 OS all these operating systems also support individual file/directory passwords. All operating systems except for DR DOS, PalmDOS, Novell DOS and OpenDOS also support three independent file/directory ownership classes world/group/owner, whereas the single-user operating systems DR DOS 6.0 and higher, PalmDOS, Novell DOS and OpenDOS only support them with an optional multi-user security module (SECURITY.BIN) loaded. OpenVMS (a.k.a. VMS), as well as Microsoft Windows NT and its derivatives (including Windows 2000 and Windows XP), use access control lists (ACLs)〔http://technet.microsoft.com/en-us/library/bb727008.aspx〕 to administer a more complex and varied set of permissions. OpenVMS also uses a permission scheme similar to that of Unix, but more complex. There are four categories (System, Owner, Group, and World) and four types of access permissions (Read, Write, Execute and Delete). The categories are not mutually disjoint: World includes Group which in turn includes Owner. The System category independently includes system users (similar to superusers in Unix).〔http://h71000.www7.hp.com/doc/731final/6489/6489pro_025.html#int_prot_code〕 Classic Mac Operating Systems' HFS do not support permissions, only file attributes: "Hidden" (does not show in directory listings); "Locked" (read-only); "Name locked" (cannot be renamed); and "Stationery" (copy-on-write). The AmigaOS Filesystem, AmigaDOS supports a relatively advanced permissions system, for a single-user OS. In AmigaOS 1.x, files had Archive, Read, Write, Execute and Delete (collectively known as ARWED) permissions/flags. In AmigaOS 2.x and higher, additional Hold, Script, and Pure permissions/flags were added. Mac OS X versions 10.3 ("Panther") and prior use POSIX-compliant permissions. Mac OS X, beginning with version 10.4 ("Tiger"), also support the use of NFSv4 ACLs. They still support "traditional Unix permissions" as used in previous versions of Mac OS X, and the ''Apple Mac OS X Server version 10.4+ File Services Administration Manual'' recommends using only traditional Unix permissions if possible. It also still supports the Mac OS Classic's "Protected" attribute. Solaris ACL support depends on the filesystem being used; older UFS filesystem supports POSIX.1e ACLs, while ZFS supports only NFSv4 ACLs.〔http://docs.oracle.com/cd/E19253-01/819-5461/819-5461.pdf〕 Linux supports POSIX.1e ACLs. There is experimental support for NFSv4 ACLs for ext3 filesystem 〔http://www.suse.de/~agruen/nfs4acl/〕 and ext4 filesystem. FreeBSD supports POSIX.1e ACLs on UFS, and NFSv4 ACLs on UFS and ZFS.〔http://wiki.freebsd.org/NFSv4_ACLs〕〔http://www.freenas.org/images/resources/freenas9.1.1/freenas9.1.1_guide.pdf〕 IBM z/OS implements file security via RACF (Resource Access Control Facility)〔http://publib.boulder.ibm.com/infocenter/zos/v1r12/index.jsp?topic=%2Fcom.ibm.zos.r12.e0ze100%2Fracf.htm〕 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「File system permissions」の詳細全文を読む スポンサード リンク
|