| Nominal Animal |
01-18-2011 12:52 AM |
Quote:
Protection mechanisms provide controlled access by limiting the types of file access permitted to users.
|
One such protection mechanism in Linux is the standard Unix access control mechanism: in most file systems every file, directory, device et cetera has an owner-user, an owner-group, and a separate patterns defining the access types (read, write, execute/traverse) allowed for the owner-user, any user belonging to the owner-group, and all others.
Quote:
In addition, protection must also ensure that only those processes that have gained proper authorization from the operating system can operate on memory segments, the CPU, and other resources.
|
In Linux, each process has their own memory space. Other processes' memory segments are not visible to the process, even if it tried every possible memory address. (Bugs and MMU-less platforms exist, though.)
CPU and I/O priorities are enforced by the kernel, totally invisibly to the process (other than the resulting effects). The kernel also enforces a large number of per-process limits: for example, the kernel will terminate any process which runs longer (uses more CPU time) than a set limit.
Quote:
Protection is provided by a mechanism that controls the access of programs, processes, or users to the resources defined by a computer system.
|
This is a repeat of the first quoted sentence, but extends the scope to cover all resources a computer system has.
Quote:
This mechanism must provide a means for specification of the controls to be imposed, together with a means of enforcement.
|
In Linux, this specification is done via utility programs like chmod, chown, nice, ionice, su and sudo and so on, but also via detailed configuration files in the /etc/ tree.
Hope this helps, Nominal Animal |
