)
Figure 3.2 Contents of the NT security descriptor.
| Previous | Table of Contents | Next |
The NT file system (NTFS) supports granular DAC. Each file in the NTFS is an object. Every NT object has a security descriptor consisting of the object’s unique identifier and a pair of access control lists. The security descriptor for an object is initialized when the object is created. Figure 3.2 shows the components of the security descriptor.
Figure 3.2 Contents of the NT security descriptor.
The security descriptor contains a DAC ACL component and a SYSTEM ACL component. Normal NT user and group access rights for an object are stored in the DAC ACL. Each entry (ACE) in a DAC ACL identifies a particular user or group SID along with the access permissions granted to that subject. The special NT user SYSTEM, which represents the operating system itself, has a separate ACL. These two distinct ACLs are described in the next few sections.
DAC Access Control Lists
NT distinguishes between standard permissions and special permissions. Access permissions for an object are normally defined using the standard permissions that are logical groupings of special permissions. Consider the more low-level special permissions first.
Special permissions are similar to permission bits found in UNIX with two additions. First, an explicit option enables the subject to change the object’s access permissions. If you have this permission for an object, even if you are not the object’s owner, you will be allowed to modify its permissions. Unlike most UNIX systems, NT allows for the possibility that the object’s owner may not be the only user who is allowed to change the permissions of an object. For example, user Joe may want users Bill and Jane to be able to set permissions on files that they work on together. Next, special permission can be granted to take ownership of an object. By default, the owner of the object controls its permissions. Taking ownership of an object is a powerful permission and is normally limited to the object’s owner. The Administrator is allowed to take ownership of any object. Table 3.2 describes the special NT file permissions.
| Permission | Allowed Action If Object Is a File | Allowed Action If Object Is a Directory |
|---|---|---|
| R | Read contents of file | View file and subdirectory names |
| X | Execute file as a program | Can change to subdirectories |
| W | Change file contents | Add, rename, create files and subdirectories |
| D | Delete file | Delete directory and subdirectories |
| P | Change file permissions | Change directory permissions |
Standard permissions are summarized in Table 3.3. Notice that the intent is to provide more meaningful terms for users to administer access permissions than the granular special permissions. Whether in practice these higher level abstractions are easier for systems administrators is a matter of opinion.
| Permission | Allowed Action If Object Is a File | Allowed Action If Object Is a Directory |
|---|---|---|
| No Access | None | None |
| List | Not applicable | RX |
| Read | RX | RX |
| Add | Not applicable | WX |
| Add & Read | Not applicaable | RWX |
| Change | RWXD | RWXD |
| Full Control | All | All |
Notice that the List and Add permissions have no interpretation for individual files. These permissions are meaningful only for directories. Recall from the discussions on UNIX permissions that a number of special meanings are applied to the permission bits depending on whether the object is a file or directory. The interpretations for the NT standard permissions are shown in Table 3.4 for files and Table 3.5 for directories.
| Permission | Interpretation | |
|---|---|---|
| No Access | Under no circumstances is the user allowed access to the file. | |
| Read | Permission to execute the file, open the file, or display the file’s attributes. | |
| Change | Permission to append to or change data in the file, to display the file’s owner and permissions, plus the Read permissions. | |
| Full Control | Equivalent to Change with the additional capability to take ownership of the file. | |
| Permission | Interpretation | |
|---|---|---|
| No Access | Under no circumstances is the user allowed access to the file. | |
| List | Users can list files and subdirectories to which they have access but cannot list files or subdirectories to which they do not have explicit access in this folder. | |
| Read | Permission to list files or subdirectories, execute programs, change into subfolders, and display attributes of files or subfolders. | |
| Add | Files can be added to the folder. Neither Read nor List are implied by this permission. | |
| Add & Read | Includes Add permissions and Read permissions combined. | |
| Change | Permissions granted by Read augmented to include creation of subfolders and files, changing file or folder attributes, and deletion of the folder’s files and subfolders. | |
| Full Control | Equivalent to Change with the additional capability to change permissons of the folder itself and to take ownership of the directory itself. | |
| Previous | Table of Contents | Next |
){kind=link}