|
|
System security is built on two foundations; being able to validate the identity of a user, and being able to determine whether a given user has permission to carry out a task. When you log in, the system uses your login to check the password file; when you type your password, the system encrypts it and compares it with the (encrypted) copy of your password that it already knows. This acts as a check on your identity. If you disclose your password to someone else, they can log in as you.
Access to the files on the system is controlled by your permissions; see ``Access control for files and directories''. Note that the system administrator or root user can read or write any file they want to. Thus, the most important password on the system is the root password.
In addition to controlling file access on the basis of your login name, the system controls access to system services. Whenever you run a program, the process it gives rise to inherits your authorizations and privileges. Thus, if you lack the appropriate privilege, you may not be able to use the ps command to check on other user's processes, to use chown to change the ownership of files, or to use su to run programs under another login. Again, system authorizations are assigned on the basis of your login; the root account is allowed to do anything. (Authorizations are assigned on a per-subsystem basis, while privileges are assigned for kernel based operations.)