Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

PROTECTED_SUBSYSTEMS

ACLS

PROTECTION

PROTECTION RIGHTS

PROTECTION SIDS

PROTECTION ACLS

PROTECTION/PROTECTED SUBSYSTEMS -- Details about Protected Subsystems  83/08/05

  The protected subsytems mechanism is a part of the operating system's
  protection capabilities. In contrast to the Access Control List (ACL)
  mechanism, which allows you to specify WHO can access files, protected
  subsystems provide you the added ability to define exactly HOW those files
  can be accessed.  Using protected subsystems, you can tightly control the
  range of permissable operations that users may perform on files.

  Protected subsystems allow you to designate a body of data (a protected
  collection of files) for use solely by specified programs (managers of a
  subsystem).  This permits broad groups of users (specified by ACL information)
  to access data via the managing programs of a subsystem.  Typically, the
  subsytem managers perform operations that a normal user would be prohibited
  from doing -- for instance, modifying the network registry files.  Since the
  files in use, however (registry files, in our example), are opened only by
  the managing programs which filter the user's requests, users may perform
  operations that previously were restricted to trusted people.


BASIC CONCEPTS

  In more detail, a PROTECTED SUBSYSTEM is composed of a set of programs and
  a set of objects (data files).  The programs are called the MANAGERS of the
  protected subsystem; the objects are called PROTECTED OBJECTS and are said to
  be OWNED by the subsystem.  For an object to be owned by a subsystem, it must
  be SEALED by that subsystem.  When you run a subsystem's manager program,
  you are said to be RUNNING INSIDE THE SUBSYSTEM, or simply INSIDE the
  subsystem; at other times, you are OUTSIDE the subsystem.  The operating
  system defines ways of accessing or operating on objects, primarily via
  mapping and via file operations (i.e., reads and writes); these are called
  BASE ACCESSES or BASE OPERATIONS.  Collectively, the managers of a subsystem
  create and define a broader set of operations that can be performed upon the
  objects owned by the subsystem; these are called EXTENDED ACCESSES or
  EXTENDED OPERATIONS.

  Notice that the integrity of a subsystem's objects is maintained only so
  long as the subsystem's manager programs retain sole access to them (assuming
  the programs contain no bugs); what the protected subsystem mechanism does
  is allow a subsystem to ENFORCE this protection property.

  The primary enforcement mechanism is to allow a subsystem to restrict base
  access to an object (for instance, reading and writing a protected file) to
  processes running inside the subsystem.  The managers of a subsystem have
  (potentially, at least) ALL base rights to the objects owned by the subsystem.
  Thus, only the managers can directly read and write their protected objects,
  and all user operations on protected objects must be via the subsystem's
  extended operations.  Thus users might not read and write the protected
  files directly, but only through (and under the supervision of) a subsystem
  manager.


RELATED TOPICS

  More information is available.  Type:

  - HELP PROTECTED_SUBSYSTEMS
    for more information on the commands that maintain protected subsystems.

  - HELP ACLS
    for more information on the commands that manipulate ACLs.

  - HELP PROTECTION
    for more information on protection in general.

  - HELP PROTECTION RIGHTS
    for more information on base access rights.

  - HELP PROTECTION SIDS
    for information on Subject Identifiers (SIDs).

  - HELP PROTECTION ACLS
    for information about ACLs.

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026