PROTECTION/SIDS Aegis PROTECTION/SIDS
NAME
protection/sids - Subject Identifier Syntax and Usage
DESCRIPTION
Precisely, a "subject" is an entity that accesses object. Loosely, a
subject is usually a human user who has been given an account to log in
to the system; but a subject can also be a server program which may not
correspond to any human user at all.
A subject is identified by an SID (subject identifier), which is the
formal name for the 'log in names' that are used to identify people to
the system when they log in. Basically, an SID has three parts: a person
name (p), group name (g), and organization name (o); the combination is
often abbreviated to 'pgo'.
SIDs consist of the p,g, and o separated by periods. Thus
joe.sftwr.r_d
might be the name of a software programmer in the R & D organization.
His person name is 'joe'; his group name is 'sftwr'; his organization
name is 'r_d'.
In Access Control Lists (acls), sids can contain a wildcard, similar in
concept to wildcards used with pathnames. A '%' in the person, group, or
organization part of a SID will match any person, group, or organization
(respectively). Thus
joe.%.%
would match user 'joe' regardless of his project or organization names.
SEE ALSO
acls
for more information on commands which manipulate access control lists
(acls).
protection
for more information on protection in general.
protection acls
for detailed information on acls.