لطفا منتظر باشید ...
Operating System Security
Each operating system has the inherent ability to place access limits on the files and directories within its file system. Web servers can leverage these security features to implement access control.
Windows 2003 and XP
To place access limits on the CFIDE directory in Windows 2003 and XP, follow these steps:
| 1. | Open Windows Explorer, and browse to the CFIDE directory. |
| 2. | Right-click on CFIDE, and select Properties. This opens a properties sheet similar to the one shown in Figure 8.1.Figure 8.1. NTFS file permissions are set in the Security tab of the directory properties sheet. |
| 3. | Select the Security tab. |
| 4. | If you want to modify existing user/group permissions, proceed to step 6. |
| 5. | If you want to add additional user/group permissions, click the Add button. This opens The Select Users or Groups window (Figure 8.2). Enter the user/group names in the text box provided and click OK.Figure 8.2. Select only the users who should be allowed to access this directory. |
| 6. | To modify existing user/group permissions, in the Security tab of the properties sheet select the user whose access you want to change. If you added additional users/groups, the last one added is currently selected. |
| 7. | Click the appropriate check box in either the Allow or Deny column next to the permission you wish to control for this user. A shaded checkbox indicates an inherited permission, as shown in Figure 8.3.Figure 8.3. Explicitly allow or deny directory permissions. Shaded checkboxes indicate inherited permissions. |
| 8. | If there are any users or groups in the list who should not have access, select them and click Remove. |
| 9. | Click the Advanced button for access to special permissions and advanced settings. This opens the Advanced Security Settings dialog box (Figure 8.4).Figure 8.4. Secure subdirectories and files by allowing permissions to be passed along to child objects.[View full size image]  |
| 10. | Click OK to close the advanced settings dialog box, and then again to close the directory properties window. |
NOTE
To implement file permissions, the underlying file system must be NTFSnot FAT or FAT32.
Unix and Linux
Unix and Linux operating systems let administrators set the read, write, and execute permissions on individual files and directories. The permission structures are based on granting permissions to three types of users: owner, group, and all users. These permissions are identified in Table 8.1.
| PERMISSION | LETTER | VALUE |
|---|---|---|
| Read | r | 4 |
| Write | w | 2 |
| Execute | x | 1 |
shows that the file myfile has the following permissions:
$ls l myfile
-rwxrw-r-- 1 root root 0 July 1 10:05 myfile
This is often also expressed numerically. In that case, the file would have a permission of 764.In Unix, the chmod or change mode command is used to set permissions on files and directories. If you wanted to revoke the permission for everyone outside of the owner and group types, you would type the following:
Owner: Read, Write, Execute
Group: Read, Write
Everyone: Read
This tells the system to change the permissions mode on the file myfile to:
$chmod 760 myfile
Running the same ls -l as before yields the following:
Owner: Read, Write, Execute
Group: Read, Write
Everyone: none
This indicates that permissions for this file are no longer available to everyone.If the file on which you are granting permissions is a directory, and you want all files in that directory to also inherit the new permissions, you can use the -R attribute of chmod to indicate that the system should recurse through the directory and assign the permissions to every file within it.
$ls l myfile
-rwxrw---- 1 root root 0 July 1 10:05 myfile
![[View full size image]](/image/library/english/13876_08fig04_alt.gif;400477){kind=link}