![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to security CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [MW Coherent from dump] / coherent / a / usr / man / COHERENT|
Return to security CVS log | Up to [MW Coherent from dump] / coherent / a / usr / man / COHERENT |
coherent
security Technical Information security
Because COHERENT is a multi-user, multi-tasking operating system
which can support users from remote terminals, steps must be
taken to ensure that the system is secure. Sensitive information
that is stored on the system must be protected from being read or
copied by unauthorized persons; files must be protected against
vandalization by intruders. Unless a reasonable degree can be
guaranteed, no multi-user operating system can be trusted to ar-
chive important information.
In one sense, it is easy to achieve perfect security in a com-
puter system. As Grampp and Morris have noted, ``It is easy to
run a secure computer system. You merely disconnect all dial-up
connections, put the machine and its terminals in a shielded
room, and post a guard at the door.'' For practical uses,
however, security means balancing ease of access against restric-
tiveness: users should have easy access to what is properly
theirs, and should be barred from system facilities that do not
belong to them.
The COHERENT system has the following tools to assist with
security.
_P_a_s_s_w_o_r_d_s Every user account can be ``locked'' with a password.
Each user can assign her own password, and the system
administrator can set passwords for the superusers root
and bin.
Passwords should be changed frequently. A password
should have at least six characters, should not be a
common name or word, and preferably should include a
mixture of upper- and lower-case letters, to prevent
decryption by brute-force methods.
Passwords should be guarded jealously. In particular,
the password for the superuser root should be kept
secret, as she can read every file and execute every
program throughout the system.
_P_e_r_m_i_s_s_i_o_n_s
Execution of system-level programs, such as mount, is
restricted to the superuser root. This prevents in-
truders from seizing superuser permissions through un-
authorized manipulation of system services. Ordinary
users are also restricted from directly access system
devices, for the same reason.
_E_n_c_r_y_p_t_i_o_n
The command crypt performs rotary encryption, similar
to that used by the German Enigma machine. Files of
sensitive information should be encrypted, to protect
them against being read by unauthorized persons. Note
that encryption is the only true defense against un-
authorized reading: not even the superuser can read an
encrypted file unless she has the encryption key.
COHERENT Lexicon Page 1
security Technical Information security
Many COHERENT systems have only one user and are not networked;
for such installations, the normal level of security may be an
annoyance. Passwords can be turned off by using the command
passwd to set the password to <return>. The command chmod can be
used to widen access to devices and system-level utilities; see
the Lexicon entry for chmod for more information on file access.
Security ultimately is a system-wide responsibility. To quote
Grampp and Morris, ``By far, the greatest security hazard for a
system ... is the set of people who use it. If the people who
use a machine are naive about security issues, the machine will
be vulnerable regardless of what is done by the local management.
This applies particularly to the system's administrators, but or-
dinary users should also take heed.''
***** See Also *****
chmod, crypt, passwd, technical information
Grampp FT, Morris RH: UNIX operating system security. _A_T&_T _B_e_l_l
_L_a_b _T_e_c_h _J 1984;8:1649-1672.
COHERENT Lexicon Page 2
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.