System Administration Guide
Chapter 5, Maintaining system security

Protecting the data on your system

Protecting the data on your system

The primary data protection on your system is the use of standard UNIX system permissions on files and directories. If you are unfamiliar with file permissions, see Chapter 3, ``Directories and files'' in the Operating System Tutorial and Chapter 7, ``Protecting files and directories'' in the Operating System Tutorial. Understanding the permission bits that you can set to protect files and directories is crucial to the security of your system. The default permissions for files created on your system are governed by the system-wide umask(C), which can also be customized by individual users.

SCO systems also include important filesystem features that extend the protection of UNIX systems. These features greatly enhance the security of the system. One of them, SUID and SGID bit-clearing upon file writes, is passive in that it requires no action by the system administrator. Other features are active, meaning that you can select them for particular objects. These active features include: