Protection is a mechanism for controlling the access of programs, processes, or users to the resources defined by the computer system. The resources defined by the computer system may be hardware resources and may be software resources. Each of these resources can be accessed only through well defined operations. A collection of access rights to the resources is the protection domain. The protection of files becomes important, when an operating system allows multiple users to share files. Protection mechanisms provide controlled access by limiting the types of file access that can be made. Several different types of operations may be controlled such as, read, write, execute, append, delete and rename. Protection of files can be provided in many ways, the most common way is to make access dependent on the identity of the user. This can be implemented by condensed access list, which use three classifications of users:
 |
Owner: the file creator. |
|
Group: a set of users who are sharing the file and need similar access. |
|
Universe: all other users in the system. |
There are two protection domains in the operating system:
|
The user protection domain: the application programs run in this domain. These application programs |
|
do not have direct access to kernel data. |
|
The kernel mode protection domain: The code in the kernel and kernel extensions run in this domain. |