Once a user has access to a given file, which might need both user and file passwords to reach, there is one additional level of access control available. This is the “file permission mask,” a set of controls over who can do what with a given file.
User permissions with respect to the following file operations can be controlled with the file permission mask for a given file (i.e., “YES, TYPE X USERS have permission to do this operation” or “NO, TYPE X USERS do not have permission to do this operation”):
If a file has no permission mask, any user who can access the file can perform all the above operations. Remember: A zero permission mask does not mean "no permission"; it means "no security restrictions" (full permission) and no owner and group are assigned.
Each of these permissions for a given file can be specified for any or all of the following classes of users:
In summary, a file permission mask permits different degrees of access to a file for the file’s owner, users belonging to the file’s group, and all other users, including guests.
Using the concepts discussed above, the Administrator can establish a sophisticated and flexible security system with the FairCom Server. The mechanism for actually entering information for use by the FairCom Server is a separate program utility, called the Administrator’s Utility, ctadmn.