Q. Consider a system that holds 5000 users. Presume that you want to allow 4990 of these users to be able to access one file.
a. How would you denote this protection scheme in UNIX?
b. Could you propose another protection scheme that is able to be used more effectively for this purpose than the scheme provided by UNIX?
Answer:
a. There are two processes for achieving this:
1. Create an access control record with the names of all 4990 users.
2. Put these 4990 users in one group as well as set the group access accordingly. This scheme can't forever be implemented since user groups are restricted by the system.
b. The universal access to records applies to every user unless their name appears in the access-control list with different access permission. With this scheme you merely put the names of the remaining ten users in the access control list but with no access privileges allowed.