Filesystem Permissions - Differences Between Operating Systems

Differences Between Operating Systems

Unix-like and otherwise POSIX-compliant systems, including Linux-based systems and all Mac OS X versions, have a simple system for managing individual file permissions, which in this article are called "traditional Unix permissions". Most of these systems also support some kind of access control lists, either proprietary (old HP-UX ACLs, for example), or POSIX.1e ACLs, based on an early POSIX draft that was abandoned, or NFSv4 ACLs, which are part of the NFSv4 standard.

Microsoft and IBM DOS variants including MS-DOS, PC DOS, Windows 95, Windows 98, Windows 98 SE, and Windows Me) do not have permissions, only file attributes. There is a read-only attribute (R), which can be set or unset on a file by any user or program, and therefore does not prevent him/her from changing/deleting the file. There is no permission in these systems which would prevent a user from reading a file.

Other MS-DOS/PC DOS-compatible operating systems such as DR DOS 3.31 and higher, PalmDOS, Novell DOS, and OpenDOS, FlexOS, 4680 OS, 4690 OS, Concurrent DOS, Multiuser DOS, Datapac System Manager and IMS REAL/32 support read/write/execute/delete file/directory access permissions on FAT volumes. With the exception of FlexOS, 4680 OS, 4690 OS all these operating systems also support individual file/directory passwords. All operating systems except for DR DOS, PalmDOS, Novell DOS and OpenDOS also support three independent file/directory ownership classes world/group/owner, whereas the single-user operating systems DR DOS 6.0 and higher, PalmDOS, Novell DOS and OpenDOS only support them with an optional multi-user security module loaded.

OpenVMS (a.k.a. VMS), as well as Microsoft Windows NT and its derivatives (including Windows 2000 and Windows XP), use access control lists (ACLs) to administer a more complex and varied set of permissions. OpenVMS also uses a permission scheme similar to that of Unix, but more complex. There are four categories (System, Owner, Group, and World) and four types of access permissions (Read, Write, Execute, and Delete). The categories are not mutually disjoint: World includes Group which in turn includes Owner. The System category independently includes system users (similar to superusers in Unix).

Classic Mac Operating Systems are similar to DOS variants and DOS-based Windows: they do not support permissions, but only a "Protected" file attribute.

The AmigaOS Filesystem, AmigaDOS supports a relatively advanced permissions system, for a single-user OS. In AmigaOS 1.x, files had Archive, Read, Write, Execute and Delete (collectively known as ARWED) permissions/flags. In AmigaOS 2.x and higher, additional Hold, Script, and Pure permissions/flags were added.

Mac OS X versions 10.3 ("Panther") and prior use POSIX-compliant permissions. Mac OS X, beginning with version 10.4 ("Tiger"), also support the use of NFSv4 ACLs. They still support "traditional Unix permissions" as used in previous versions of Mac OS X, and the Apple Mac OS X Server version 10.4+ File Services Administration Manual recommends using only traditional Unix permissions if possible. It also still supports the Mac OS Classic's "Protected" attribute.

Solaris ACL support depends on the filesystem being used; older UFS filesystem supports POSIX.1e ACLs, while ZFS supports only NFSv4 ACLs.

Linux supports POSIX.1e ACLs. There is experimental support for NFSv4 ACLs for ext3 filesystem.

FreeBSD supports POSIX.1e ACLs on UFS, and NFSv4 ACLs on UFS and ZFS.

IBM z/OS implements file security via RACF (Resource Access Control Facility)