Previous Topic: Protecting Files and ProgramsNext Topic: How File Protection Works


Restricting Access to Files and Directories

CA ControlMinder leaves the UNIX system of permissions intact but adds a layer of enhanced access control to it.

CA ControlMinder intercepts each of the following file access operations and verifies that the user has authorization for the specific operation before returning control to UNIX. The access type is in parentheses.

CA ControlMinder access checking differs from the native UNIX authorization in the following ways:

The following are the limits of the File Protection System:

CA ControlMinder supports the following access types for files.

The File Protection System is useful for protecting selected sets of files that contain sensitive data. For example, you can use CA ControlMinder to protect the following files:

You should use CA ControlMinder to protect databases (access should be granted only to the server daemon) and all other sensitive files at your site.

Some files that always need access control are governed by rules even without you specifying them.