Exemplary embodiments generally relate to electrical computers and digital processing systems and, more particularly, to file protection and security levels.
Computer and network security is a common concern. Nearly every day some virus, threat, or “hacker” makes the news. Many computer experts thus devote themselves to developing schemes that improve the security of sensitive data and files. These past and current schemes, though, are all based on monitoring or alerting when suspicious access patterns are detected. These conventional schemes are thus best-effort and can only limit the amount of data stolen. These conventional schemes cannot prevent data from being stolen. Other conventional schemes also protect using a single user identification per document repository.
FIG. 1 illustrates one of the conventional security schemes. FIG. 1 structurally illustrates POSIX statements for traversing a directory structure “ . . . d1/d2 . . . .” The POSIX file system semantics make it nearly impossible to traverse the “ . . . d1/d2 . . . ” path as a non-privileged user (that is, a user not possessing the correct root id), where directories “d1” and “d2” each have “0700” permissions with respective ownership of u1 and u2. As FIG. 1 illustrates, the non-privileged user is prevented from traversing the “ . . . d1/d2 . . . ” path due to the requirements for executing a “change directory” system call. The change directory” system call requires a process to have “search” (e.g., execute) permission in the current directory before the process may advance to the next directory. Here, though, directories “d1” and “d2” are accessible only to their respective owners (e.g., user “u1” and user “u2”).