File Access

On a PC, if you have files containing confidential information, you can prevent others from accessing them by denying access to the relevant files or to the machine itself.

You can prevent access to files in one of the following ways:

  • Giving passwords and permissions to the computer system
  • Hiding the files

Some software packages enable you to give passwords for the files you create. The file can be accessed only on supplying the password.

Windows NT provides a multi-layered security architecture. The Security Subsystem of Windows NT is responsible for maintaining security and access-restrictions in the system. The security model provides for discretionary access control so that the owner of a resource (file or folder) can specify which users or groups can access the resources and what type of access they are allowed (such as read, write, and delete). Windows NT also allows the users of the system to specify file access permissions for individual files. The Reference Monitor provides services for validating access to objects, checking user privileges, and generating audit messages.

You can hide files using the DOS ATTRIB command. When you hide a file, the filename will not be displayed in the directory listing. No person can display the file unless the name of the file is known. The file cannot be deleted or copied. The command for hiding one or more files is:

ATTRIB +H <filename>

This hides the specified file(s) from users. The -H option unhides the specified file(s). Figure shows the DIR command before and after hiding the file using the ATTRIB command.

Hiding Files Using the ATTRIB Command

Hiding Files Using the ATTRIB Command

If you want people to read your files but are concerned about them being modified, then you can make individual files read-only. A file is said to be read-only if you are able to examine the contents, but not change them. The command to use is:

ATTRIB +R <filename>

The <filename> can contain wildcard characters to make multiple files read-only. Once a file has been made read-only, it cannot be modified or deleted. An attempt to delete it returns an error message 'Access denied'. Once you have made the required files read-only, your system is secure.

However, if you wish to modify it, you will need to remove its read-only status. This is also done with the ATTRIB utility, with the -R option.