5.7.3. File-Related Issues

System administrators often have to deal with file-related issues. The issues include:
  • File Access
  • File Sharing

5.7.3.1. File Access

Issues relating to file access typically revolve around one scenario -- a user is not able to access a file they feel they should be able to access.
Often this is a case of user #1 wanting to give a copy of a file to user #2. In most organizations, the ability for one user to access another user's files is strictly curtailed, leading to this problem.
There are three approaches that could conceivably be taken:
  • User #1 makes the necessary changes to allow user #2 to access the file wherever it currently exists.
  • A file exchange area is created for such purposes; user #1 places a copy of the file there, which can then be copied by user #2.
  • User #1 uses email to give user #2 a copy of the file.
There is a problem with the first approach -- depending on how access is granted, user #2 may have full access to all of user #1's files. Worse, it might have been done in such a way as to permit all users in your organization access to user #1's files. Still worse, this change may not be reversed after user #2 no longer requires access, leaving user #1's files permanently accessible by others. Unfortunately, when users are in charge of this type of situation, security is rarely their highest priority.
The second approach eliminates the problem of making all of user #1's files accessible to others. However, once the file is in the file exchange area the file is readable (and depending on the permissions, even writable) by all other users. This approach also raises the possibility of the file exchange area becoming filled with files, as users often forget to clean up after themselves.
The third approach, while seemingly an awkward solution, may actually be the preferable one in most cases. With the advent of industry-standard email attachment protocols and more intelligent email programs, sending all kinds of files via email is a mostly foolproof operation, requiring no system administrator involvement. Of course, there is the chance that a user will attempt to email a 1GB database file to all 150 people in the finance department, so some amount of user education (and possibly limitations on email attachment size) would be prudent. Still, none of these approaches deal with the situation of two or more users needing ongoing access to a single file. In these cases, other methods are required.