Default file and directory permissions, identity mapping, or access control lists on the shared file system may be configured with broader scope than required for the workload. Users or processes on authorized mount clients can read or modify files outside their intended scope. This impacts confidentiality and integrity of file content stored on the shared file system.
Storage / File Storage / Threats / DEV
POSIX Permissions Grant Unintended Shared Access
CCC.FileStor.TH02
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.FileStor.CP04 | POSIX File Semantics | The service always exposes standard POSIX file and directory operations, including permissions and ownership metadata, with concurrent multi-client access to the same file system. |
| CCC.Core.CP06 | Access Control | The service automatically enforces user configurations to restrict or allow access to a specific component or a child resource based on factors such as user identities, roles, groups, or attributes. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.FileStor.CN02 | Enforce Least-Privilege POSIX File Permissions | Ensure that default and mapped POSIX permissions on the shared file system do not grant broader access than required by the workload. |