An access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. In a typical ACL, each entry in the list specifies a subject and an operation: for example, the entry (Alice, delete) on the ACL for file XYZ gives Alice permission to delete file XYZ.
In an ACL-based security model, when a subject requests to perform an operation on an object, the system first checks the list for an applicable entry in order to decide whether or not to proceed with the operation.
Definitions
User class The conventional POSIX permission concept uses three classes of
users for assigning permissions in the le system: the owner, the owning
group, and other users. Three permission bits can be set for each user
class, giving permission to read (r), write (w), and execute (x). An introduction
to the user concept in Linux is provided in the User Guide in the
section Users and Access Permissions.
Access ACL The user and group access permissions for all kinds of le system
objects (les and directories) are determined by means of access ACLs.
Default ACL Default ACLs can only be applied to directories. They determine
the permissions a le system object inherits from its parent directory
when it is created.
ACL entry Each ACL consists of a set of ACL entries. An ACL entry contains a
type (see Table B.1 on the following page), a qualier for the user or group
to which the entry refers, and a set of permissions. For some entry types,
the qualier for the group or users is undened.
*For more information go through with following link:-
http://www.suse.de/~agruen/acl/chapter/fs_acl-en.pdf
Monday, January 28, 2008
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment