Access control list
From Wikipedia, the free encyclopedia
With respect to a computer filesystem, an access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. In a typical ACL, each entry in the list specifies a subject and an operation: for example, the entry (Alice, delete) on the ACL for file WXY gives Alice permission to delete file WXY.
Contents |
[edit] ACL-based security models
In an ACL-based security model, when a subject requests to perform an operation on an object, the system first checks the list for an applicable entry in order to decide whether to proceed with the operation. A key issue in the definition of any ACL-based security model is the question of how access control lists are edited. For each object; who can modify the object's ACL and what changes are allowed.
ACL modes are assigned to individual objects, or to a collection of objects, and correspond to what may or may not be permitted to "access" the object to which they have been assigned.
Additional, information (non-proprietary, for the most part) can be found in these locations:
- http://www.freebsd.org/doc/en/books/handbook/fs-acl.html
- http://semillon.wpi.edu/~aofa/mailing_list/msg00390.html
- http://www.columbia.edu/acis/email/cyrus/acls.html
- http://www.uwm.edu/IMT/Computing/sasdoc8/sashtml/eis/z1032021.htm
- http://windows.stanford.edu/docs/glossary.htm
- http://www.cs.virginia.edu/~jcg8f/GrsecuritySELinuxCaseStudy.pdf
- http://www.cs.uiuc.edu/class/fa05/cs498sh/seclab/slides/OSNotes.ppt
- http://crypto.stanford.edu/cs155old/cs155-spring03/lecture9.pdf
- http://www.cs.cornell.edu/courses/cs513/2007fa/NL.accessControl.html
[edit] File system ACLs
The list is an extension of the existing inode metadata. It adds support at the object level, for identifying either a user or users and the access they may be granted.
[edit] Networking ACLs
In certain proprietary computer hardware an Access Control List refers to rules that are applied to port numbers. (See service ports or (network) daemon names that are available on a host or other layer 3 device, each with a list of hosts and/or networks permitted to use the service. Both individual servers as well as routers can have network ACLs. Access control lists can generally be configured to control both inbound and outbound traffic, and in this context they are similar to firewalls.
This article was originally based on material from the Free On-line Dictionary of Computing, which is licensed under the GFDL.
[edit] See also
- Standard Access Control List, Cisco-IOS configuration rules
- Role-based access control
- Confused deputy problem
- Capability-based security
- Cacls