access access-control access_control acl andmeturve as asict authentication authorization cisco cissp computer computer-science computers connectors consent control cs development disappear filesystem folder geek linux networking permissions programming security tutorial unix

My tags:

From Wikipedia, the free encyclopedia

With respect to a computer filesystem, an access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. In a typical ACL, each entry in the list specifies a subject and an operation: for example, the entry (Alice, delete) on the ACL for file WXY gives Alice permission to delete file WXY.

Contents 1 ACL-based security models 2 File system ACLs 3 Networking ACLs 4 See also 5 References

[edit] ACL-based security models

In an ACL-based security model, when a subject requests to perform an operation on an object, the system first checks the list for an applicable entry in order to decide whether to proceed with the operation. A key issue in the definition of any ACL-based security model is the question of how access control lists are edited. For each object; who can modify the object's ACL and what changes are allowed.

ACL modes are assigned to individual objects, or to a collection of objects, and correspond to what may or may not be permitted to "access" the object to which they have been assigned.

Additional, information (non-proprietary, for the most part) can be found in these locations:

• http://www.freebsd.org/doc/en/books/handbook/fs-acl.html
• http://semillon.wpi.edu/~aofa/mailing_list/msg00390.html
• http://www.columbia.edu/acis/email/cyrus/acls.html
• http://www.uwm.edu/IMT/Computing/sasdoc8/sashtml/eis/z1032021.htm
• http://windows.stanford.edu/docs/glossary.htm
• http://www.cs.virginia.edu/~jcg8f/GrsecuritySELinuxCaseStudy.pdf
• http://www.cs.uiuc.edu/class/fa05/cs498sh/seclab/slides/OSNotes.ppt
• http://crypto.stanford.edu/cs155old/cs155-spring03/lecture9.pdf
• http://www.cs.cornell.edu/courses/cs513/2007fa/NL.accessControl.html

[edit] File system ACLs

The list is an extension of the existing inode metadata. It adds support at the object level, for identifying either a user or users and the access they may be granted.

[edit] Networking ACLs

In certain proprietary computer hardware an Access Control List refers to rules that are applied to port numbers. (See service ports or (network) daemon names that are available on a host or other layer 3 device, each with a list of hosts and/or networks permitted to use the service. Both individual servers as well as routers can have network ACLs. Access control lists can generally be configured to control both inbound and outbound traffic, and in this context they are similar to firewalls.

This article was originally based on material from the Free On-line Dictionary of Computing, which is licensed under the GFDL.

[edit] See also

• Standard Access Control List, Cisco-IOS configuration rules
• Role-based access control
• Confused deputy problem
• Capability-based security
• Cacls

[edit] References