|
In computer security, an access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. In a typical ACL, each entry in the list specifies a subject and an operation: for example, the entry (Alice, delete) on the ACL for file XYZ gives Alice permission to delete file XYZ. This article describes how security can be achieved through design and engineering. ...
In an ACL-based security model, when a subject requests to perform an operation on an object, the system first checks the list for an applicable entry in order to decide whether or not to proceed with the operation.
ACL-based security models A key issue in the definition of any ACL-based security model is the question of how access control lists are edited. For each object, who can modify the object's ACL, and what changes are allowed?
Systems that use ACLs can be classified into two categories, discretionary and mandatory. A system is said to have discretionary access control if the creator or owner of an object can fully control access to the object, including, for example, altering the object's ACL to grant access to anyone else. A system is said to have mandatory access control (also known as "non-discretionary access control" in the security literature) if it enforces system-wide restrictions that override the permissions stated in the ACL. Discretionary Access Control (DAC) defines basic access control policies to objects in a filesystem. ...
In computing, a mandatory access control (MAC) technique protects and contains computer processes, data, and system devices from misuse. ...
Traditional ACL systems assign permissions to individual users, which can become cumbersome in a system with a large number of users. In a more recent approach called role-based access control, permissions are assigned to roles, and roles are assigned to users. In computer systems security Role-Based Access Control (RBAC) is an approach to restricting system access to authorized users. ...
File system ACLs On file systems the process's user identifier (in POSIX, effective UID) is the principal means of control. In computing, a file system (often also written as filesystem) is a method for storing and organizing computer files and the data they contain to make it easy to find and access them. ...
In computing, a process is an instance of a computer program that is being executed. ...
POSIX or Portable Operating System Interface[1] is the collective name of a family of related standards specified by the IEEE to define the application programming interface (API) for software compatible with variants of the Unix operating system. ...
On Unix-like systems, users are represented by a user identifier, often abbreviated UID. The range of values for a UID varies amongst different systems; at the very least, a UID can be between 0 and 32767, with some restrictions: The Superuser must always have a UID of zero (0). ...
The list is a data structure, usually a table, containing entries that specify individual user or group rights to specific system objects, such as a program, a process, or a file. These entries are known as access control entries (ACE) in the Microsoft Windows, OpenVMS and Mac OS X operating systems. Each accessible object contains an identifier to its ACL. The privileges or permissions determine specific access rights, such as whether a user can read from, write to, or execute an object. In some implementations an ACE can control whether or not a user, or group of users, may alter the ACL on an object. Microsoft Windows is the name of several families of proprietary software operating systems by Microsoft. ...
OpenVMS[1] (Open Virtual Memory System or just VMS) is the name of a high-end computer server operating system that runs on the VAX[2] and Alpha[3] family of computers developed by Digital Equipment Corporation of Maynard, Massachusetts (DIGITAL was then purchased by Compaq, and is now owned...
Mac OS X (official IPA pronunciation: ) is a line of proprietary, graphical operating systems developed, marketed, and sold by Apple Inc. ...
An operating system (OS) is a set of computer programs that manage the hardware and software resources of a computer. ...
The ACL is a concept with several different implementations in various operating systems, although there is a POSIX "standard". (The POSIX security drafts, .1e and .2c, were withdrawn when it became clear their scope was too wide and the work would not complete, but the well-developed parts defining ACLs have been widely implemented and are known as "POSIX ACLs".)
Networking ACLs In networking, ACL refers to a list of rules detailing service ports or (network) daemon names that are available on a host or other layer 3 device, each with a list of hosts and/or networks permitted to use the service. Both individual servers as well as routers can have network ACLs. Access control lists can generally be configured to control both inbound and outbound traffic, and in this context they are similar to firewalls. Computer networks redirects here. ...
IANA is responsible for assigning TCP and UDP port numbers to specific uses. ...
It has been suggested that TCP and UDP port be merged into this article or section. ...
In Unix and other computer multitasking operating systems, a daemon is a computer program that runs in the background, rather than under the direct control of a user; they are usually instantiated as processes. ...
The network layer is level three of the seven level OSI model. ...
This article or section does not cite any references or sources. ...
A large core router used for major networks. ...
It has been suggested that network layer firewall be merged into this article or section. ...
This article was originally based on material from the Free On-line Dictionary of Computing, which is licensed under the GFDL. The Free On-line Dictionary of Computing (FOLDOC) is an online, searchable encyclopedic dictionary of computing subjects. ...
Bold text // “GFDL†redirects here. ...
See also Standard Access Control Lists (ACL) are Cisco IOS-based commands used to filter packets on Cisco routers based on the source IP Address of the packet. ...
In security, specifically physical security, the term access control refers to the practice of restricting entrance to a property, a building, or a room to authorized persons. ...
In the context of the Microsoft Windows NT line of operating systems, a Security Identifier (commonly abbreviated SID) is a unique name (an alphanumeric character string) which is assigned by a Windows Domain controller during the log on process that is used to identify an object, such as a user...
This article describes how security can be achieved through design and engineering. ...
Access Control Matrix or Access Matrix is an abstract, formal security model used in computer systems, that characterizes the rights of each subject with respect to every object in the system. ...
Capability-based security is a concept in the design of secure computing systems. ...
TCP Wrapper is a host-based network ACL system written by Dr. Wietse Venema, used to filter otherwise (yet) unauthenticated network access to Internet protocol services run on (Unix-like) operating systems such as Linux or BSD. Allowing host or subnetwork IP adresses, names and/or ident query replys, to...
In the Windows NT architecture, a token is a system object (type name Token) representing the subject in access control operations, i. ...
Extended file attributes is a filesystem feature that enables users to associate arbitrary metadata with computer files, whereas regular attributes have a strictly defined purpose (such as permissions or records of creation and modification times). ...
External links |
Feeds |
Contact