Traditionally, the discretionary access control model is used by Unix and Linux to decide which user may access a given resource as represented by a file in a filesystem. Although these methods work quite well for average installations, it is a very coarse-grained approach to security, and can be inappropriate in certain circumstances.
In this chapter, you have seen how ACLs provide more fine-grained means to access control for filesystem objects by attaching an explicit list of access control rules to each object.
You have also seen that ACLs are implemented on top of extended attributes, which allow augmenting filesystem objects with additional and more complex attributes than in the traditional Unix model inherited by Linux.
Continue reading here: Networks
Was this article helpful?