L6: Discretionary access control
Materials
Use the raw slides (pdf) before lecture to take notes, and refer to the annotated slides after lecture.
Access controls
-
What is discretionary access control (DAC)?
-
Access control matrices and ACLs
-
The unix permissions model
-
Capability-based DACs (rows vs cols)
-
Examples
-
How these DACs can fail
-
Because Linux is a multi-User system, there are mechanisms to separate resources between users
- Users are identified by a
uid, a number - UID ‘0’ is
rootwhich is the all-powerful administrator - All resources in the system (processes, files) are attached to users
- Files: Every File in the system has an owner User.
- When a User creates a new file, the new file is owned by the creator.
- Ownership can be changed by the current owner or root.
- Processes:
- Like files, every process running on a Linux system executes on behalf of a given User.
- Processes inherit the permissions of their uid, thus, they can access the files that the user can access.
- One exception is
setuid
- Files: Every File in the system has an owner User.
- Users are identified by a