In the traditional model, each file has both an owner and a group, sometimes called a group owner. The owner of a file can set permissions on the file. In particular, the owner can set the access to the file so strictly that no one else can access the file.
Linux:
FACL: Filesystem Acess Control List
Linux (and other POSIX-compatible operating systems such as Unix) has a method of permission control called access control lists (ACLs), which is a common paradigm outside of permission assignment. For example, by default you need to confirm three permission groups: Owner, Group, and Other. With ACLs, which use file extension attributes to hold additional access control permissions, you can add permissions to other users or groups, not just "other" or groups whose owners don't exist. You can allow specified users A, B, and C to have write permissions instead of having their entire group have write permissions.
Acls support a variety of Linux file systems, including ext2, ext3, ext4, XFS, Btfrs, and so on. If you're not sure if your file system supports ACLs, refer to the documentation.
Scene: Two users, Tom and Jerry, Tom creates a file in a public directory and only wants Jerry to have access to it and be able to edit and save it. File sharing between users.
Windows:
Whenever something is done in the system, a principal (which can be a process or thread that performs an action on behalf of a user or service) performs some action on the object. More common objects are files, directories, and registry keys. The basic security mechanism of Windows includes the use of trusted system components to check permissions and rights before performing operations (AccessCheck). Therefore, it is possible to manage system behavior by setting permissions and rights.
1. The ACL:
An ACL(Access Control List) is a List of user (group) permissions in Windows.
2.classification:
ACL's fall into two categories
1)Discretionary Access Control List (DACL)
2)System Access Control List (SACL)
DACL is a property (my understanding) of a Security Object that represents a list of access rights to the security object. When a process attempts to access a secure object, the ACE in that DACL is checked. If the object does not have DACL, any access is allowed. If you have DACL but no ACE in it, all access is denied.