File access control functions much like a bank. Inside your local bank is a vault with safety deposit boxes where you can store your valuables, such as the deed to your home, knowing that no one can access that deed without access to the vault and the key to your safety deposit box. In a similar manner, important computer files can be protected by the operating system's file access control feature.

• file-level security
  Like Windows, modern Linux distributions support Access Control List (ACL)-based security for files and directories. However, other than in enterprise settings, or when used by savvy Linux systems administrators, ACLs are usually not in use; instead, sysadmins continue to use the less-powerful UNIX owner-group-world permission model.


• proces-level security
  The Linux world has always relied heavily on the su and sudo tools to delegate authority. Su is not a very granular delegation tool, but sudo is, and both are almost always available on Linux and UNIX systems. In fact, tools such as su are so frequently used, and have such a long history, that most Linux users assume they won’t have administrator privileges, while Windows users (and applications) often assume the opposite.

Windows User Access Control (UAC) was designed specifically to address the problem of Windows users and applications being given too much power out-of-the-box. While an absolutely pain in Vista, it’s certainly livable in Windows 7.
The real difference between Windows and Linux access control is more about the mindset of users than the technology. Windows users use file-level ACLs by habit, which is a good thing, while Linux users continue to use an outdated owner-group-world permission model that is outdated, even when ACL support exists on the very same Linux system. Conversely, Microsoft is fighting an uphill battle to train and, to some extent, restrain Windows users from using accounts that are far too powerful, while Linux users almost always are given least-privileged accounts from the start.