File Access Control

File access control functions much like a bank. Inside your local bank is a vault with safety deposit boxes where you can store your valuables, such as the deed to your home, knowing that no one can access that deed without access to the vault and the key to your safety deposit box. In a similar manner, important computer files can be protected by the operating system's file access control feature.

Windows:

Access control list ACL

In Windows NT, whenever you perform an operation on an object (such as reading), the operation to be performed is encoded as a 32-bit integer (called ACCESS_MASK).ACCESS_MASK is specific to the object you are trying to create. If you are reading a file, ACCESS_MASK should be FILE_GENERIC_READ.When you open an object using the request ACCESS_MASK, Windows takes your username from the thread token and starts reading the Discretionary Aaccess Control List (DACL) you obtained from the security descr iptor.

DACL can be thought of as a table with the user's SID, ACCESS_MASK, and access type.But don't try to write it as an array of structures.If you want to analyze acLs, you can use the low-level ACL functions GetAce(), GetAclInformation(), and other helper functions.In NT4, Microsoft provides a schematic of the ACL that looks like a table of SID, ACCESS_MASK, and type (that is, EXPLICIT_ACCESS structure).

 

Linux:

General permissions, special permissions, and hidden permissions actually have one thing in common -- permissions are set for a certain type of user.If you want separate permissions for a specific user, you need an access Control List (ACL) of files.In layman's terms, setting an ACL based on a normal file or directory means setting the action permissions on a file or directory for a specified user or group of users.In addition, if an ACL is set for a directory, the files in the directory inherit its ACL.If an ACL is set against a file, the file no longer inherits from the ACL of its directory.

 

FACL: Filesystem Acess Control List

Linux (and other POSIX-compatible operating systems such as Unix) has a method of permission control called access control lists (ACLs), which is a common paradigm outside of permission assignment.For example, by default you need to confirm three permission groups: Owner, Group, and Other.With ACLs, which use file extension attributes to hold additional access control permissions, you can add permissions to other users or groups, not just "other" or groups whose owners don't exist.You can allow specified users A, B, and C to have write permissions instead of having their entire group have write permissions.

Acls support a variety of Linux file systems, including ext2, ext3, ext4, XFS, Btfrs, and so on.If you're not sure if your file system supports ACLs, refer to the documentation.

Scene: Two users, Tom and Jerry, Tom creates a file in a public directory and only wants Jerry to have access to it and be able to edit and save it.File sharing between users.