File System ACLs
Resource x principal x right --> yes/no
Each resource (file or directory) has its own list
Each list has entries for various principals and rights
Users, groups, “All Users” principal
Common rights: read, write, execute
Other rights: list members, read ACLs, write ACLs...
Directories may be treated differently than files
Access rights may be denied as well as granted
Various rules for ownership, inheritance, avoiding conflict
Notes:
If DAV ACLs are close to the underlying system model, then they are
- Contain fewer security holes
- Easier to explain, document
There are other models to emulate, but FS’s are important because there are back doors to accessing data on filesystems.
Document repositories are yet other bodies of experience with security; different again from filesystems.