Access Control List (ACL)


An Access Control List (ACL), is any mechanism for implementing access control on an operating system, file system, directory service, or other software. Access control lists (ACLs) are implemented into the basic operating system architecture of Microsoft’s Windows operating system platforms and are used to control access to objects in Active Directory and files on NTFS volumes.



An access control list is basically a list attached to an object specifying which security principals (users, groups, computers, and so on) are allowed to access the object and what level of access they are allowed to have. In Windows 2000, ACLs are more properly called discretionary access control lists (DACLs) because they can be configured and managed by administrators at their discretion.

There is also another type of ACL in Windows called a system access control list (SACL), which is used to control the generation of audit messages when object auditing has been configured on a file system.

System Access Control List (SACL)

Access Control List
Access Control List

A system access control list (SACL) enables administrators to log attempts to access a secured object. Each ACE specifies the types of access attempts by a specified trustee that cause the system to generate a record in the security event log. An ACE in a SACL can generate audit records when an access attempt fails, when it succeeds, or both. For more information about SACLs, see Audit Generation and SACL Access Right.

Access control lists are natively implemented on some UNIX operating system platforms such as Solaris (which first implemented ACLs in version 2.5.1) and are also available as third-party software for other UNIX platforms.

Traditionally access control on UNIX file systems was managed using the chmod (change mode) command, but this offered only limited or coarse-grained control of file permissions and provided no flexibility for configuring unique sets of access permissions for particular users or groups.



To set and display access control lists on Solaris, use the setfacl and getfacl commands. Other UNIX packages and add-ons may use different commands such as setacl and getacl.

Editor

Articles posted after being checked by editors.

Recent Content

link to Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)

Public Key Infrastructure, also known as PKI, is a set of services that support the use of public-key cryptography in a corporate or public setting. A public key infrastructure (PKI) enables key pairs to be generated, securely stored, and securely transmitted to users so that users can send encrypted transmissions and digital signatures over distrusted public networks such as the Internet.
link to Digital Signature

Digital Signature

Digital Signature is an electronic signature that you can use to sign a document being transmitted by electronic means such as e-mail. Digital signatures validate the identity of the sender and ensure that the document they are attached to has not been altered by unauthorized parties during the transmission.