Access Control Lists

3053 Words13 Pages
Introduction - This report will look at various access control methods used by Operating Systems (OS) to control user access to files on a computer and what they can do once they have gained access. In this first section I will look at methods such as Access Control Lists(ACL’s), Capabilities and Encrypting file systems(EFS) and which Operating Systems use these as well as the advantages and disadvantages they have over each other. The second part of my report will focus on one OS and explain in detail the methods it uses to control file access and how it works. Section A - Review of File Access Control mechanisms. Access Control Lists - Access Control Lists are used by…show more content…
Unlike UNIX ACL’s, the order that entities are listed in the DACL for Windows is important, if a group is denied access to an object, however one individual belonging to that group is allowed access, then it is important to list the individual as being allowed access on the DACL before listing the group to be denied. If it is done the opposite way around, then when the system checks the DACL it will straight away deny the whole group, including the user that is allowed, similarly it would be possible, if a group was allowed access but one individual was denied, to accidentally allow the individual to gain access. Because of this flaw, DACL’s must be carefully thought out when the administrator is configuring it (Microsoft: 2008). Access Control Lists have the advantage that they work well with commonly used systems, such as windows where there may be a number of users where access needs to be regulated, they do however have a downside, if somebody is able to gain access to the administrative part of the system they have full permissions, another flaw is that if the administrator fails to grant permissions correctly they could leave the whole system open to everybody, or block out all the users. With both UNIX and Windows, when ACL’s are applied to something such a directory, the permissions only applies for what is within a directory. If a file is moved to a new directory it will adopt the new permissions, subdirectories
Open Document