4.3 Access Control Lists and MacOS

In many access control problems, we have a single group of users who all need identical access rights to a particular set of files. We can easily solve such problems with group permissions. There are, however, cases where we can’t use file permission flags and a single user group to achieve Least Privilege. Consider a policy that requires these three conditions:

  1. Block access to the user community in general.

  2. Grant read-only access to one group of users.

  3. Grant read/write access to a second group of users.

We can’t do this with Unix-style permission flags and achieve Least Privilege. We might come close if we grant read-only access to everyone and read/write access to the second group. We also might come ...

Get Elementary Information Security, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.