Context-Based Permissions
Both the original Linux permissions method and the advanced ACL method of assigning permissions to files and directories are called discretionary access control (DAC) methods. The permission is set at the discretion of the file or directory owner. There’s nothing an administrator can do to prevent users from granting full permission to others on all the files in their directories.
To provide complete protection of your Linux system, it helps to utilize some type of mandatory access control (MAC) method. MAC methods allow the system administrator to define security based on the context of an object in the Linux system to override permissions set by file and directory owners. MAC methods provide rules for administrators ...
Get Linux Fundamentals, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
