Register / Login / Submit Proposal
Travel & Hotel
Implementing advanced access control security model on Linux
Greg Banks (firstname.lastname@example.org)
Traditional UNIX-like operating systems use a very simple mechanism for
determining which processes get access to which files, which is mainly
based on the file mode permission bits. Beyond that, modern UNIX-like
operating systems also implement access control models based on Access
Control Lists (ACLs), the most common being POSIX ACLs.
The ACL model implemented by the various versions of Windows is more
powerful and complex than POSIX ACLs, and differs in several aspects.
These differences create interoperability problems on both sides; in
mixed-platform environments, this is perceived as a significant
disadvantage for the UNIX side.
To address this issue, several UNIXes including Solaris and AIX started
to support additional ACL models based on version 4 of the the Network
File System (NFSv4) protocol specification. Apart from vendor-specific
extensions on a limited number of file systems, Linux is lacking this
support so far.
This paper discusses the rationale for and challenges involved in
implementing a new ACL model for Linux which is designed to be compliant
with the POSIX standard and compatible with POSIX ACLs, NFSv4 ACLs, and
Windows ACLs. The authors' goal with this new model is to make Linux
the better UNIX in modern, mixed-platform computing environments.