Linux Symposium

July 13th-16th, 2010
Ottawa Westin
Ottawa, Canada

Register / Login / Submit Proposal

Presentations Keynotes Summits
Lightning Talks

Event Details Schedule
Travel & Hotel




Implementing advanced access control security model on Linux

Greg Banks (

Traditional UNIX-like operating systems use a very simple mechanism for
determining which processes get access to which files, which is mainly
based on the file mode permission bits.  Beyond that, modern UNIX-like
operating systems also implement access control models based on Access
Control Lists (ACLs), the most common being POSIX ACLs.

The ACL model implemented by the various versions of Windows is more
powerful and complex than POSIX ACLs, and differs in several aspects.
These differences create interoperability problems on both sides; in
mixed-platform environments, this is perceived as a significant
disadvantage for the UNIX side.

To address this issue, several UNIXes including Solaris and AIX started
to support additional ACL models based on version 4 of the the Network
File System (NFSv4) protocol specification.  Apart from vendor-specific
extensions on a limited number of file systems, Linux is lacking this
support so far.

This paper discusses the rationale for and challenges involved in
implementing a new ACL model for Linux which is designed to be compliant
with the POSIX standard and compatible with POSIX ACLs, NFSv4 ACLs, and
Windows ACLs.  The authors' goal with this new model is to make Linux
the better UNIX in modern, mixed-platform computing environments.

Gold Sponsors
Silver Sponsors
Bronze Sponsors
Wireless Networking

register | call for papers

Copyright © 2010 Linux Symposium Inc. All rights reserved.
Linux is a registered trademark of Linus Torvalds.