![]() Click the following link to learn Linux file permissions. Note: You should be familiar with Linux file permissions to learn this lesson. In computer security, mandatory access control ( MAC) refers to a type of access control by which the operating system or database constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In contrast to DAC or MAC systems, where users have access to objects based on their own and the object's permissions, users in an RBAC system must be members of the appropriate group, or Role, before they can interact with files, directories, devices, etc. These Roles have different types and levels of access to objects. In Role-based Access Control (RBAC), the system administrator establishes Roles based on functional requirements or similar criteria. If discretionary access control is the laissez-faire, every-user-shares-with-every-other-user model, mandatory access control (MAC) is the strict, tie-suit-and-jacket wearing sibling. Role-based Access Control (RBAC) is another method of controlling user access to file system objects. Under Mandatory Access Control (MAC), the super user (root) controls all interactions of software on the system. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Subjects and objects each have a set of security attributes. Mandatory Access Control (MAC) is another type of access control where the MAC mechanism constrains the ability of a subject (users or processes) to access or perform some sort of operation on an object (files, directories, TCP/UDP ports etc). The DAC mechanisms have a basic weakness, and that is they fail to recognize a fundamental difference between human users and computer programs. In Linux, the file permission is the general form of Discretionary Access Control (DAC). A simple form of Discretionary Access Control (DAC) might be file passwords, where access to a file requires the knowledge of a password created by the file owner. Discretionary Access Control (DAC)ĭiscretionary Access Control (DAC) allows authorized users to change the access control attributes of objects, thereby specifying whether other users have access to the object. ![]() SELinux is intergrated in to the Linux kernel.ĭifferent types of access controls are explained below. SELinux provides a way to separate subjects and objects using a technology known as labeling, and monitors their interaction. SELinux further enhances the security of a Linux computer. Partition users into classes based on position, clearance, etc.Security-enhanced Linux (SELinux) developed by the US National Security Agency, is an implementation of a Mandatory Access Control in Linux.Authorization limits for legitimate users.Encryption, sanitization, virus scanning.Split processing into small, minimally trusted stages. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |