Labs ICT
โญ Pro Login

Access Control

Who gets to touch what โ€” permissions, ACLs, and capability lists.

Who Gets to Touch What?

Access control is the mechanism that determines who can access which resources and what they can do with them. It's the enforcement arm of security โ€” the bouncer at the door checking your credentials.

Every resource in the system โ€” files, directories, devices, memory regions, processes โ€” can have access controls associated with it. These controls define which users or processes can read, write, execute, or modify the resource.

Access Control Lists (ACLs)

An ACL is a list of permissions attached to a resource. Each entry specifies a user (or group) and the operations they're allowed to perform. For example:

  • alice: read, write
  • bob: read only
  • group:students: read
  • everyone: no access

ACLs are flexible โ€” you can set different permissions for different users. Windows and Unix-based systems both use ACLs, though they implement them differently.

The disadvantage is that ACLs can become complex. On a system with thousands of files and hundreds of users, managing individual ACLs for each file becomes a nightmare. That's why most systems also support group-based permissions.

Unix Permission Model

Unix uses a simplified access control model with three categories and three permissions:

Categories: owner (the file's creator), group (a set of users), and others (everyone else).

Permissions: read (r), write (w), and execute (x).

Each file has a 9-bit permission string: rwxr-xr-- means the owner has full access, the group can read and execute, and others can only read. The chmod command modifies these permissions.

This model is simple and effective for single-user systems and small groups. For larger, more complex environments, it's often supplemented with ACLs for finer-grained control.

Capability-Based Security

An alternative to ACLs is capability-based security. Instead of attaching permissions to resources (ACLs), permissions are given to processes as unforgeable tokens called capabilities.

Think of it like this: an ACL is like a guest list at a party โ€” the bouncer checks the list. A capability is like a physical ticket โ€” if you have it, you're in. The process holds capabilities that grant specific access rights, and it can only perform operations for which it holds valid capabilities.

Capability-based systems (like seL4 and some research OSes) offer more fine-grained control and are resistant to certain types of attacks, but they're more complex to implement and manage.

Principle of Least Privilege

A fundamental security principle: every process should have only the minimum privileges it needs to do its job. A text editor doesn't need access to the network. A web browser doesn't need to modify system files. A game doesn't need to read your email.

The principle of least privilege limits the damage that a compromised or buggy process can cause. If a process with limited privileges is hacked, the attacker can only do what that process was allowed to do โ€” not take over the entire system.

Modern operating systems enforce this through user accounts, permission systems, sandboxing, and containers.

๐Ÿงช Quick Quiz

What is the principle of least privilege?