GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-27 14:54:05 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

vault backup: 2022-11-01 17:34:36

Browse Source
This commit is contained in:
Jet Hughes 2022-11-01 17:34:36 +13:00
parent b965f971b5
commit 8cd09ad4ce
2 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
content/notes/24-protection-of-file-systems.md
View File

@ -39,4 +39,28 @@ advanced file attributes
- setuid bit: if set for executable file, regardless of who runs the program, it should be run with the priviledge of the owner of the file
- setgid bit: same as setuid but run with priviledge of group
- sticky bit: a directory with this bit set restricts the deletionof files within it
# access control models
## soft vs hard link
![diagram|400](https://i.imgur.com/DEvbJRN.png)
# access control models
Discretionary access control (DAC)
- a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).
- subject centered
Mandatory access control
- a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity
- object centred
- more overhead
Access control list
- list of permission attahed to an object (file)
- speifies who or what is allowed to access the objdct and what operation a re allowed to be performed on the object
- consists of entries like [user, operations] where the operation can be r, w, x, d etc
- more secure and convenient that discretionary access control
- can implement DAC and MAC
Role based
- similar to ACL except RBAC aggregates a grou of users with the same priviledges as roles
- can implement DAC and MAC
- policy neutral and defined around roles and priviledges

4
content/notes/cosc-204.md
View File

@ -55,7 +55,9 @@ tags:
- [20-sync-deadlock](notes/20-sync-deadlock.md)
- [21-memory-management](notes/21-memory-management.md)
- [22-virtual-memory](notes/22-virtual-memory.md)
-[23-IO-systems](notes/23-IO-systems.md)
- [23-IO-systems](notes/23-IO-systems.md)
- [24-protection-of-file-systems](notes/24-protection-of-file-systems.md)
-
# Archive