From 8cd09ad4ce621402bd0564d6cb74da0cb193ada4 Mon Sep 17 00:00:00 2001 From: Jet Hughes Date: Tue, 1 Nov 2022 17:34:36 +1300 Subject: [PATCH] vault backup: 2022-11-01 17:34:36 --- .../notes/24-protection-of-file-systems.md | 26 ++++++++++++++++++- content/notes/cosc-204.md | 4 ++- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/content/notes/24-protection-of-file-systems.md b/content/notes/24-protection-of-file-systems.md index 882cdf9c5..b51cf3fe7 100644 --- a/content/notes/24-protection-of-file-systems.md +++ b/content/notes/24-protection-of-file-systems.md @@ -39,4 +39,28 @@ advanced file attributes - setuid bit: if set for executable file, regardless of who runs the program, it should be run with the priviledge of the owner of the file - setgid bit: same as setuid but run with priviledge of group - sticky bit: a directory with this bit set restricts the deletionof files within it -# access control models \ No newline at end of file + +## soft vs hard link +![diagram|400](https://i.imgur.com/DEvbJRN.png) + +# access control models +Discretionary access control (DAC) +- a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control). +- subject centered + +Mandatory access control +- a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity +- object centred +- more overhead + +Access control list +- list of permission attahed to an object (file) +- speifies who or what is allowed to access the objdct and what operation a re allowed to be performed on the object +- consists of entries like [user, operations] where the operation can be r, w, x, d etc +- more secure and convenient that discretionary access control +- can implement DAC and MAC + +Role based +- similar to ACL except RBAC aggregates a grou of users with the same priviledges as roles +- can implement DAC and MAC +- policy neutral and defined around roles and priviledges \ No newline at end of file diff --git a/content/notes/cosc-204.md b/content/notes/cosc-204.md index 9ea5c74cb..a1292034b 100644 --- a/content/notes/cosc-204.md +++ b/content/notes/cosc-204.md @@ -55,7 +55,9 @@ tags: - [20-sync-deadlock](notes/20-sync-deadlock.md) - [21-memory-management](notes/21-memory-management.md) - [22-virtual-memory](notes/22-virtual-memory.md) --[23-IO-systems](notes/23-IO-systems.md) +- [23-IO-systems](notes/23-IO-systems.md) +- [24-protection-of-file-systems](notes/24-protection-of-file-systems.md) +- # Archive