mirror of
https://github.com/jackyzha0/quartz.git
synced 2025-12-27 14:54:05 -06:00
vault backup: 2022-11-01 17:34:36
This commit is contained in:
Jet Hughes
parent
b965f971b5
commit
8cd09ad4ce
@ -39,4 +39,28 @@ advanced file attributes
|
|||||||
- setuid bit: if set for executable file, regardless of who runs the program, it should be run with the priviledge of the owner of the file
|
- setuid bit: if set for executable file, regardless of who runs the program, it should be run with the priviledge of the owner of the file
|
||||||
- setgid bit: same as setuid but run with priviledge of group
|
- setgid bit: same as setuid but run with priviledge of group
|
||||||
- sticky bit: a directory with this bit set restricts the deletionof files within it
|
- sticky bit: a directory with this bit set restricts the deletionof files within it
|
||||||
# access control models
|
|
||||||
|
## soft vs hard link
|
||||||
|
|
||||||
|
|
||||||
|
# access control models
|
||||||
|
Discretionary access control (DAC)
|
||||||
|
- a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).
|
||||||
|
- subject centered
|
||||||
|
|
||||||
|
Mandatory access control
|
||||||
|
- a means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity
|
||||||
|
- object centred
|
||||||
|
- more overhead
|
||||||
|
|
||||||
|
Access control list
|
||||||
|
- list of permission attahed to an object (file)
|
||||||
|
- speifies who or what is allowed to access the objdct and what operation a re allowed to be performed on the object
|
||||||
|
- consists of entries like [user, operations] where the operation can be r, w, x, d etc
|
||||||
|
- more secure and convenient that discretionary access control
|
||||||
|
- can implement DAC and MAC
|
||||||
|
|
||||||
|
Role based
|
||||||
|
- similar to ACL except RBAC aggregates a grou of users with the same priviledges as roles
|
||||||
|
- can implement DAC and MAC
|
||||||
|
- policy neutral and defined around roles and priviledges
|
||||||
@ -55,7 +55,9 @@ tags:
|
|||||||
- [20-sync-deadlock](notes/20-sync-deadlock.md)
|
- [20-sync-deadlock](notes/20-sync-deadlock.md)
|
||||||
- [21-memory-management](notes/21-memory-management.md)
|
- [21-memory-management](notes/21-memory-management.md)
|
||||||
- [22-virtual-memory](notes/22-virtual-memory.md)
|
- [22-virtual-memory](notes/22-virtual-memory.md)
|
||||||
-[23-IO-systems](notes/23-IO-systems.md)
|
- [23-IO-systems](notes/23-IO-systems.md)
|
||||||
|
- [24-protection-of-file-systems](notes/24-protection-of-file-systems.md)
|
||||||
|
-
|
||||||
|
|
||||||
# Archive
|
# Archive
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user