CSE 120 Lecture Notes - Lecture 15: Access Control List, File Descriptor, Public-Key Cryptography
Document Summary
For any column that is empty, we don"t show it. Associated w/ resource (i. e. for each resource, there is a control list for it) If name on the list, ok to access, else no access! Like a registry (big book w/ people"s names recorded) The os tells a process what it is allowed to do for a given domain. Pro: revocation - i don"t want a user to access this resource anymore (i. e. revoke access) For any row that is empty, don"t show it. Like a key /ticket; if you have it, you get access! Con: revocation is hard - cannot revoke access once gone! Each file has a set of perms (for owner, group, and world) an access control list! If you have permission, open() returns a file descriptor (aka a capability!) Setuid() - allows a user to change domains .