Discretionary Access Control (Solaris Trusted Extensions User's Guide)

Solaris Trusted Extensions User's Guide

Previous: Trusted Extensions Protects Against Intruders
Next: Mandatory Access Control

Discretionary Access Control

Discretionary access control (DAC) is a software mechanism for controlling user access to files and directories. DAC leaves setting protections for files and directories to the owner's discretion. The two forms of DAC are UNIX® permission bits and access control lists (ACLs).

Permission bits let the owner set read, write, and execute protection by owner, group, and other users. In traditional UNIX systems, the superuser or root user can override DAC protection. With Trusted Extensions software, the ability to override DAC is permitted for administrators and authorized users only. ACLs provide a finer granularity of access control. ACLs enable owners to specify separate permissions for specific users and specific groups. For more information, see Chapter 7, Controlling Access to Files (Tasks), in System Administration Guide: Security Services.

Previous: Trusted Extensions Protects Against Intruders
Next: Mandatory Access Control