Discretionary Access Control
Discretionary access control (DAC) is a software mechanism for controlling users' access to files and directories. It leaves setting protections for files or directories to the owner's discretion. The two forms of DAC are the traditional UNIX permission bits and Access Control Lists (ACLs).
Permission bits let the owner set read, write, and execute protection by owner, group, and other users. In traditional UNIX systems, the superuser (root) can override DAC protection; in Trusted Solaris, the ability to override DAC is permitted for administrators and authorized users only. Access Control Lists (ACLs) provide a finer granularity of access control, letting owners specify separate permissions for specific individuals and groups.
If you are unfamiliar with the basic UNIX permission concepts or ACLs, see "File and Folder Information" in "Managing Files with File Manager" in Solaris Common Desktop Environment: User's Guide.
- © 2010, Oracle Corporation and/or its affiliates