fortypoundhead.com

What is an Access Control List, or ACL ?

Posted On 2010-07-25 by FortyPoundHead
Keywords:
Tags: Networking General Tutorial 
Views: 1564


An access control list (ACL) is an attachment to a file, directory, or other object that provides information about permissions associated with the object. If there is no access control list, anyone can interact with the object and do anything with it. If a list is present, however, access and activities are limited to people on the list and the abilities of individual users may be restricted at different levels.

The list can specify users, roles, or groups. Users are individual users who are registered in the system, such as an office network. Roles are titles that are assigned to people. For example, a user might have the role “System Administrator.” When an access control list restricts access to certain roles, only people in those roles will be able to manipulate the object. Groups are collections of users who are registered together, such as “Secretarial Pool.”

Access control lists can determine who is allowed to view, edit, delete, or move an object. This can be useful on a security level and it can also prevent mistakes. For example, system administrators can limit access to key system files so that people who are not experienced will not accidentally alter, delete, or move those files and cause a problem. Likewise, a file could be made read only except for one user to ensure that if other people on the network access the file, they cannot make changes to it.

Using an access control list for security is part of capability-based security, in which layers of security are provided through the use of tokens that are provided by users of the system. A token provides information about a user's authority and it is matched up with permissions that determine whether or not the user is authorized to perform a given option. This security method allows security at a highly flexible level as individual files and directories can have different permissions.

The access control list is only as good as the security of individual identities on a network. If people do not use passwords or use weak passwords, it is possible to hijack their identities and use them in the system. If a system is penetrated with a keystroke logger or similar malware, it can also become compromised and make it possible for an unauthorized person to enter the system. This is why security is organized in layers, so that a weakness in one area will not bring down the whole system.


About the Author

FortyPoundHead has posted a total of 1974 articles.

 


Comments On This Post

No comments on this post yet!


Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.


Your IP address is:54.166.188.64

Before you can post, you need to prove you are human. If you log in, this test goes away.




Recent Forum Posts

Advanced search added
dwirch posted on September 23, 2017 at about 13:44 in Site News

Job Spammer: Gaurav Mehta - AgreeYa Solutions
dwirch posted on September 22, 2017 at about 10:35 in Spammers

Job Spammer: Prutha Siri - Javelin Systems
dwirch posted on September 10, 2017 at about 6:15 in Spammers

New security implemented
dwirch posted on September 7, 2017 at about 7:16 in Site News

Malicious IP Checker Companion Tool
dwirch posted on August 12, 2017 at about 20:24 in Site News

Job Spammer: Steve Adams
dwirch posted on August 8, 2017 at about 7:44 in Spammers