Editing Access-control list

{{Short description|List of permissions for a system resource}}
In [[computer security]], an '''access-control list''' ('''ACL''') is a list of permissions{{efn|E.g., [[File-system permissions]], permission to perform specific action.}} associated with a [[system resource]] (object or facility). An ACL specifies which [[User (computing)|users]] or [[Process (computing)|system processes]] are granted access to resources, as well as what operations are allowed on given resources.<ref>{{cite IETF 
 | rfc         = 4949
 | title       = Internet Security Glossary, Version 2
 | author      = R. Shirey
 | date        = August 2007
 | access-date = May 19, 2023
 }}
</ref> Each entry in a typical ACL specifies a subject and an operation.  For instance, 
* If a file object has an ACL that contains{{samp|(Alice: read,write; Bob: read)}}, this would give Alice permission to read and write the file and give Bob permission only to read it.
* If the [[Resource Access Control Facility]] (RACF) profile CONSOLE CLASS(TSOAUTH) has an ACL that contains{{samp|(ALICE:READ)}}, this would give ALICE permission to use the TSO CONSOLE command.

== Implementations ==
Many kinds of operating systems implement ACLs or have a historical implementation; the first implementation of ACLs was in the [[filesystem]] of [[Multics]] in 1965.<ref>{{cite book |title=Elementary Information Security |author=Richard E. Smith |page=150}}</ref><ref>{{Cite conference |last1=Daley |first1=R. C. |last2=Neumann |first2=P. G. |date=1965 |title=A general-purpose file system for secondary storage |url=http://portal.acm.org/citation.cfm?doid=1463891.1463915 |book-title=AFIPS '65 (Fall, part I): Proceedings of the November 30--December 1, 1965, fall joint computer conference, part I |language=en |publisher=ACM Press |pages=213 |doi=10.1145/1463891.1463915}}</ref>

=== Filesystem ACLs ===
A [[filesystem]] ACL is a [[data structure]] (usually a table) containing entries that specify individual user or [[Group (computing)|group]] rights to specific system objects such as programs, [[Process (computing)|processes]], or files. These entries are known as access-control entries (ACEs) in the Microsoft [[Windows NT]],<ref>{{cite web |url= https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb457115(v=technet.10) |title=Managing Authorization and Access Control |date= 2009-09-11 |publisher= [[Microsoft Learn]] |access-date= 2024-05-15}}</ref> [[OpenVMS]], and [[Unix-like]] [[operating system]]s such as [[Linux]], [[macOS]], and [[Solaris (operating system)|Solaris]]. Each accessible object contains an identifier to its ACL. The privileges or permissions determine specific access rights, such as whether a user can read from, write to, or [[execution (computing)|execute]] an object. In some implementations, an ACE can control whether or not a user, or group of users, may alter the ACL on an object.

One of the first operating systems to provide filesystem ACLs was Multics. [[PRIMOS]] featured ACLs at least as early as 1984.<ref>{{cite news |date = 1984-05-21 |title= P.S.I. Pacer Software, Inc. Gnet-II revision 3.0 |url = https://books.google.com/books?id=KAUpSdv4AO4C | department = Communications |work = Computerworld |volume= 18 |issue= 21 |page = 54 |issn = 0010-4841 |access-date= 2017-06-30 |quote= The new version of Gnet-II (revision 3.0) has added a line-security mechanism which is implemented under the Primos ACL subsystem.}}</ref>

In the 1990s the ACL and [[role-based access control]] (RBAC) models were extensively tested{{by whom|date=June 2017}} and used to administer file permissions.

==== POSIX ACL ====
[[POSIX]] 1003.1e/1003.2c working group made an effort to standardize ACLs, resulting in what is now known as "POSIX.1e ACL" or simply "POSIX ACL".<ref>{{cite web |last1=Grünbacher |first1=Andreas |title=POSIX Access Control Lists on Linux |url=https://www.usenix.org/legacy/publications/library/proceedings/usenix03/tech/freenix03/full_papers/gruenbacher/gruenbacher_html/main.html |website=Usenix |access-date=12 December 2019}}</ref> The POSIX.1e/POSIX.2c drafts were withdrawn in 1997 due to participants losing interest for funding the project and turning to more powerful alternatives such as NFSv4 ACL.<ref>{{cite web |last1=wurtzkurdle |title=Why was POSIX.1e withdrawn? |url=https://unix.stackexchange.com/a/506641 |website=Unix StackExchange |access-date=12 December 2019}}</ref> {{As of|2019|12}}, no live sources of the draft could be found on the Internet, but it can still be found in the [[Internet Archive]].<ref>{{cite web |last1=Trümper |first1=Winfried |title=Summary about Posix.1e |url=https://wt.xpilot.org/publications/posix.1e/ |archive-url=https://web.archive.org/web/20080723061358/https://wt.xpilot.org/publications/posix.1e/ |archive-date=2008-07-23 |date=February 28, 1999}}</ref>

Most of the Unix and Unix-like operating systems (e.g. [[Linux]] since 2.5.46 or November 2002,<ref>{{cite web |url= https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Release_Notes/as-x86/index.html 
|title= Red Hat Enterprise Linux AS 3 Release Notes (x86 Edition) |quote= EA (Extended Attributes) and ACL (Access Control Lists) functionality is now available for ext3 file systems. In addition, ACL functionality is available for NFS. |year= 2003 |publisher= [[Red Hat]] |access-date= 2013-04-08 |archive-url=https://web.archive.org/web/20131202221514/https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Release_Notes/as-x86/index.html |archive-date=2013-12-02 |url-status=dead}}</ref> [[FreeBSD]], or Solaris) support POSIX.1e ACLs (not necessarily draft&nbsp;17). ACLs are usually stored in the extended attributes of a file on these systems.

==== NFSv4 ACL ====
[[NFSv4]] ACLs are much more powerful than POSIX draft ACLs. Unlike draft POSIX ACLs, NFSv4 ACLs are defined by an actually published standard, as part of the [[Network File System]].

NFSv4 ACLs are supported by many Unix and Unix-like operating systems. Examples include [[AIX]], [[FreeBSD]],<ref>{{cite web |url= https://wiki.freebsd.org/NFSv4_ACLs |title= NFSv4 ACLs |date= 2011-09-12 |publisher= [[FreeBSD]] |access-date= 2013-04-08}}</ref> [[Mac OS X]] beginning with version 10.4 ("[[Mac OS X Tiger|Tiger]]"), or Solaris with [[ZFS]] filesystem,<ref>{{cite web |url= http://docs.oracle.com/cd/E19082-01/817-2271/ftyxi/index.html |title= Chapter 8 Using ACLs and Attributes to Protect ZFS Files |publisher= [[Oracle Corporation]] |date= 2009-10-01 |access-date= 2013-04-08}}</ref> support NFSv4 ACLs, which are part of the NFSv4 standard. There are two experimental implementations of NFSv4 ACLs for Linux: NFSv4 ACLs support for [[Ext3]] filesystem<ref>{{cite web |url= http://users.suse.com/~agruen/nfs4acl/ |title= Native NFSv4 ACLs on Linux |first= Andreas |last= Grünbacher |date= May 2008 |publisher= [[SUSE S.A.|SUSE]] |archive-url= https://web.archive.org/web/20130620012339/http://users.suse.com/~agruen/nfs4acl/ |archive-date= 2013-06-20 |url-status= dead |access-date= 2013-04-08}}</ref> and the more recent [[Richacls]], which brings NFSv4 ACLs support for [[Ext4]] filesystem.<ref>{{cite web |url=http://www.bestbits.at/richacl/| title=Richacls – Native NFSv4 ACLs on Linux |first=Andreas |last=Grünbacher |date=July–September 2010 |publisher=bestbits.at |access-date=2013-04-08 |archive-url=https://web.archive.org/web/20130320080142/http://www.bestbits.at/richacl/ |archive-date=2013-03-20 |url-status=dead}}</ref> As with POSIX ACLs, NFSv4 ACLs are usually stored as extended attributes on Unix-like systems.

NFSv4 ACLs are organized nearly identically to the Windows&nbsp;NT ACLs used in [[NTFS]].<ref>{{cite web |url=https://wiki.linux-nfs.org/wiki/index.php/ACLs#NFSv4_and_Windows_ACLs |title=ACLs |website=Linux NFS}}</ref> NFSv4.1 ACLs are a superset of both NT ACLs and POSIX draft ACLs.<ref>{{cite web |title=Mapping Between NFSv4 and Posix Draft ACLs |url=https://tools.ietf.org/id/draft-ietf-nfsv4-acl-mapping-05.txt}}</ref> [[Samba (software)|Samba]] supports saving the NT ACLs of SMB-shared files in many ways, one of which is as NFSv4-encoded ACLs.<ref>{{cite web |title=vfs_nfs4acl_xattr(8) |url=https://www.samba.org/samba/docs/current/man-html/vfs_nfs4acl_xattr.8.html |website=Samba Manual}}</ref>

=== Active Directory ACLs ===

[[Microsoft]]'s [[Active Directory]] service implements an [[LDAP]] server that stores and disseminates configuration information about users and computers in a domain.<ref>{{cite web |title=[MS-ADTS]: Active Directory Technical Specification |date=7 June 2024 |url=https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/d2435927-0999-4c62-8c6d-13ba31a52e1a}}</ref> Active Directory extends the LDAP specification by adding the same type of access-control list mechanism as Windows&nbsp;NT uses for the NTFS filesystem. Windows&nbsp;2000 then extended the syntax for access-control entries such that they could not only grant or deny access to entire LDAP objects, but also to individual attributes within these objects.<ref>{{cite journal |last=Swift |first=Michael M. |title=Improving the granularity of access control for [[Windows 2000]] |journal=ACM Transactions on Information and System Security |volume=5 |issue=4| pages=398–437 |date=November 2002 |doi=10.1145/581271.581273 |s2cid=10702162}}</ref>

=== Networking ACLs ===
On some types of proprietary computer hardware (in particular, [[router (computing)|routers]] and [[Network switch|switches]]), an access-control list provides rules that are applied to [[Port (computer networking)|port numbers]] or [[IP address]]es that are available on a [[server (computing)|host]] or other [[Network Layer|layer&nbsp;3]], each with a list of hosts and/or networks permitted to use the service. Although it is additionally possible to configure access-control lists based on network [[domain name]]s, this is a questionable idea because individual [[Transmission Control Protocol|TCP]], [[User Datagram Protocol|UDP]], and [[Internet Control Message Protocol|ICMP]] headers do not contain domain names. Consequently, the device enforcing the access-control list must separately [[Name resolution (computer systems)|resolve names]] to numeric addresses. This presents an additional [[attack surface]] for an attacker who is seeking to compromise security of the system which the access-control list is protecting. Both individual [[server (computing)|servers]] and [[router (computing)|routers]] can have network ACLs. Access-control lists can generally be configured to control both inbound and outbound traffic, and in this context they are similar to [[firewall (networking)|firewalls]]. Like firewalls, ACLs could be subject to security regulations and standards such as [[PCI&nbsp;DSS]].

=== SQL implementations ===
ACL algorithms have been ported to [[SQL]] and to [[Relational database management system|relational database systems]]. Many "modern" (2000s and 2010s) SQL-based systems, like [[enterprise resource planning]] and [[Content management system|content management]] systems, have used ACL models in their administration modules.

== Comparing with RBAC ==
The main alternative to the ACL model is the role-based access-control (RBAC) model.  A "minimal RBAC model", ''RBACm'', can be compared with an ACL mechanism, ''ACLg'', where only groups are permitted as entries in the ACL. Barkley (1997)<ref>J. Barkley (1997) "[http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.107.6366  Comparing simple role based access control models and access control lists]", In "Proceedings of the second ACM workshop on Role-based access control", pages 127-132.</ref> showed that ''RBACm'' and ''ACLg'' are equivalent.

In modern SQL implementations, ACLs also manage groups and inheritance in a hierarchy of groups. So "modern ACLs" can express all that RBAC express and are notably powerful (compared to "old ACLs") in their ability to express access-control policy in terms of the way in which administrators view organizations.

For data interchange, and for "high-level comparisons", ACL data can be translated to [[XACML]].<ref>G. Karjoth, A. Schade and E. Van Herreweghen (2008) "[http://www.acsac.org/openconf2008/modules/request.php?module=oc_program&action=view.php&id=73 Implementing ACL-based Policies in XACML]", In "2008 Annual Computer Security Applications Conference".</ref>

== See also ==
* [[Access token manager]]
* [[Cacls]]
* [[Capability-based security]]
* [[C-list (computer security)|C-list]]
* [[Confused deputy problem]]
* [[DACL]]
* [[Extended file attributes]]
* [[File-system permissions]]
* [[Privilege (computing)]]
* [[Role-based access control]] (RBAC)

== Notes ==
{{Notelist}}

== References ==
{{Reflist}}

== Further reading ==
{{refbegin}}
* {{cite web
| url = https://www.freebsd.org/doc/en/books/handbook/fs-acl.html
| title=File System Access Control Lists (ACLs)
| work=FreeBSD Handbook
| first=Tom
| last=Rhodes
| access-date=2013-04-08
}}
* {{cite web
|url = https://www.cs.virginia.edu/~jcg8f/GrsecuritySELinuxCaseStudy.pdf 
 |title = SELinux and grsecurity: A Case Study Comparing Linux Security Kernel Enhancements 
 |author1=Michael Fox 
 |author2=John Giordano 
 |author3=Lori Stotler 
 |author4=Arun Thomas 
 |publisher=[[University of Virginia]] 
 |date=2005-08-24 
 |access-date=2013-04-08 
 |url-status=dead 
 |archive-url = https://web.archive.org/web/20120224213801/http://www.cs.virginia.edu/~jcg8f/GrsecuritySELinuxCaseStudy.pdf 
 |archive-date=2012-02-24 
}}
* {{cite web
| url=http://www.cs.uiuc.edu/class/fa05/cs498sh/seclab/slides/OSNotes.ppt
| title=Operating System Security
| first=Susan
| last=Hinrichs
| year=2005
| work=CyberSecurity Spring 2005
| publisher=[[University of Illinois]]
| access-date=2013-04-08
| archive-url=https://web.archive.org/web/20120304040752/http://www.cs.uiuc.edu/class/fa05/cs498sh/seclab/slides/OSNotes.ppt
| archive-date=2012-03-04
| url-status=dead
}}
* {{cite web
| url = https://crypto.stanford.edu/cs155old/cs155-spring03/lecture9.pdf
| title=Access Control and Operating System Security
| first=John
| last=Mitchell
| publisher=[[Stanford University]]
| access-date=2013-04-08
}}
* {{cite web
| url = https://www.cs.cornell.edu/courses/cs513/2007fa/NL.accessControl.html
| title=Access Control
| first=Michael
| last=Clarkson
| publisher=[[Cornell University]]
| access-date=2013-04-08
}}
* {{cite web
| url = http://helgeklein.com/blog/2009/03/permissions-a-primer-or-dacl-sacl-owner-sid-and-ace-explained/
| title=Permissions: A Primer, or: DACL, SACL, Owner, SID and ACE Explained
| first=Helge
| last=Klein
| date=2009-03-12
| access-date=2013-04-08
}}
* {{cite web
| url = https://learn.microsoft.com/en-us/windows/win32/secauthz/access-control-lists
| title=Access Control Lists
| date=2023-02-07
| publisher=[[Microsoft Learn]]
| access-date=2024-05-15
}}
* {{cite web
| url = https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc783530(v=ws.10)
| title=How Permissions Work
| date=2013-07-03
| publisher=[[Microsoft Learn]]
| access-date=2024-05-15
}}
{{refend}}

{{DEFAULTSORT:Access Control List}}
[[Category:Computer access control]]