* File Access Control Lists (FACLs) are user-by-user and group-by-group permissions which extend the file permission mode model to have greater granularity. See the <code>getfacl</code> and <code>setfacl</code> commands for more information.

* SELinux is a mandatory access control system. Each file and each process has a "security context", and the SELinux policy dictates what is permitted to happen. This can be used to prevent a program from altering files it should not have access to.