1,885
edits
Changes
→Other Permission Systems
= Other Permission Systems =
In addition to the file permission mode, there are two other common access control schemes which may come into play:
* File Access Control Lists (FACLs) are user-by-user and group-by-group permissions which extend the file permission mode model to have greater granularity. See the <code>getfacl</code> and <code>setfacl</code> commands for more information.
* SELinux is a mandatory access control system. Each file and each process has a "security context", and the SELinux policy dictates what is permitted to happen. This can be used to prevent a program from altering files it should not have access to.