CompTIA® Server+ Exam Notes : Logical Access Control Methods

4. Security

4.3 Logical access control methods

Access Control Lists

An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject, an operator, and an object. For instance, if a file has an ACL that contains (Mike, delete, config.exe), this would give Mike permission to delete the file config.exe. This is only to demonstrate what an ACL does, but in actual practice, ACLs could be very complex.

A Linux or UNIX file with the permission 755 means rwx for the owner, rx for the group and others. 4 = read(r) 2 = write (w), and 1= execute(x). In the question, the owner permission is 7, the group permission is 5 and others permission is also 5.

ACLs are basically a set of commands, grouped together by a number or name that is used to filter traffic entering or leaving an interface. ACLs are basically a set of commands, grouped together by a number or name that is used to filter traffic entering or leaving an interface. ACL statements are processed top-down until a match is found, and then no more statements in the list are processed. If no match is found in the ACL, the packet is dropped due to implicit deny. That is, you down type specifically to drop the traffic, but it is understood by the ACL to drop all traffic that does not match atleast one of the statements.











Previous   Contents   Next