Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Why aren capabilities and ACLs equivalent?

ACL equivalent
0
Posted

Why aren capabilities and ACLs equivalent?

0 CommentsAdd a Comment

1 Answer

0

The short answer is “no.” There are several reasons why: • Most users do not have the authority to create new user identities in the system. • Access is dynamic, not static. Ignoring the own right (see below), you could conceivably set up an initial system configuration that granted read, write and execute permissions in exactly the same way when the system first starts running. The minute that a new file is created or a new process begins running, the parallel construction of access rights will break down. • In an access list system, there is no way to grant object access to exactly one program. Consider a relatively simple problem of authority transfer: Process A has created a new object C, and wishes to transfer to B and only to B the right to access C. In an access list system, C is owned by userA, and B is running on behalf of userB (user A and user B might not be the same). The only way for A to grant access to B is to add userB to the access list for C. The catch is that user

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123