Controlling resource access through permissions and policies
Access control mechanisms are fundamental to operating system security, determining which users or processes can access specific resources and what operations they can perform. The main access control models are: 1) Discretionary Access Control (DAC) - Resource owners control access permissions (e.g., Unix file permissions). 2) Mandatory Access Control (MAC) - System-wide policies enforce access based on security labels (e.g., SELinux, Windows Mandatory Integrity Control). 3) Role-Based Access Control (RBAC) - Access is based on user roles rather than individual identities. Access control is typically implemented using access control lists (ACLs) that specify permissions for each user/group on each resource, or capabilities that represent unforgeable tokens granting specific access rights. Operating systems also use protection domains to isolate processes and prevent unauthorized access to kernel resources. Modern systems often combine multiple access control models to provide defense in depth. Understanding access control mechanisms is essential for system administrators to configure secure systems and for developers to implement security-aware applications.