▶ 4.3 Access Control Lists and MacOS
In many access control problems, we have a single group of users who all need identical access rights to a particular set of files. We can easily solve such problems with group permissions. There are, however, cases where we can’t use file permission flags and a single user group to achieve Least Privilege. Consider a policy that requires these three conditions:
Block access to the user community in general.
Grant read-only access to one group of users.
Grant read/write access to a second group of users.
We can’t do this with Unix-style permission flags and achieve Least Privilege. We might come close if we grant read-only access to everyone and read/write access to the second group. We also might come ...
Get Elementary Information Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
