Access Control Methods

• Privilege inheritance

  • Normally a process executes with same privileges as the user who launched it
  • Some applications require process to execute with other user privileges
    • Example: passwd
  • setuid and setgid allow process to run with the privileges of the file owner
  • Improper use of setuid and setgid can lead to security breaches
  • LSM Capabilities allow administrator to assign privileges to applications as opposed to users to prevent this

Previous slide

Next slide

Back to first slide

View graphic version