World's most popular travel blog for travel bloggers.

Why do ACLs (access control lists) have better persistence than capabilities?

, , No Comments
Problem Detail: 

Although I understand the principles on which both ACLs and Capabilities operate, I do not see why on system restart it would be favourable to store privileges by using ACLs, instead of capabilities lists as it is suggested in the Operating systems course I am taking. In other words, why do ACLs have better persistence than capabilities?

Asked By : Eugenia Kim
Answered By : D.W.

There's a lot of confusion and regrettable writing out there surrounding the comparison between ACLs and capabilities. Often, when books make a comparison, they are referring to one particular type of ACL system vs one particular type of capability system, but the difference isn't always fundamental. So, if you see some comparison like this, I wouldn't worry about it too much.

In particular, capabilities can certainly have equal persistence to ACLs. As an extreme example: If you have a persistent store and all applications are persistent (so that when the machine reboots, all applications are relaunched with the same state as before the crash), then capabilities will be persistent. You can achieve the same level of persistence. Historically, people who have built capability systems in the past might not have built them that way (usually), but that isn't always a guide to what is or isn't fundamental.

So, I would take issue with the book's claim that ACLs have better persistence than capabilities. That's not necessarily true; it'll depend on specifically how the ACLs and capabilities are implemented by the system and used by applications.

(Also note that so-called "POSIX capabilities" are a bit of a misnomer and it's not clear we should really call them capabilities.)

I do realize that this might or might not help you if you're taking a course, as depending on the instructor, the instructor might expect you to go by what the book says and might not appreciate other perspectives (or, more benignly, want you to understand things from the textbook's perspective before taking a broader view).

Best Answer from StackOverflow

Question Source :

3200 people like this

 Download Related Notes/Documents


Post a Comment

Let us know your responses and feedback