Home

ACLs

An access control list (ACL) is a data structure used to define which principals are granted or denied access to a resource and what operations they may perform. ACLs are used across computing systems, from file systems and operating systems to network devices and services. Each entry in an ACL associates a subject, such as a user or group, with a set of permissions or actions.

File system ACLs extend the basic owner-group-other permission model by allowing fine-grained control over individual users

Network ACLs are used on routers, switches, and firewalls to filter traffic. They contain a sequence of

ACLs are a fundamental component of access control and security but do not replace authentication and encryption.

or
groups.
Entries
specify
the
trustee
and
the
allowed
rights,
possibly
restricted
by
a
mask.
Some
systems
support
default
ACLs
that
are
inherited
by
new
files
and
directories.
The
resulting
effective
permissions
determine
whether
an
action
such
as
read,
write,
or
execute
is
permitted.
rules
that
match
attributes
such
as
source
and
destination
IP
addresses,
ports,
and
protocol,
and
specify
permit
or
deny
actions.
Rules
are
typically
evaluated
in
order,
with
the
first
matching
rule
applying;
when
no
rule
matches,
traffic
is
denied
by
default.
They
must
be
managed
carefully
to
avoid
overly
broad
permissions
or
unintended
blocks.
Common
implementations
include
Windows
NTFS
ACLs,
Linux
POSIX/extended
ACLs,
and
network
device
access
lists
on
Cisco,
Juniper,
and
other
platforms.