Files can generally be secured by using two methods: standard UNIX file permissions and access control lists (ACLs). UNIX file permissions provide read, write, and execute permissions for three user classes (file owner, group, and other users), whereas ACLs take security a step further by enabling you to define file permissions for each user class. For example, let's say you want the sales user group to read a particular file; however, you want only the sales manager—part of the sales group—to have additional permission to make changes to, or write to, that file. With UNIX file permissions, you're limited to making the file either read-only or read-write for the sales group. On the other hand, by using ACLs, you can make the file read- only for the sales group, with the exception of read-write for the sales manager.
For the exam, be sure to know that access control lists (ACLs) allow you to define file permissions for each user class. This provides for file security at the user level, and can be unique to each user or class of users.
In this chapter, we'll talk about access control with regard to file security. We'll look at protecting files with UNIX permissions and also enhancing file security with ACLs.