Access control lists
If you've used Linux for a long time, you're probably quite familiar with file permissions. Indeed, managing permissions is a critical part of managing a Linux system. In general, you should provide minimal access whenever possible. Every user (or group) should have just enough permissions and no more.
However, providing appropriate permissions to each user is often complicated by the permission scheme itself. Unix permissions -- the model for Linux permissions -- were designed in a day and age when computers were still relatively new and when the security implications of the Unix scheme had yet to be fully considered. Thus, Unix's "legacy" permissions can be limiting in today's world, particularly on multi-user systems.
By Roderick W. Smith at Linux Magazine.
[ Read more ]