InfoSec Notes
Understanding DAC where resource owners control access permissions, including Unix file permissions, Windows ACLs, and security implications.
Overview
In DAC, the resource owner has discretion to determine who can access their resources. This is the most common access control model used in commercial operating systems like Windows and Unix/Linux.
DAC Model
============
Owner creates resource → Owner sets permissions → Others access based on permissions
Unix Example
$ ls -la report.txt
-rw-r--r-- 1 alice staff 4096 Jan 15 10:00 report.txt
Owner (alice): read + write
Group (staff): read only
Others: read only
Unix/Linux Permission System
File Permission Bits
=======================
Type Owner Group Others
- rwx rwx rwx
r = read (4) → View file contents / list directory
w = write (2) → Modify file / create files in directory
x = execute (1) → Run file / traverse directory
Examples
chmod 755 script.sh → rwxr-xr-x (owner full, others read+execute)
chmod 640 secret.txt → rw-r----- (owner read/write, group read, others nothing)
chmod 700 private/ → rwx------ (owner only)
Special Permissions
SUID (4000): Execute as file owner (e.g., /usr/bin/passwd)
SGID (2000): Execute as group / inherit group in directories
Sticky (1000): Only owner can delete files in directory (/tmp)
Python DAC Implementation
DAC Strengths and Weaknesses
| Strengths | Weaknesses |
|---|---|
| Flexible and intuitive | Owner can share too broadly |
| Easy to implement | No central policy enforcement |
| Users control own resources | Trojan horse problem |
| Standard in commercial OS | Difficult to audit organization-wide |
Interview Questions
- What is the Trojan horse problem in DAC?
- A malicious program running with user's permissions can copy restricted files to locations accessible by the attacker. Since DAC grants access based on the running user's identity, any program that user runs has the same file access rights.
- How do Unix file permissions implement DAC?
- Each file has an owner who sets read/write/execute bits for owner, group, and others. The owner can modify these permissions freely (chmod). This is discretionary because the owner decides — no system-wide security policy overrides their choices.
- Why is DAC considered less secure than MAC?
- DAC allows owners to share access without oversight, information can flow to unauthorized users through copying, and there's no system-enforced security classification. MAC prevents this by enforcing system-wide rules regardless of owner preferences.
- What is the SUID bit and why is it a security concern?
- SUID makes a program execute with the file owner's permissions (often root). If a SUID program has vulnerabilities (buffer overflow), attackers can escalate privileges to root. Regular SUID audits are essential security hygiene.
- Compare Windows NTFS ACLs with Unix file permissions.
- Unix: Simple 3-tier model (owner/group/others) with 3 permissions (rwx). Windows NTFS: Rich ACLs with per-user/group entries, granular permissions (13+ types), inheritance, explicit deny, and auditing. NTFS is more flexible but more complex to manage.
Real-World DAC Implementation Examples
Linux File System: The most ubiquitous DAC implementation is the Unix/Linux permission model. Every file and directory has an owner and group, with permission bits for read (r), write (w), and execute (x) across three categories: owner, group, and others. The chmod command lets owners modify these permissions at will — this discretionary nature is the defining characteristic.
This shows: owner (alice) has full access, the developers group can read and execute, and all others are denied access entirely.
Windows NTFS: Windows implements DAC through Access Control Lists (ACLs) that are significantly more granular than Unix permissions. Each file has a Discretionary ACL (DACL) containing Access Control Entries (ACEs) that specify allow or deny permissions for specific users or groups. Permissions include Read, Write, Execute, Delete, Change Permissions, and Take Ownership — over 13 individual permission types.
Database Systems: Relational databases implement DAC through the GRANT and REVOKE SQL statements. Table owners can grant SELECT, INSERT, UPDATE, or DELETE privileges to specific users or roles. This is discretionary because the object owner decides who gets access without requiring administrator involvement.
DAC Security Hardening Strategies
While DAC has inherent limitations, several strategies can reduce risk:
- Principle of Least Privilege: Grant only the minimum permissions needed for each user's role. Review and revoke unnecessary access regularly.
- Umask Configuration: Set restrictive default permissions (umask 077) so new files aren't accidentally world-readable.
- Regular Permission Audits: Script periodic scans for overly permissive files (world-writable, SUID binaries).
- Group-Based Management: Use groups instead of per-user permissions to simplify administration and reduce errors.
- Combine with MAC: In high-security environments, layer MAC (SELinux, AppArmor) on top of DAC for defense in depth. DAC handles daily workflow while MAC enforces system-wide security boundaries.
Exam Focus
Revise definitions, diagrams, examples, and short-answer points for Discretionary Access Control (DAC).
Interview Use
Prepare one clear explanation, one practical example, and one common mistake for this Information Security topic.
Search Terms
information-security, information security, information, security, access, control, discretionary, dac
Related Information Security Topics