Introduction

On Linux® operating systems, everything is represented as a file. For example, hard disk drives are represented as /dev/hdax and /dev/sdax files, and processes, such as Mozilla® Firefox® and the Apache HTTP Server, are represented as files in the proc file system (/proc/). Files are called objects, and processes (including users) are called subjects. Linux operating systems use a Discretionary Access Control (DAC) system that controls how subjects interact and access objects. On systems using DAC, users control the permissions of objects (files and directories) that they own. They could, for example, make their home directories world-readable, giving subjects (users and processes) access to potentially sensitive information.

The following is an example of permissions used on a Linux operating system that does not run SELinux. Use the ls -l command to view object (file) permissions:

-rwxrw-r-- 1 user1 group1 0 Aug 18 10:08 file1