DAC and MAC safety
What is the difference between discretionary access control and mandatory access control? Which is safer?

    Requires Free Membership to View

    Login

    When you register, my team of editors will also send you resources covering Linux administration and management; integration and interoperability between Linux, Windows and Unix; securing Linux and mixed-platform environments; and migrating to Linux.

    Cathleen A. Gagne, Senior Editorial Director

    By submitting your registration information to SearchEnterpriseLinux.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseLinux.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Discretionary Access Controls (DAC) define basic access control policies to objects. These are set at the discretion of the owner of the objects. For example, user and group ownership or file and directory permissions.

Mandatory Access Controls (MAC) are system-controlled access control policies where the system dictates and controls the level of access to an object, even a user created one. The administrator doesn't allow a user to grant less restrictive access controls to that object.

Mandatory Access Controls are considerably 'safer' than discretionary controls, but they are harder to implement and often require consideration tweaking to ensure all applications function correctly.

This was first published in September 2006