+ Reply to Thread
Results 1 to 7 of 7

Thread: Dacl

  1. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #1

    Default Dacl

    Can anyone explain what a DACL is? I was just reading my 291 book and it used this term. I remember seeing it in the 290 book and after google and asking a teacher, I deemed that it wasn't essential to know. But now that it is popping up again, it would be nice to undersand.

    How is it different than an ACL?

    Thanks
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #2
    A discretionary access-control list allows the data owner to configure permissions on the file or directory.
    Reply With Quote Quote  

  4. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #3
    So are you saying that it is a normal ACL that has an ACE of owner/creator?
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Aug 2008
    Posts
    2,666

    Certifications
    MCSE: Security, MCTS x 5, P+, S+, N+, A+, HIT
    #4
    A DACL will have some ACEs that will allow or deny access to a user or a group. If you set it up the default way, generally only the owner and the system will have access to it.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #5
    Compare ACLs on a firewall with ACLs for users' files and shared folders. Which one requires an administrator and which one can be configured at the discretion of the data owner?
    Reply With Quote Quote  

  7. Senior Member Devilsbane's Avatar
    Join Date
    Apr 2010
    Posts
    4,203

    Certifications
    MCSE:Security, MCDST, A+, Network+, Security+, ITIL V3 Foundations, ITIL 2011 Intermediate: Service Transition, MOS 2007 (MCAS) BAS Computer Forensics
    #6
    Quote Originally Posted by dynamik View Post
    Compare ACLs on a firewall with ACLs for users' files and shared folders. Which one requires an administrator and which one can be configured at the discretion of the data owner?
    So are you saying that nearly every ACL in windows is really a DACL?

    As far as looking at the difference between a firewall and a file, I'm not getting it. Isn't an ACL always at the discretion of the administrator?
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #7
    Quote Originally Posted by Devilsbane View Post
    So are you saying that nearly every ACL in windows is really a DACL?
    If you're talking about an object that has an owner and that owner can configure the permissions as he or she sees fit.

    Quote Originally Posted by Devilsbane View Post
    As far as looking at the difference between a firewall and a file, I'm not getting it. Isn't an ACL always at the discretion of the administrator?
    First off, I would hope that any firewall ACL modification would go through an appropriate change-management process where others review and approve the it beforehand.

    In terms of discretion, users don't have any ownership and can't modify ACLs for items they own. The ACL has to be explicitly configured by an administrator. You don't need administrative privileges to configure DACLs for items that you own. Ownership is the core component of DACL.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks