Discretionary Access Control (DAC) really just means that each user has the ability to control who can get into their stuff. If I wanted to open my home directory so that every other user on the system can get into it, I could do that. Having done so, I could then control who can access each specific file. In the next chapter, we'll use our DAC skills to manage shared directories, where members of a group might need different levels of access to the files within.

At this point in your Linux career, you likely know the basics of controlling access by setting file and directory permissions. In this chapter, we'll review the basics, and then we'll look at some more advanced concepts.

In this chapter, we'll cover the following topics:

• Using chown to change the ownership of files and directories
• Using chmod to set permissions on files and directories
• What SUID and SGID settings can do for us on regular files
• The security implications of having the SUID and SGID permissions set on files that don't need them
• How to use extended file attributes to protect sensitive files
• Securing system configuration files