From FreeBSDwiki
Jump to: navigation, search

Granularity refers to the ability to detail very fine levels of administrative control of a system. FAT file systems (the ones used with Windows 95, 98, and ME) are an example of a very non-granular system, because there are no permission levels to be set - you can set ATTRIB flags, of course, but anybody who sits in front of the machine can easily undo them right behind you. Traditional Unixlike filesystems are more granular because they implement numeric permissions security models, in which you can peel off separate levels of access to the file's user, members of the file's group, and to everyone who doesn't fall in either of the above categories. Finally, ACL-enabled filesystems are more granular yet; as they allow any number of differing permissions to be assigned to any number of users or groups upon the same file.

In a separate example, the traditional unixlike security model - in which one user is root and the rest are basically unprivileged - is NOT granular at all, because it's pretty much either-or. To make a unixlike system's security far more granular, however, you can use sudo to parcel out individual tasks that require root privileges without actually giving the user being granted the right to run that task the ability to do anything ELSE under the root user context.

Personal tools