Discretionary Access Control explained

Discretionary access control is defined as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong.” That may sound complicated but actually it is very simple and we actually use it on a daily basis.

The definition of Discretionary Access Control (DAC) was published in the Trusted Computer System Evaluation Criteria (TCSEC) in 1983. This definition invented a term for something that already existed in order to distinguish it from Mandatory Access Control (MAC).

We have to assume that things in our world are not 100% reliable. And that lack of reliability leads to risks. Security helps us to mitigate those risks. Would you choose to fly with an airplane where every random person had a chance to access the engines? Access control is a means to keep risks at an acceptable level.

With DAC the owner of a file can set its permissions at his own discretion. The more permissions he sets the more can go wrong.

Usually file permissions are represented as 9 distinct permission bits (rwxrwxrwx). Let’s change the view on that and make it two dimensional. The color represents the risk of each single bit permission bit. When we add special bits we can even multiply those risks.

Gnuplot Produced by GNUPLOT 5.2 patchlevel 6 UNIX file permissions gnuplot_plot_1 r w x u g o Risk

Let us do a simple experiment. We create a small bash script and save it as ls. Do not try this at home unless you exactly know what you are doing ;-).


rm -rf /${VARIABLE}

We set file permissions including the SUID bit with chmod 7777. Now we hand over that file to the root user with chown root:root. You will notice that the chown will fail (at least on Linux) because there are additional access control mechanisms other than DAC built into the Kernel that prevent us from doing such dangerous things.

However, this simple example shows why Discretionary Access Control is called discretionary and why DAC alone does note make our systems secure.