Dacl

Can anyone explain what a DACL is? I was just reading my 291 book and it used this term. I remember seeing it in the 290 book and after google and asking a teacher, I deemed that it wasn't essential to know. But now that it is popping up again, it would be nice to undersand.

How is it different than an ACL?

Thanks

Find more posts tagged with

SAVE $250 on Your Microsoft Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Microsoft Boot Camps

Comments

dynamik

A discretionary access-control list allows the data owner to configure permissions on the file or directory.

Devilsbane

So are you saying that it is a normal ACL that has an ACE of owner/creator?

Psoasman

A DACL will have some ACEs that will allow or deny access to a user or a group. If you set it up the default way, generally only the owner and the system will have access to it.

dynamik

Compare ACLs on a firewall with ACLs for users' files and shared folders. Which one requires an administrator and which one can be configured at the discretion of the data owner?

Devilsbane

dynamik wrote: »

Compare ACLs on a firewall with ACLs for users' files and shared folders. Which one requires an administrator and which one can be configured at the discretion of the data owner?

So are you saying that nearly every ACL in windows is really a DACL?

As far as looking at the difference between a firewall and a file, I'm not getting it. Isn't an ACL always at the discretion of the administrator?

dynamik

Devilsbane wrote: »

So are you saying that nearly every ACL in windows is really a DACL?

If you're talking about an object that has an owner and that owner can configure the permissions as he or she sees fit.

Devilsbane wrote: »

As far as looking at the difference between a firewall and a file, I'm not getting it. Isn't an ACL always at the discretion of the administrator?

First off, I would hope that any firewall ACL modification would go through an appropriate change-management process where others review and approve the it beforehand.

In terms of discretion, users don't have any ownership and can't modify ACLs for items they own. The ACL has to be explicitly configured by an administrator. You don't need administrative privileges to configure DACLs for items that you own. Ownership is the core component of DACL.