next up previous
Next: Access Lists Up: Protection Previous: A Model of

Capability Lists

One way to partition the matrix is by rows. Thus we have all access rights of one user together. These are stored in a data structure called a capability list, which lists all the access rights or capabilities that a user has. The following are the capability lists for our example: Fred --> /dev/console(RW)--> fred/prog.c(RW)--> fred/letter(RW) --> /usr/ucb/vi(X) Jane --> /dev/console(RW)--> fred/prog.c(R)--> fred/letter() --> /usr/ucb/vi(X)

When a process tries to gain access to an object, the operating system can check the appropriate capability list.

This arrangement has several drawbacks:
If each capability list has an entry for all objects, many entries will indicate that no access is allowed. For instance, most of Fred's personal files may be protected from Jane. This waste of space may be eliminated by only listing those objects for which a user has some access.
The set of objects accessible by one user, specially privileged users, may be very large. It can be expensive to search capability lists for such users, unless we use capability-based addressing, presented later when we discuss capabilities in more detail.
An initial capability list must be generated for a new user. It is not clear what the initial list should look like.


Prasun Dewan
Mon Nov 4 12:08:34 EST 1996