Recognize alternate authorization schemes

Admins should understand basic authorization theory and how MAC and ACLs extend the features provided by the standard Unix permissions.

TODO: is this section needed? is "mandatory" controls introduced elsewhere?

See section View and modify ACLs for more information on ACLs, including ACL attributes.

Note that standard Unix permissions can also be extended by using file flags as covered in section View and modify file flags.

mac(4) and acl(3) on FreeBSD; systrace(1) on NetBSD and OpenBSD