Access Control -All users/groups have an OID -A group is a big list of OID's who belong to the group, a group also has its own OID -All processes have to specifiy the OID they are running under -Processes have the same restrictions as the OID they are running for -Users who belong to multiple groups have to have the priority of the groups in case two groups that they belong to have different permissions for the same object -The ACL for a file is stored as a list of ACE's Format of ACE stored in a file: Offset Length Purpose 0 2 OID this restriction applies to (0x0000 means owner) 2 2 Permissions: Each permission is given 2 bits, the format of the bits are: 00 - Deny 01 - Allow 10 - Inherent from parent 11 - !!!!! Inherent from higher-piority group the order of the permissions in the number: N: Read 0: -List Folder/Read Data 1: -Read Permissions N: Write 2: -Append 3: -Change 4: -Delete 5: Execute 6: Change Permissions 7: Take Ownership this adds up to 8x2=16 bits which is 2 bytes