Linux AC

Uses an Unix DAC

Subjects are processes with real and effective user group IDs

Objects are files, directories, pipes and devices with access mode in inode:

rwx r-x ---  uid gid

Access rules are hard-coded in the kernel, checked on syscall call