"Linux's basic security structure, which is based on Unix's least privilege model, works quite well. It's simple to understand and use; the basic idea is to never use more than the absolutely required permissions to perform a task.
"Under this model, there are three levels of file ownership: owner, group, world. And three levels of file permissions: read, write, execute. Using 'sticky' bits allows permissions to be inherited. Since everything in Linux and Unix is treated as a file--data and system files, directories, and hardware devices--it's a simple, flexible system for controlling access. This allows you, the ace sysadmin, to do neat things like grant users the ability to execute a script, but not read or edit it. Or to create shared directories that automatically set group ownership and permissions on new files, or to run daemons as unprivileged users. Human users run with minimal permissions to prevent them from mucking with system files; or if their accounts are compromised, limiting the damage to files owned by the user..."
