Related question: How does the Linux file system/organization differ from Windows?
I am somewhat familiar with how privileges work when it comes to files and directories – each entry has an owner and group property that represent the owner of the file and the group that the owner belongs to (correct me if I'm wrong).
How does this differ from the organization of permissions in the NTFS filesystem on Windows? What advantages does Unix's permission system have over NTFS?
Best Answer
NTFS has Windows ACEs. Unix uses "mode bits" on each file.
On NTFS, each file can have an owner, and zero or more Windows access control entries (ACEs). An ACE consists of a principal (users and groups are principals), a set of operations (Read, Write, Execute, etc.) and whether those operations are allowed or denied. Files can have many ACEs. Other objects in Windows other than files can have ACEs as well, such as registry entries, printer objects, and other things. All ACEs are taken into account when a file operation occurs. Deny takes precedence over allow.
Windows ACEs support inheritance where you can set an ACE for a directory and have it automatically propagate to lower level directories.
Files in Unix have an owning user (owner) and an owning group (owner-group). There are three fixed "principals" which are owner, members of the owning group, and everyone else (a.k.a world). For each principal there are three "bits" which cover read, write, and execute abilities. (these have different meanings for directories than files, see this). These bits determine who can perform what operations. This is called the file's mode and is built into the file (there are no separate ACEs).
Most of the time you are concerned with the "world" permissions, i.e. setting all three bits to 0 for "world" means no one who isn't the owner or group-owner can do anything with the file. Unix permissions only work on the filesystem, but since most objects appear as files you can use permissions to restrict access to disks, printers, etc. Unix permissions are simpler but more "coarse." Unix permissions do not support inheritance and will not affect lower level directories, with the exception of execute permission for directories (I think) which causes newly created files to assume permissions of the directory (but doesn't affect currently created files).
Traditionally Unix files have a single owner and a single owner-group. There are extensions to Linux that add ACEs to files in similar fashion to Windows.
Unix's advantage is only that a simpler system is usually easier to understand and secure, and speed since the filesystem doesn't have to fetch ACEs in addition to inodes when opening files.