Which access control model allows file owners to specify user permissions?

Discretionary access control (DAC) is the correct choice because this access control model empowers file owners to determine and specify who can access their files and what permissions those users have. In a DAC environment, the owner of a resource (like a file) has the discretion to grant or restrict access to that resource, giving them direct control over permissions. This means that users can assign rights to other users, allowing for flexible and personalized access management based on the owner's preferences.

In contrast, role-based access control (RBAC) operates based on predefined roles rather than individual ownership, assigning permissions based on the role a user holds within an organization. Rule-based access control involves applying specific rules that govern access, often dynamically and not based solely on ownership. Mandatory access control (MAC) restricts access based on classifications (like security levels), which are set system-wide and cannot be altered by file owners. Each of these models serves its own purpose and is suitable for different security requirements, but only DAC emphasizes owner-defined permissions.