The File Permissions Analogy is Brilliant
You're absolutely right that from a UNIX user's perspective, vault enforcement IS just permission checking:
Traditional UNIX permissions
drwxr-xr-x /proc # Read-only directory
drwxrwxrwx /sys # Read-write directory
-rwxr-xr-x /bin/ls # Executable (not readable in practice - binary)
-rw------- /etc/shadow # Owner-only read-write
The File Permissions Analogy is Brilliant
You're absolutely right that from a UNIX user's perspective, vault enforcement IS just permission checking:
Traditional UNIX permissions
drwxr-xr-x /proc # Read-only directory
drwxrwxrwx /sys # Read-write directory
-rwxr-xr-x /bin/ls # Executable (not readable in practice - binary)
-rw------- /etc/shadow # Owner-only read-write