Day 6: File Permissions and Access Control Lists

90DaysOfDevOps

·

3 min read

Day 6: File Permissions and Access Control Lists

Today, we're going to discuss Linux file permissions and Access Control Lists (ACLs)

Create a simple file and do ls -ltr to see the details of the files.

You'll see a list of files in the current directory, including "createDirectories.sh," with details like permissions, ownership, size, and modification time.

File Permissions

File permissions in Linux are a crucial aspect of the operating system's security model. They determine who can access, modify, or execute a file or directory. Each file and directory in a Linux system has three sets of permissions, represented by the letters "r" (read), "w" (write), and "x" (execute), corresponding to three different user categories: owner, group, and others.

In Linux, files and folders have special permissions to control who can do what with them. There are three categories of users:

  1. User: The owner of the file or folder.

  2. Group: The group that owns the file or folder.

  3. Others: All users outside the owner and group.

Here's how the permissions are organized:

  1. Owner Permissions:

    • r (read): Allows the owner to view the content of the file.

    • w (write): Allows the owner to modify the content of the file.

    • x (execute): Allows the owner to execute the file (if it's a program or script).

  2. Group Permissions:

    • r (read): Allows members of the group to view the content of the file.

    • w (write): Allows members of the group to modify the content of the file.

    • x (execute): Allows members of the group to execute the file (if applicable).

  3. Other Permissions:

    • r (read): Allows anyone else to view the content of the file.

    • w (write): Allows anyone else to modify the content of the file.

    • x (execute): Allows anyone else to execute the file (if applicable).

These permissions are represented using a three-character string for each category, like rwxr-xr--, where the first three characters are the owner's permissions, the next three are the group's permissions, and the last three are the permissions for others.

Now lets's some examples of how to change file permissions using the chmod command in Linux:

Changing Permissions using Symbolic Notation:

  • To add execute permission for the owner of a file:

      chmod u+x filename
    
  • To remove write permission for the group from a file:

      chmod g-w filename
    
  • To grant read, write, and execute permissions for others on a directory:

      chmod o+rwx directoryname
    

g => group

o => others

Changing Permissions using Numeric Notation:

  • To set read, write, and execute permissions for the owner, and read and execute permissions for the group and others:

      chmod 755 filename
    
  • To give full permissions (read, write, and execute) to the owner, read and execute permissions to the group, and no permissions to others:

      chmod 750 filename
    
  • To remove all permissions for everyone except the owner:

      chmod 700 filename
    

    In Numeric Permissions are calculated by adding:

    4 (read)

    2 (write)

    1 (execute)

Read about ACL and try out the commands getfacl and setfacl

ACL stands for "Access Control List." In the context of computer systems and operating systems, including Linux, an ACL is a mechanism that provides a finer level of control over file and directory permissions beyond the traditional owner-group-others permission model.

In Linux, the getfacl and setfacl commands are used to view and modify ACLs. Here are some basic examples of how to work with ACLs:

To view the ACLs of a file or directory:

getfacl filename_or_directory

To add a specific user with read and write permissions to a file:

setfacl -m u:moizasif:rw test1