Hemanshu Sanjay Mahajan's blog

Day 6 Task: File Permissions and Access Control Lists

Hemanshu S Mahajan's photo
Hemanshu S Mahajan
·

6 min read

File Permissions Overview

In Linux, each file and directory has a set of permissions that determine who can read, write, and execute them. Permissions are assigned to three categories of users: owner, group, and others.

The owner of a file or application is the user who created it. The owner has the highest level of control over the file, including the ability to change permissions modify contents, and delete the file.

To change the ownership of a file or directory, we use the chown command. For example:

chown new_owner file.txt

Group

The group that owns a file or application is a set of users who share common permissions for that file. Group permissions are useful when multiple users need access to the same files, allowing them to collaborate efficiently.

To change the group ownership of a file or directory, we use the chgrp command. For example:

chgrp new_group file.txt

Others

The others category includes all users who have access to the system but are neither the owner nor members of the group. The permissions granted to others define what actions they can perform on the file or directory.

To change the permissions for others, we use the chmod command. For example:

chmod o+rw file.txt

  1. Create a simple file and do ls -ltr to see the details of the files.

    • owner — The owner of the file or application.

    • "chown" is used to change the ownership permission of a file or directory.

    • group — The group that owns the file or application.

    • "chgrp" is used to change the group permission of a file or directory.

    • others — All users with access to the system. (outside the users are in a group)

    • "chmod" is used to change the other users permissions of a file or directory.

        ubuntu@ip-172-31-45-205:~/hemanshu$ ls -ltr
  total 8
  -rw-rw-r-- 1 ubuntu ubuntu 44 Oct 23 13:42 fruits.txt
  -rw-rw-r-- 1 ubuntu ubuntu 45 Oct 23 14:02 Colors.txt
  ubuntu@ip-172-31-45-205:~/hemansh

  1. Write an article about File Permissions based on your understanding from the notes.

    File Permissions Basics

    File permissions are an essential component of multi-user operating systems like Linux and Unix-based systems. They are also present in Windows, though the terminology and methods of managing permissions may differ. In this article, we'll primarily focus on Unix-like systems for clarity.

    There are three primary levels at which file permissions can be set:

    1. Owner: This represents the person who created the file or folder. The owner typically has the most control over the file, including the ability to change permissions and delete it.

    2. Group: Files and folders can be assigned to a specific group. Group permissions apply to all members of that group, allowing for shared access among a select set of users.

    3. Others: This category encompasses all other users on the system who are neither the owner nor part of the designated group. Others have the most limited permissions by default.

File Permissions Modes

File permissions are represented using a combination of letters and numbers, often seen when you execute the ls -l command in a terminal. The permission string typically looks like this:

    -rw-r--r--

Each character in the string represents a permission or attribute. In the example above, the first character '-' indicates that it's a regular file, not a directory. The next three characters 'rw-' represent the owner's permissions (read and write but not execute), the next three 'r--' represent group permissions (read-only), and the last three 'r--' represent other users' permissions (read-only).

Here's a breakdown of the most common permission characters:

  • 'r': Read permission, allowing a user to view the contents of a file or list the files in a directory.

  • 'w': Write permission, allowing a user to modify the file or create new files in a directory.

  • 'x': Execute permission, permitting the user to run the file as a program or enter a directory.

  • '-': Represents the absence of a particular permission.

Managing File Permissions

To modify file permissions, you can use the chmod command on Unix-based systems. Here's a basic usage:

    chmod [options] mode file

  • [options] can include flags like -R to apply permissions recursively to directories and their contents.

  • mode represents the permission changes you want to make, and it can be represented in numeric or symbolic notation.

  • file is the target file or directory you want to modify.

Numeric Notation:

  • Numeric notation uses a three-digit number to represent permission settings.

  • The first digit represents the owner's permissions, the second for the group, and the third for others.

  • The digits are calculated by adding the values for read (4), write (2), and execute (1). For example, 755 indicates read, write, and execute permission for the owner, and read and execute permissions for the group and others.

Symbolic Notation:

  • Symbolic notation offers a more human-readable way to modify permissions.

  • It uses a combination of letters and symbols to set permissions. For instance, u stands for the owner, g for the group, and o for others.

  • Operators like + (add), - (remove), and = (set) are used to change permissions.

  • Example: chmod u+x file adds execute permission for the owner.

  1. Read about ACL and try out the commands getfacl and setfacl

    getfacl and setfacl are command line utilities in Linux that are used to view and modify the access control lists (ACLs) of files and directories.

    getfacl command is used to display the access control list (ACL) of a file or directory. It shows the permissions for the owner, group owner, and all other users, as well as any additional users or groups that have been granted specific permissions.

    setfacl command is used to set or modify the access control list (ACL) of a file or directory. This command is used to add, modify, or delete specific permissions for a user or group. The setfacl command can also be used to set the default ACL for a directory, which will be applied to all new files and directories created within that directory.

    For example, the command getfacl /home/user/example.txt will display the permissions and acls of the file /home/user/example.txt and setfacl -m u:user1:rwx /home/user/example.txt will give user1 read, write and execute permissions on the file /home/user/example.txt.

Commands in ACL:

In ACL only two commands used

  • Setfacl

  • getfacl

For setting up ACL:

a) To add permission for user:

setfacl -m "u:user:permission" file_name

b) To add permission for a group:

setfacl -m "g:group:permission" file_name

c) To remove a specific entry:

setfacl -x :entry" file_name

d) To remove all entries:

setfacl -b file_name

e) To allow all files or directories to inherit ACL entries from the directory it is within:

setfacl -dm "entry" file_name
TrainWithShubhamDevops#90daysofdevops