In Linux, file permissions and ownership are fundamental concepts for managing access to files and directories. These settings help ensure that only authorized users can read, write, or execute files.
File Permissions
Each file and directory has a set of permissions divided into three categories:
User (u): The owner of the file.
Group (g): Users who are members of the file’s group.
Others (o): All other users.
Permissions are represented by three types:
Read (r): Permission to read the contents of the file or directory.
Write (w): Permission to modify the file or directory.
Execute (x): Permission to execute the file (if it’s a script or binary) or to access the directory’s contents.
These permissions are displayed in a 10-character string, such as -rwxr-xr--
, where:
The first character indicates the file type (
-
for a regular file,d
for a directory).The next three characters represent the user’s permissions.
The next three characters represent the group’s permissions.
The last three characters represent others' permissions.
Changing Permissions
Permissions can be changed using the chmod
command. You can set permissions using symbolic mode or numeric mode.
Symbolic Mode:
chmod u+rwx,g+rx,o+r filename
u+rwx
: Adds read, write, and execute permissions to the user.g+rx
: Adds read and execute permissions to the group.o+r
: Adds read permission to others.
Numeric Mode: Permissions can also be represented by an octal number:
Read (r) = 4
Write (w) = 2
Execute (x) = 1
Each digit in the three-digit number represents the sum of permissions for user, group, and others. For example:
chmod 755 filename
7
(user) = 4 (read) + 2 (write) + 1 (execute)5
(group) = 4 (read) + 1 (execute)5
(others) = 4 (read) + 1 (execute)
File Ownership
Each file and directory is owned by a user and a group. Ownership can be changed using the chown
and chgrp
commands.
Changing Ownership:
chown newuser filename
This command changes the owner of the file to newuser
.
Changing Group Ownership:
chgrp newgroup filename
This command changes the group of the file to newgroup
.
You can also change both the owner and group simultaneously:
This command changes the group of the file to newgroup
.
You can also change both the owner and group simultaneously:
chown newuser:newgroup filename
Examples
Viewing Permissions and Ownership:
This shows that the user has read, write permissions, the group has read and write permissions, and others have read permission
Changing Permissions:
command : chmod 744 filename
This sets the permissions to
rwx-r--r--
(read,write & execute for user, read-only for group and others)Changing Ownership:
command : chgrp groupname filename
Summary
File Permissions: Manage read, write, and execute permissions for user, group, and others.
File Ownership: Each file has an owner and a group.
Commands:
chmod
: Change file permissions.chown
: Change file ownership.chgrp
: Change group ownership.
Understanding and correctly setting file permissions and ownership is essential for system security and proper file management in Linux.
Access Control List in Linux
Access Control Lists (ACLs) in Linux provide a more flexible permission mechanism than the traditional Unix file permission system. ACLs allow you to define permissions for specific users or groups beyond the standard owner/group/others model.
Understanding ACLs
ACLs enable you to set granular permissions for any number of users or groups. This is useful in scenarios where you need to grant different levels of access to multiple users without changing the group ownership of files or directories.
Basic ACL Commands
Setting ACLs: Use
setfacl
to set ACLs.Viewing ACLs: Use
getfacl
to view ACLs.
Examples
Setting ACLs
Granting Read Permission to a User:
setfacl -m u:username:r file.txt
This command grants read (
r
) permission onfile.txt
to the userusername
Granting Write Permission to a Group:
setfacl -m g:groupname:w file.txt
This command grants write (
w
) permission onfile.txt
to the groupgroupname
.Granting Full Permissions to a User:
setfacl -m u:username:rwx file.txt
This command grants read, write, and execute (
rwx
) permissions onfile.txt
to the userusername
.Removing ACLs:
setfacl -x u:username file.txt
setfacl -x u:username file.txt
Viewing ACLs
Viewing ACLs of a File:
getfacl file.txt
This command displays the ACLs of
file.txt
.
Summary
ACLs provide fine-grained control over file and directory permissions.
Commands:
setfacl
to set ACLs,getfacl
to view ACLs.Use Cases: Grant specific permissions to multiple users/groups without altering group ownership.
Defaults: Default ACLs ensure new files/directories inherit specific permissions.
ACLs are a powerful tool for managing permissions in complex environments where the traditional Unix permissions model is insufficient.