Day 6 : File Permissions and Access Control Lists

Day 6 : File Permissions and Access Control Lists

In Linux, file permissions and ownership are fundamental concepts for managing access to files and directories. These settings help ensure that only authorized users can read, write, or execute files.

File Permissions

Each file and directory has a set of permissions divided into three categories:

  1. User (u): The owner of the file.

  2. Group (g): Users who are members of the file’s group.

  3. Others (o): All other users.

Permissions are represented by three types:

  1. Read (r): Permission to read the contents of the file or directory.

  2. Write (w): Permission to modify the file or directory.

  3. Execute (x): Permission to execute the file (if it’s a script or binary) or to access the directory’s contents.

These permissions are displayed in a 10-character string, such as -rwxr-xr--, where:

  • The first character indicates the file type (- for a regular file, d for a directory).

  • The next three characters represent the user’s permissions.

  • The next three characters represent the group’s permissions.

  • The last three characters represent others' permissions.

Changing Permissions

Permissions can be changed using the chmod command. You can set permissions using symbolic mode or numeric mode.

Symbolic Mode:

chmod u+rwx,g+rx,o+r filename

  • u+rwx: Adds read, write, and execute permissions to the user.

  • g+rx: Adds read and execute permissions to the group.

  • o+r: Adds read permission to others.

Numeric Mode: Permissions can also be represented by an octal number:

  • Read (r) = 4

  • Write (w) = 2

  • Execute (x) = 1

Each digit in the three-digit number represents the sum of permissions for user, group, and others. For example:

chmod 755 filename

  • 7 (user) = 4 (read) + 2 (write) + 1 (execute)

  • 5 (group) = 4 (read) + 1 (execute)

  • 5 (others) = 4 (read) + 1 (execute)

File Ownership

Each file and directory is owned by a user and a group. Ownership can be changed using the chown and chgrp commands.

Changing Ownership:

chown newuser filename

This command changes the owner of the file to newuser.

Changing Group Ownership:

chgrp newgroup filename

This command changes the group of the file to newgroup.

You can also change both the owner and group simultaneously:

This command changes the group of the file to newgroup.

You can also change both the owner and group simultaneously:

chown newuser:newgroup filename

Examples

  1. Viewing Permissions and Ownership:

    This shows that the user has read, write permissions, the group has read and write permissions, and others have read permission

  2. Changing Permissions:

    command : chmod 744 filename

    This sets the permissions to rwx-r--r-- (read,write & execute for user, read-only for group and others)

  3. Changing Ownership:

    command : chgrp groupname filename

Summary

  • File Permissions: Manage read, write, and execute permissions for user, group, and others.

  • File Ownership: Each file has an owner and a group.

  • Commands:

    • chmod: Change file permissions.

    • chown: Change file ownership.

    • chgrp: Change group ownership.

Understanding and correctly setting file permissions and ownership is essential for system security and proper file management in Linux.

Access Control List in Linux

Access Control Lists (ACLs) in Linux provide a more flexible permission mechanism than the traditional Unix file permission system. ACLs allow you to define permissions for specific users or groups beyond the standard owner/group/others model.

Understanding ACLs

ACLs enable you to set granular permissions for any number of users or groups. This is useful in scenarios where you need to grant different levels of access to multiple users without changing the group ownership of files or directories.

Basic ACL Commands

  1. Setting ACLs: Use setfacl to set ACLs.

  2. Viewing ACLs: Use getfacl to view ACLs.

Examples

  1. Setting ACLs

    • Granting Read Permission to a User:

      setfacl -m u:username:r file.txt

      This command grants read (r) permission on file.txt to the user username

    • Granting Write Permission to a Group:

      setfacl -m g:groupname:w file.txt

      This command grants write (w) permission on file.txt to the group groupname.

    • Granting Full Permissions to a User:

      setfacl -m u:username:rwx file.txt

      This command grants read, write, and execute (rwx) permissions on file.txt to the user username.

    • Removing ACLs:

      setfacl -x u:username file.txt

      setfacl -x u:username file.txt

  1. Viewing ACLs

    • Viewing ACLs of a File:

      getfacl file.txt

      This command displays the ACLs of file.txt.

Summary

  • ACLs provide fine-grained control over file and directory permissions.

  • Commands: setfacl to set ACLs, getfacl to view ACLs.

  • Use Cases: Grant specific permissions to multiple users/groups without altering group ownership.

  • Defaults: Default ACLs ensure new files/directories inherit specific permissions.

ACLs are a powerful tool for managing permissions in complex environments where the traditional Unix permissions model is insufficient.