Ritul's blog
File Permissions and Access Control Lists

File Permissions and Access Control Lists

Today is more on Reading, Learning and Implementing File permissions

Ritul Gupta's photo
Ritul Gupta
·

4 min read

Table of contents

Access Modes/Permissions

SymbolicAbsolute ModeFileDirectory
r4To display the contentTo list the content
w2To ModifyTo create or remove
x1To execute the fileTo enter into the directory

The concept of Linux File permission and ownership is important in Linux. Here, we will be working on Linux permissions and ownership and will do tasks on both of them. Let us start with the Permissions.

Commands

Create a simple file and do ls -ltr

Each of the three permissions is assigned to three defined categories of users. The categories are:

chmod:- Used to change the access mode of file.

chown:- Change the owner of File or Directory.

chgrp:- Change the group of File or Directory.

ubuntu@ip-172-31-2-150:~/Day6$ echo "This is new file" >> new_file.txt
ubuntu@ip-172-31-2-150:~/Day6$ cat new_file.txt
This is new file
ubuntu@ip-172-31-2-150:~/Day6$ ls -ltr
total 8
-rw-rw-r-- 1 user user 30 Mar 27 10:33 touch
-rw-rw-r-- 1 user user 17 Mar 27 10:34 new_file.txt

ubuntu@ip-172-31-2-150:~/Day6$ chmod 774 new_file.txt
ubuntu@ip-172-31-2-150:~/Day6$ ls -ltr
total 8
-rw-rw-r-- 1 user user 30 Mar 27 10:33 touch
-rwxrwxr-- 1 user user 17 Mar 27 10:34 new_file.txt

Write an article about File Permissions based on your understanding from the notes.

In Linux, every file and directory is owned by a user and a group. Each user can have different levels of access to these files and directories, which is determined by a set of permissions.
To view the permissions of a file or directory in Linux, we can use the ls -ltr command. This will display a detailed list of files and directories, including their ownership and permissions.

A. Symbolic Method

The permissions for a file or directory can be set for the owner, for the group that the file belongs to, and for all other users. There are three types of permissions in Linux read, write, and execute, and three types of categories owner(The owner of the file or directory), group(The group that owns the file or directory), and others(All users with the access of file or directory).

 chmod g+w filename #To give write permission to groups
 chmod o-r filename #To remove the read permission from others users
 chmod a-rwx filename #To remove read,write and execute permission from all the 3 categories

The letters u, g, and o represent the file owner, group, and others, respectively. The + and - symbols indicate whether to add or remove permissions. The letters r, w, and x indicate which permissions to add or remove.

B. Numeric Method

To specify permissions using numbers, we can use a three-digit code that represents the permissions for the file owner, group, and others. Each digit represents a combination of read(4), write(2), and execute(1) permissions.

 chmod [permissions] [file or directory]
 chmod 700 [file or directory] #represents all permissions for the file owner and no permissions for the group and others
 chmod 760 [file or directory] #represents all permissions for the file owner and read,write for the group and no permissions for the others

Read about ACL and try out the commands getfacl and setfacl

Access Control Lists (ACLs) allow us to apply a more specific set of permissions to a file or directory without changing the base ownership and permissions. ACL provides an additional, more flexible permission mechanism for file systems.

The setfacl command is used to add or modify an ACL, while the getfacl command is used to display the current ACL settings for a file or directory.

To set ACL permission to the user : setfacl -m u:user:permissions /path_to_file

ubuntu@ip-172-31-2-150:~/Day6$ getfacl new_file.txt
# file: new_file.txt
# owner: user
# group: user
user::rw-
group::rw-
other::r--

ubuntu@ip-172-31-2-150:~/Day6$ setfacl -m u:user1:rw new_file.txt
ubuntu@ip-172-31-2-150:~/Day6$ getfacl new_file.txt
# file: new_file.txt
# owner: user
# group: user
user::rw-
user:user1:rw-
group::rw-
mask::rw-
other::r--

To remove ACL permission from the user: setfacl -x u:user: /path_to_file

ubuntu@ip-172-31-2-150:~/Day6$ setfacl -x u:user1: new_file.txt
ubuntu@ip-172-31-2-150:~/Day6$ getfacl new_file.txt
# file: new_file.txt
# owner: user
# group: user
user::rw-
group::rw-
mask::rw-
other::r--

To set ACL permission to Group: setfacl -m g:group:permissions /path_to_file

To remove ACL permission from the group: setfacl -x g:group: /path_to_file

To remove all ACL permissions: setfacl -b /path_to_file
Where m is for modifying the mode of permission and x is for removing permission and b is for base permission.

Hope you enjoy this article!!

file-permissionlinux file permissionsDevops articles#90daysofdevopsTrainWithShubham