Day 6 : File Permissions and Access Control Lists

Day 6 : File Permissions and Access Control Lists

Linux OS is mainly known for it's Security and when it comes to access, control and permissions to files and directories it stands out with the most reliable and sorted structure. It relies on a system of file permissions and ownership to protect data and regulate access. In this article, we will explore the fundamental concepts of Linux file permissions and access control lists.

Task 1 - Write an article about File Permissions based on your understanding from the notes.

Every Linux system have three types of owner:

  1. User: A user is the one who created the file. By default, whosoever, creates the file becomes the owner of the file. A user can create, delete, or modify the file.

  2. Group: A group can contain multiple users. All the users belonging to a group have same access permission for a file.

  3. Other: Any one who has access to the file other than user and group comes in the category of other. Other has neither created the file nor is a group member.

Users and groups can be locally managed in /etc/psswd or /etc/group.

In Linux, file permissions determine who can read, write, and execute a file. Each file and directory has a set of permissions. These permissions are represented by a combination of letters and symbols as shown below :

The numeric/objective permissions in linux are :

Each digit is a combination of the values 4 (read), 2 (write), and 1 (execute), with a value of 7 indicating full permissions (read, write, and execute), a value of 6 indicating read and write permissions, and so on.

For example, a numeric permission of 777 would give full permissions to the user, group and others.

*Change Permissions-

"chmod" command. For example, if you want to give “execute” permission to the world (“other”) for file “Piyush.txt”,

chmod o+x piyush.txt

syntax : chmod o+x Piyush.txt - here o represents others, + represents add permissions, x represents excute permissions followed by file name.

You can also change multiple permissions at once. For example, if you want to take all permissions away from everyone, you would type.

chmod ugo-rwx piyush.txt

The code above revokes all the read(r), write(w), and execute(x) permission from all user(u), group(g), and others(o) for the file Piyush.txt which results in this.

*Change the group permission-

"chgrp" <group name> <file/directory name>

chgrp teslagrp /piyush.txt

*Change the ownership permission-

"chown" <user name> <file/directory name>

chown Ubuntu piyush.txt

Task 2 - Create a simple file and do ls -ltr to see the details of the files and change the user permissions of the file and note the changes after ls -ltr

Here you can see the file piyushday6 has given permission 777 which means it has all the read, write and execute permissions.

Below I have changed the permission to 745 that explanation has been given in the second point.

*Task 3- Read about ACL and try out the commands getfacl and setfacl.

Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource.

"getfacl": This command is used to display the access control list for a file or directory. It provides a detailed breakdown of who has access and the level of access granted.

For example :

getfacl test/declarations.h

Output:

# file: test/declarations.h
# owner: piyush
# group: piyush
user::rw-
group::rw-
other::r--

"setfacl": The "setfacl" command allows you to modify the access control list. You can grant or revoke specific permissions for particular users or groups, creating a highly customized access management system.

To add permissions for a user (user is either the user name or ID):

# setfacl -m "u:user:permissions"

To add permissions for a group (group is either the group name or ID):

# setfacl -m "g:group:permissions"

To allow all files or directories to inherit ACL entries from the directory it is within:

# setfacl -dm "entry"

And the Day6 Tasks for of File Permissions and ACL sums up.
Thanks for checking it out. Do like and give your valuable suggestions.

#90daysofdevOps #devOps #linux

LinkedIn: https://www.linkedin.com/in/piyush-chauhan-a93989167/