File Permissions and Access Control Lists

File Permissions and Access Control Lists

Now It's #day6 of #90DaysOfDevOps🐧

Create a simple file and do ls -ltr to see the details of the files :

touch simple-file.txt

ls -ltr

output :

total 8

drwxrwxr-x 3 ubuntu ubuntu 4096 Apr 3 03:40 batch-3

drwxrwxr-x 3 ubuntu ubuntu 4096 Apr 3 04:46 DevOps-batch-3

-rw-rw-r-- 1 ubuntu ubuntu 0 Apr 3 07:07 simple-file.txt

Now let's decode this drwxrwxr-x permission

  • d represents a directory

  • - represents a regular file

r: READ

w: WRITE

x : EXECUTE

In Linux, there are three types of owners [user, group, others] for a file or directory.

d rwx rwx r-x

  • The first rwx is for the user's permission

    User permissions apply only to the owner of the file or directory, they will not impact the actions of other users. user can also be called the default owner of the file.

  • The second rwx is for the group permission

    A group is a collection of users. If you assign certain permission to a group same permission will be shared by all the members of the group.

  • The third r - x is for the other's permission

    Any user that is not an owner of the file or doesn’t belong to the group can be categorized as others.

Using the chmod command we can able to change the file or directory permission of the [user, group, others]

EXAMPLE :

chmod 777 file.txt

oop's we don't know about 777 things 😅

let, I explain first this thing...!😊

Permissions can be changed using two modes:

i)Symbolic mode
ii)Absolute mode

Example of symbolic mode :

ls -ltr simple-file.txt

output :

-rw-rw-r-- 1 ubuntu ubuntu 0 Apr 3 07:07 simple-file.txt

[For add execute permission to user/owner]

chmod u+x simple-file.txt

ls -ltr simple-file.txt

output :

-rwxrw-r-- 1 ubuntu ubuntu 0 Apr 3 07:07 simple-file.txt

[Similarly, if you want to add a (group and others) execute then g+x for group and o+x for others]

Example of Absolute or numeric mode :

r(read): 4

w(write): 2

x(execute): 1

4(r)+2(w)+1(x)=7(rwx)

777 means anyone can do anything (read, write, or execute)

ls -ltr simple-file.txt

output :

-rwxrw-r-- 1 ubuntu ubuntu 0 Apr 3 07:07 simple-file.txt

[For adding all the permission for all the classes]

chmod 777 simple-file.txt

ls -ltr simple-file.txt

output :

-rwxrwxrwx 1 ubuntu ubuntu 0 Apr 3 07:07 simple-file.txt

Read about ACL and try out the commands getfacl and setfacl

The “getfacl” and “setfacl” commands are used to get and set file access control lists (ACLs) in Linux. ACLs allow you to specify fine-grained permissions for files and directories beyond the standard user, group, and other permissions.

setfacl

  • For adding permission for user -

setfacl -m u:user:rwx <target_file>

  • For adding the permission for group -

setfacl -m g:group:rwx <target_file>

  • To remove a specific entry -

setfacl -x u:user:rwx <target_file>

  • To remove all entries

setfacl -b <target_file>!

getfacl

The output of the “getfacl” command will show the ACLs for the file, including the owner, group, and permissions for each user and group.

Thank you very much for giving your valuable time for reading this article !!☺😊

Arijit Manna