Day 6 File Permissions and Access Control Lists

Day 6 File Permissions and Access Control Lists

File Permissions and Access Control Lists

In Linux, file permissions are enforced by the kernel, which checks the permissions of a user or process before allowing access to a file or directory. If a user or process doesn't have the required permissions, the kernel will deny access and return an error.

Each file and directory in a Linux system has an associated set of permissions, which are represented by a set of three characters for each of the three types of users (owner, group, and others) - read (r), write (w), and execute (x). The permissions for a file or directory can be viewed using the "ls -l" command in the terminal.

The permissions can be changed using the "chmod" command, which can be used with either the symbolic or octal method. The symbolic method uses letters to represent the user, group, and other permissions, while the octal method uses a three-digit number to represent the permissions for each group.

For example, to give the owner read and write permissions, and the group and others read-only permissions, the file mode would be set to "644" using the octal method. This is calculated as follows:

  • Owner: 4 (read) + 2 (write) + 0 (execute) = 6

  • Group: 4 (read) + 0 (write) + 0 (execute) = 4

  • Others: 4 (read) + 0 (write) + 0 (execute) = 4

So the file mode would be "644". To set the file mode using "chmod," you would use the command "chmod 644 filename".

In addition to file permissions, Linux also supports Access Control Lists (ACLs), which allow for more fine-grained control over access to files and directories. ACLs can be used to set permissions for specific users or groups, even if they are not the owner or part of the group that owns the file or directory. ACLs can be managed using the "setfacl" and "getfacl" commands in the terminal.

Overall, file permissions are a crucial aspect of Linux system security and understanding how they work is essential for any Linux user or system administrator.

These permissions are set for three types of users: the owner of the file, members of the group that the file belongs to, and all other users.

Three basic permissions can be set for a file or directory:

  1. Read (r): Allows users to view the contents of a file or directory.

  2. Write (w): Allows users to modify or delete a file or directory.

  3. Execute (x): Allows users to execute a file or access the contents of a directory.

The permissions are represented by three letters for each of the three types of users:

  • The owner of the file (represented by "u" for "user")

  • Members of the group that the file belongs to (represented by "g" for "group")

  • All other users (represented by "o" for "other")

    To view file permissions, use the "ls -l" command, which displays permissions in the first column of the output.

    This is how we read a file

        saurahb@DESKTOP- /f/devops-handson/90days/day6 (master)
        $ ls -ltr
        total 0
        -rw-r--r-- 1 saurabh 125643 0 Apr 22 13:19 random.txt
    

    here

  • - ---> indicates it is not a directory

  • rw --->user can only read and write

  • r ---> group can only read

  • r ---> others can only read

Changing file Permissions:

The command used: chmod

It is used to change file permissions. Two methods by which permissions can be changed by using chmod are ;

a)Symbolic method

b)Octal method -

Here is a table showing the numeric representation of the different file mode permissions:

Permission

Numeric Value

---

0

--x

1

-w-

2

-wx

3

r--

4

r-x

5

rw-

6

rwx

7

For example, to give the owner read and write permissions, and the group and others read-only permissions, the file mode would be set to "644". This is calculated as follows:

Owner: 4 (read) + 2 (write) + 1 (execute) = 7

Group: 4 (read) + 0 (write) + 0 (execute) = 4

Others: 4 (read) + 0 (write) + 0 (execute) = 4

So the file mode would be "744". To set the file mode using "chmod," you would use the command "chmod 744 filename."

A few more terms file ownership terms:

  • owner ---> The owner of the file or application.

  • chown --->is used to change the ownership permission of a file or directory.

  • group ---> The group that owns the file or application.

  • chgrp ---> is used to change the group permission of a file or directory.

  • others ---> All users with access to the system. (outside the users are in a group)

Linux Access Control Lists (ACLs)

Allows us to give a more specific set of permissions to a file or directory without changing the base of ownership and permissions

Commands used : setfacl , getfacl

How to set permissions:

  • For adding permission for users: setfacl -m u:user rwx <target_file>

  • For adding the permission for the group : setfacl -m g:group rwx <target_file>

  • To remove specific entries: setfacl -x u:user rwx <target_file\>

  • To remove all entries: setfacl -p <target_file>