Linux is a multi-user operating system, so it has security to prevent people from accessing each other’s confidential files. When you execute a “ls” command, you are not given any information about the security of the files, because by default “ls” only lists the names of files. But when you use "ls -l" you will be listing a separate line in a long format.
In this article, we will explore the fundamental concepts of Linux file permissions and ownership and delve into practical tasks to grasp a deeper understanding of these crucial aspects.
1.File Permissions: A Quick Overview 🔒👨🏻💻
In Linux, every file or directory comes with a set of permissions that dictate who can read, write, and execute it. These permissions are categorized into three distinct groups: Owner, Group, and Others.
--- --- ---
rwx rwx rwx
owner group other
There are three kinds of file permissions in Linux Read, write, and execute.
Letters | Definition |
‘r’ | “read” the file’s contents. |
‘w’ | “write”, or modify, the file’s contents. |
‘x’ | “execute” the file. This permission is given only if the file is a program. |
1. Owner
The owner is the user who created the file or directory. This user has the most control and can change permissions, as well as delete or modify the file.
Changing Ownership
“chown”: This command is used to change the ownership of a file or directory. For instance, if you want to transfer ownership of a file named “example.txt” to a different user, you would use:
chown new_owner: new_owner_group example.txt
2. Group
Every file is associated with a group, and users who belong to that group inherit the group’s permissions. This allows for collective access control among team members working on a shared project, for example.
Changing Group Permission
“chgrp”: If you need to modify the group permission of a file or directory, the “chgrp” command is the way to go. It allows you to assign group ownership, ensuring that specific users gain collective control.
3. Others
The “others” category encompasses all remaining users who have access to the system but are not the owner or part of the group. This category includes every user outside the specified group.
Changing Permissions
“chmod”: The “chmod” command is a versatile tool to adjust the permissions for files and directories. It enables you to control read, write, and execute access for the owner, group, and others. Permissions can be added or removed by using the plus (+) and minus (-) signs, respectively.
2.Practical Task: Changing User Permissions
To solidify our understanding of Linux file permissions, let’s embark on a task. Begin by creating a simple file and observing its permissions using the “ls -ltr” command. You will notice a set of characters on the left, representing the file’s permissions.
touch my_file.txt ls -ltr
Now, alter the user permissions for this file and observe the changes when you execute “ls -ltr” once more. You can use the “chmod” command to experiment with different permission settings.
Article on File Permissions
File permissions are the cornerstone of Linux security, ensuring that data remains protected from unauthorized access. Owners, groups, and others all have distinct permissions, allowing for precise control over who can view, modify, or execute files and directories. Properly managing these permissions is essential for maintaining a secure and organized Linux environment.
3.Access Control Lists (ACL) 📝🔒
Access control lists (ACLs) in Linux extend the traditional Unix file permissions system by providing a more flexible and granular way to manage access rights for files and directories. While traditional Unix permissions are limited to three classes of users (owner, group, and others), ACLs allow for more fine-grained control by defining access rules for specific users and groups beyond the file's owner and group.
Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. ACL allows you to give permissions for any user or group to any disc resource. It allows you to give a more specific set of permissions to a file or directory without changing the base ownership and permissions.
ACL commands (setfacl & getfacl)👨🏻💻📝:
setfacl
and getfacl
are two commands used for setting up ACL and showing ACL respectively.
- "gefacl": This command is used to view access control lists of a file or directory. for example:
getfacl filename
"setfacl": This is used to set ACLs. For example- to grant read and write access to a file for a specific user:
setfacl -m u:ubuntu:rw devops.txt
-m
option insetfacl
stands for "modify," and it is used to modify the ACL of a file or directory by adding or changing ACL entries.rw
: Read and Write Permissionu
: To specify the username.Here you can see that a new ubuntu user added with the read and write permission-
user:ubuntu:rw-
-
For adding permissions to the group-
Here you can see that a group got permission to read, write and execute:
group:ubuntu:rwx
setfacl -m g:group:rwx devops.txt
To remove a specific entry-
Here you can see that the additional permission which we have given to the user was removed and the group permission is also removed.
setfacl -x u:ubuntu devops.txt setfacl -x g:ubuntu devops.txt
To remove all entries-
To remove all the permission that has given to the user and group.
setfacl -b devops.txt
This is the #Day06 of the #90DaysofDevOps challenge! Hope you found this article informative and useful so please share it with others who might benefit from it.
Thanks for reading this article.
Keep Learning...