Day6- Linux File Permissions and Access Control Lists

Day6- Linux File Permissions and Access Control Lists

Linux is a multi-user operating system, so it has security to prevent people from accessing each other’s confidential files. When you execute a “ls” command, you are not given any information about the security of the files, because by default “ls” only lists the names of files. But when you use "ls -l" you will be listing a separate line in a long format.

In this article, we will explore the fundamental concepts of Linux file permissions and ownership and delve into practical tasks to grasp a deeper understanding of these crucial aspects.

1.File Permissions: A Quick Overview 🔒👨🏻‍💻

In Linux, every file or directory comes with a set of permissions that dictate who can read, write, and execute it. These permissions are categorized into three distinct groups: Owner, Group, and Others.

---     ---     ---
rwx     rwx     rwx
owner   group   other

There are three kinds of file permissions in Linux Read, write, and execute.

LettersDefinition
‘r’“read” the file’s contents.
‘w’“write”, or modify, the file’s contents.
‘x’“execute” the file. This permission is given only if the file is a program.

1. Owner

The owner is the user who created the file or directory. This user has the most control and can change permissions, as well as delete or modify the file.

Changing Ownership

“chown”: This command is used to change the ownership of a file or directory. For instance, if you want to transfer ownership of a file named “example.txt” to a different user, you would use:

chown new_owner: new_owner_group example.txt

2. Group

Every file is associated with a group, and users who belong to that group inherit the group’s permissions. This allows for collective access control among team members working on a shared project, for example.

Changing Group Permission

“chgrp”: If you need to modify the group permission of a file or directory, the “chgrp” command is the way to go. It allows you to assign group ownership, ensuring that specific users gain collective control.

3. Others

The “others” category encompasses all remaining users who have access to the system but are not the owner or part of the group. This category includes every user outside the specified group.

Changing Permissions

“chmod”: The “chmod” command is a versatile tool to adjust the permissions for files and directories. It enables you to control read, write, and execute access for the owner, group, and others. Permissions can be added or removed by using the plus (+) and minus (-) signs, respectively.

2.Practical Task: Changing User Permissions

To solidify our understanding of Linux file permissions, let’s embark on a task. Begin by creating a simple file and observing its permissions using the “ls -ltr” command. You will notice a set of characters on the left, representing the file’s permissions.

touch my_file.txt ls -ltr

Now, alter the user permissions for this file and observe the changes when you execute “ls -ltr” once more. You can use the “chmod” command to experiment with different permission settings.

Article on File Permissions

File permissions are the cornerstone of Linux security, ensuring that data remains protected from unauthorized access. Owners, groups, and others all have distinct permissions, allowing for precise control over who can view, modify, or execute files and directories. Properly managing these permissions is essential for maintaining a secure and organized Linux environment.

3.Access Control Lists (ACL) 📝🔒

Access control lists (ACLs) in Linux extend the traditional Unix file permissions system by providing a more flexible and granular way to manage access rights for files and directories. While traditional Unix permissions are limited to three classes of users (owner, group, and others), ACLs allow for more fine-grained control by defining access rules for specific users and groups beyond the file's owner and group.

Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. ACL allows you to give permissions for any user or group to any disc resource. It allows you to give a more specific set of permissions to a file or directory without changing the base ownership and permissions.

ACL commands (setfacl & getfacl)👨🏻‍💻📝:

setfacl and getfacl are two commands used for setting up ACL and showing ACL respectively.

  1. "gefacl": This command is used to view access control lists of a file or directory. for example: getfacl filename

  1. "setfacl": This is used to set ACLs. For example- to grant read and write access to a file for a specific user:

     setfacl -m u:ubuntu:rw devops.txt
    
    • -m option in setfacl stands for "modify," and it is used to modify the ACL of a file or directory by adding or changing ACL entries.

      rw: Read and Write Permission

      u: To specify the username.

    • Here you can see that a new ubuntu user added with the read and write permission- user:ubuntu:rw-

      1. For adding permissions to the group-

        Here you can see that a group got permission to read, write and execute: group:ubuntu:rwx

          setfacl -m g:group:rwx devops.txt
        

      2. To remove a specific entry-

        Here you can see that the additional permission which we have given to the user was removed and the group permission is also removed.

          setfacl -x u:ubuntu devops.txt
          setfacl -x g:ubuntu devops.txt
        

      3. To remove all entries-

        To remove all the permission that has given to the user and group.

         setfacl -b devops.txt
        

        This is the #Day06 of the #90DaysofDevOps challenge! Hope you found this article informative and useful so please share it with others who might benefit from it.

        Thanks for reading this article.

        Keep Learning...