Amit's Linux & DevOps Blog

Day 6: File Permissions and Access Control List (ACL)

Day 6: File Permissions and Access Control List (ACL)

Amit Maurya's photo
Amit Maurya
·

4 min read

Table of contents

In one of the earlier blogs, I discussed File Permissions in Linux, but not in detail. So, this is the perfect task to write about File Permissions and Access Control Lists in more detail.

As a DevOps Engineer and System Administrator, this is the most important topic that you should know in Linux because you are going to assign permissions to some users or some groups so they can access it or not give permissions to them.

When you execute ls -ltr, it will list all the files and directories in a sequence that have some permissions assigned to them.

ls -ltr

Here, this command will list all the files and directories with date, time, permissions, and how many bytes the file/folder has.

These are the permissions that is assigned to particular folder and files. Let's understand this format :

drwx------

Here the first character "d" means it is a directory or you can folder, or if d is not there then you will see "-" means it is a regular file. And the next nine characters are for security.

So, let's understand the security permissions :

"r" means read permission.

"w" means write permission.

"x" means executable permission.

So, these 3 permissions you can assign these at three levels:

  1. User Level (u) - means the owner of the file or directory.

  2. Group Level (g) - giving access to the whole team.

  3. Other Level (o) - assigning permissions to other users that are present on the system.

NOTE :

drwx------

Hereafter "d", security permissions are started.

The first rwx, means read, write, and execute permissions have been assigned to the user level.

The second ---, means no permissions have been assigned to the group level, you can assign any three permissions to the group (rwx).

The third ---, means no permissions have been assigned to the other level.

How to assign file permissions ?

The command to change file permissions is "chmod" which stands for change file mode bits. Remember these signs while executing commands :

'+' means assigning or you can say giving the permissions.

'-' means removing the permissions.

u= user, g= group, o= other

Example 1:

Command to give all the permissions (read(r), write(w), execute(x)) to the file.

chmod a+rwx filename

Here 'a' means all i.e assigning read, write, and execute permissions to all three levels.

chmod a-rwx filename

And this command will remove the rwx permissions from the three levels.

Example 2:

Command to give write permission to the group level.

chmod g+w filename

Example 3:

Command to remove read permission from the other level.

chmod o-r filename

From these examples now you can are able to understand how to assign file permissions. But how can you change the owner of your file and directories?

File Ownership In Linux

Command to change file ownership in Linux for :

1) Change file owner - chown

2) Change group owner - chgrp

The third column is the owner's name and the fourth column is the group's name.

Now how to change it ?

Changing File Ownership:

chown new-owner filename

Here in the place of the new-owner type the owner name to whom you want to give ownership of the filename.

Changing Group Ownership:

chgrp new-group filename

Here in the place of the new group type the group name that you want to give ownership of filename.

To change both User and Group Ownership:

chown new-owner:new-group filename

Command chown is used to change both user owner and group ownership.

Access Control List (ACL) :

Access Control List provides a more flexible mechanism to file permissions. Let's say I want to give access to a file or directory that is not the current owner or group of the file. Here ACL comes that this scenario does in a single line command.

So, there are two commands to use ACLs:

1) getfacl: get file ACL means to see the existing permissions of that file. Here, you can see all the permissions, and owners in a simplified way.

getfacl filename

2) setfacl: Set file ACL means to set permissions to the file or directory.

The syntax for setfacl :

setfacl {-m, -x}  {u, g}:[r, w, x] <filename, directory>

-m: means modifying the permissions

-x: means removing the permissions

u: user

g: group

(r,w,x): means read, write, execute

Now, let's understand this with some examples :

Example 1:

Setting specific write permissions to a user on a file.

setfacl -m u:user:w <filename, directory>

Example 2:

To set execute permissions for all users on your system.

setfacl -m u::x <filename,directory>

Example 3:

To set all permissions to the group.

setfacl -m g:group:rwx <filename, directory>

That's it for today's challenge Day 6, covering file permission, ownership, and at last ACLs.

I hope you all had learned something new about Linux and this blog is helpful for DevOps Engineers, and enthusiasts too. So, share the blogs with them.

THANK YOU :)

2Articles1WeekLinux#90daysofdevopslinux for beginnersDevops