File Permissions and Access Control Lists
#90DaysofDevops challenge
File Permissions:
In Linux, there are three types of owners for a file.
User - The user permissions apply only to the owner of the file or directory, they will not impact the actions of other users. user can also be called the default owner of the file.
Group - It is a collection of users. If you assign certain permission to a group same permission will be shared by all the members of the group.
Others - Any user that is not an owner of the file or doesn’t belong to the group can be categorized as others.
Linux file permissions for all three categories of users:
i) Read permission (r=4)
: It allows users to open and read the file only.
ii) Write permission (w=2) `
: It allows the user to modify the file.
iii) Executable permission (x=1)
: It allows the user to run an executable script.
we can find permissions of files and folders using a long listing (ls -ltr) on a Linux terminal.
In the output above, d represents a directory and - represents a regular file.
The chmod command enables you to change the permissions on a file.
Syntax of chmod:
chmod permissions filename
Permissions can be changed using two modes:
i)Symbolic mode
ii)Absolute mode
Symbolic mode:
The permissions for a file or directory can be set for the owner, for the group that the file belongs to, and for all other users. The “u”, “g”, and “o” options stand for the user, group, and others, respectively. The “+” and “-” signs are used to add and remove permissions, respectively. The “x” permission allows a file to be executed. The “w” permission allows a file to be modified. The “r” permission allows a file to be read or a directory to be listed.
Ex: chmod u+x file.txt
chmod o-r file.txt
Absolute mode:
In absolute mode we have to use numbers to assign permissions.
Ex: chmod 777 file.txt
chgrp command is used to change the group ownership of the file or directory.
Read about ACL and try out the commands getfacl
and setfacl
The “getfacl” and “setfacl” commands are used to get and set file access control lists (ACLs) in Linux. ACLs allow you to specify fine-grained permissions for files and directories beyond the standard user, group, and other permissions.
i)If ACL is not enabled in our file system
Command to install acl: sudo apt install acl.
ii)getfacl
The output of the “getfacl” command will show the ACLs for the file, including the owner, group, and permissions for each user and group.
iii)setfacl
“setfacl” is used to set or modify the ACLs of a file or directory.
For example, to give read and execute permissions to “user2" and read permission to “user3” for a file called “myfile” you would run
setfacl -m u:user2:rx,u:user3:r myfile
The “-m” option tells “setfacl” to modify the existing ACLs of the file. The “u:user2:rx” and “u:user3:r” values specify the permissions to set for “user2” and “user3" respectively.
Thanks for reading! Happy Learning!!