Day 6 Task: File Permissions and Access Control Lists-Linux

Linux, file permissions, attributes, and ownership control the access level that the system processes and users have to files. This ensures that only authorized users and processes can access specific files and directories.

Linux File Permissions

The basic Linux permissions model works by associating each system file with an owner and a group and assigning permission access rights for three different classes of users:

• The file owner.
• The group members.
• Others (everybody else).

Three file permissions types apply to each class of users:

• The read permission.
• The write permission.
• The execute permission.

This concept allows you to control which users can read the file, write to the file, or execute the file.

When you execute an “ls” command, you are not given any information about the security of the files, because by default “ls” only lists the names of files. You can get more information by using an “option” with the “ls” command. All options start with a ‘-‘. For example, to execute “ls” with the “long listing” option, you would type ls -l?or -ltr

1. Create a simple file and do?ls -ltr?to see the details of the files?

There’s a lot of information in those lines.?

1. The first character will almost always be either a ‘-‘, which means it’s a file, or a ‘d’, which means it’s a directory.
2. The next nine characters (rw-r–r–) show the permissions of the user, group, and other users
3. The next column shows the owner of the file. In this case, it is me, my userID is “ubuntu”.
4. The next column shows the group owner of the file. In my case, I want to give the “ubuntu” group of people special access to these files.
5. The next column shows the size of the file in bytes.
6. The next column shows the date and time the file was last modified.
7. And, of course, the final column gives the filename.

There are three basic file system permissions, or modes, to files and directories:?

1. read (r=4): The file can be opened, and its content viewed.???????????????????

2. write (w=2):? The file can be edited, modified, and deleted.????????????????????

3. execute (e=1):?If the file is a script or a program, it can be run (executed).

Changing permissions

The command you use to change the security permissions on files is called “chmod”, which stands for “change mode”, because the nine security characters are collectively called the security “mode” of the file.?

Syntax?: chmod <to whome> <permission> <file_name>

1. The first argument you give to the “chmod” command is ‘u’, ‘g’, ‘o’. We use:?

u -for user?

g -for group?

o -for others,?

you can also use a combination of them (u,g,o).?

This specifies which of the three groups you want to modify.?

2. After this use

‘+’ -for adding?

‘-’ -for removing?

‘=’ -for assigning a permission.

3. Then specify the permission r,w, or x you want to change.?

Here also you can use a combination of r,w,x.?

This specifies which of the three permissions “rwx” you want to modify

4. Finally, the name of the file whose permission you are changing

Here are examples of how to use the?"chmod"?command in symbolic mode:

• Give all other users permission to execute the file

• Remove the other user's permission to execute the file

• Give permissions to User, Group, and Other users

• Give read, write, and execute permission to the file’s owner, read permissions to the file’s group, and no permissions to all other users:

The octal notations

You can also use octal notations like this.?

Using the octal notations table instead of ‘r’, ‘w’ and ‘x’. Each digit octal notation can be used of either of the group ‘u’,’g’, or ’o’.?

So, the following work the same.?

chmod ugo+rwx [file_name]

chmod 777 [file_name]

chmod u=r,g=wx,o=rx [file_name]

chmod 435 [file_name]

For change group ownership:?

You can change the group owner of a file or directory using the chgrp command

Syntax : chgrp <group_name> <file_name>

Note: Root user can only change the group owner

For change file/directory ownership:

The user owner of a file or directory can be changed with chown command.

Syntax?: chown <user_name> <file_name>

Note: Root user can only change the owner

Access Control List (ACL)

ACLs allow us to apply a more specific set of?permissions?to a file or directory without changing the base ownership and permissions. Access control list (ACL) provides an additional, more flexible permission mechanism for file systems.?

setfacl?and?getfacl?are used for setting up ACL and showing ACL respectively.

View ACL

For check ACL permission:

Syntax: getfacl <filename>

Note: if you get the below error while getfacl or setfacl then need to install acl

For set ACL permission to user:

Syntax: setfacl -m u:user:permissions /path_to_file

For set ACL permission to Group:?

Syntax: setfacl -m g:group:permissions /path_to_file

For remove ACL permission:?

Syntax: setfacl -x u:user/g:group/o:other: /path_to_file

For remove all ACL permissions:?

Syntax: setfacl -b /path_to_file

Thank you for reading this article

Happy Learning!