Linux File Permission(Part-2)

What is an Access Control List(ACL)?

Access Control Lists (ACLs) in Linux are a more fine-grained permission system that allows users to define specific permissions for individual users or groups on files and directories, extending beyond the traditional owner, group, and other permissions.

Why do we need an Access Control List, When we already have symbolic notation and Numeric System to change file permission?

Symbolic Notations and Numeric System helps with single files or directory

for eg

1. Symbolic Notation

chmod u+rwx linux/        

1. Numeric System

chmod 777 linux/        

ACL is used for complex access management in Linux systems.

for eg working for a directory inside another directory structure

srv/project

Deep Dive with ACL:

Scenario: Implementing Access Control Lists (ACLs) for a Shared Project Folder

Let's consider a scenario where you have a shared project folder on a Linux server and want to control access to this folder for different users and groups involved in the project. ACLs can help manage permissions in this situation effectively.

Scenario Details:

Project Folder: srv/project

Users and Groups:

1. Project Manager: Ajay
2. Developers: Rudra and Akshar
3. Quality Assurance Team: QA group
4. Read-Only Access: GuestUser

Access Requirements:

• Ajay should have full read and write access to all files and subdirectories.
• Rudra and Akshar should have read and write access to all files and subdirectories.
• The QAgroup should have read-only access to all files and subdirectories.
• GuestUser should only have read access to certain subdirectories within the project folder.

Q1 How to give Ajay full read and write access to all files?

setfacl -m u:ajay:rwx srv/project/
getfacl srv/project/        

Q2 How to give Rudra and Akshar full read and write access to all files?

setfacl -m u:rudra:rwx,u:akshar:rwx srv/project
getfacl srv/project/        

Q3 How to give QA group read-only access to all files?

setfacl -m g:QA:r-x srv/project        

Now, Did you notice something in this scenario, we need to give just read-only access to the group but why we have given g:QA:r-x "x" as well?

- In Linux, when you give read-only permission, you also give execute permission to allow users to access and list the contents (files and directories) within a directory because they need the execute permission to traverse or enter that directory.

- In Linux, when we open a file it is also considered as an executable operation.

Q4 How to give others read-only access to all files?

setfacl -m u:ali:r-x srv/project
getfacl srv/project/        

So, whether you're a seasoned Linux pro or just beginning your Linux journey, take a moment to appreciate the elegance of Linux File Permission(ACL). It's the foundation of a world where you have the power to control and customize your computing environment.

With that, happy Linux learning, and may your Linux directory explorations be filled with joy and success!