Understanding File Permissions and Access Control Lists in Linux
👩💻 Hey there! I'm a DevOps engineer and a tech enthusiast with a passion for sharing knowledge and experiences in the ever-evolving world of software development and infrastructure. As a tech blogger, I love exploring the latest trends and best practices in DevOps, automation, cloud technologies, and continuous integration/delivery. Join me on my blog as I delve into real-world scenarios, offer practical tips, and unravel the complexities of creating seamless software pipelines. Let's build a strong community of tech enthusiasts together and embrace the transformative power of DevOps!
Welcome to Day 6 of our #90DaysOfDevOps journey! Today, we delve into the vital world of file permissions and access control lists (ACL) in Linux. These concepts play a crucial role in securing and managing files and directories within the Linux environment.
🗝️🔑File Permissions Overview:
In Linux, each file and directory has three types of permissions assigned to three distinct categories of users.
It shows the permission settings, grouped in a string of characters (-, r, w, x) classified into four sections:
File type. There are three possibilities for the type. It can either be a regular
file (–), a directory (d) or a link (i).
Owner: The user who created the file or directory.
Group: The group of users who share common access rights.
Others: All users outside the owner and group category.
🗄️🔒Understanding Permissions:
For each category, three permissions can be set:
Read (r): Grants the ability to view the content of the file or directory.
Write (w): Allows users to modify or delete the file or directory.
Execute (x): Permits the execution of a file (if it is a script or executable) or the ability to traverse a directory.
Changing Linux Permissions using Alphabets🆎
We use the "chmod" command to modify permissions for all three categories. For example:
chmod u+w file.txtgrants write permission to the file's owner.chmod g-x file.txtremoves execute permission from the group.chmod o+r file.txtallows others to read the file.
Changing Linux permissions using numeric code8️⃣
You may need to know how to change permissions in numeric code in Linux, so to do this you use numbers instead of “r”, “w”, or “x”.
0 = No Permission
1 = Execute
2 = Write
4 = Read
You add up the numbers depending on the level of permission you want to give.
Permission numbers are:
0 = ---
1 = --x
2 = -w-
3 = -wx
4 = r-
5 = r-x
6 = rw-
7 = rwx
Example:
chmod 777 task.txt
Above command will give read, write, and execute permissions on task.txt file for everyone.
Changing Ownership and Group:
The "chown" command is used to change the ownership of a file or directory, while "chgrp" changes the group ownership. For example:
chown user1 file.txtchanges the owner of the file to "user1".chgrp group2 file.txtchanges the group ownership to "group2".
File Permissions in Action:
As a task, let's create a simple file and experiment with permission changes. Observe the effects of ls -ltr before and after modifying permissions. This hands-on approach will strengthen your understanding of Linux file permissions.
touch file1.txt
Give ls -ltr
Now, we can see the above file has the below permissions-
-rw-rw-r--
Let's break it down to understand-
user: rw- (Usr can only read and write, but cannot execute)
group: rw- (Group can only read and write, but cannot execute.
others: r-- (Others can only read)
Let's give execute permissions to all-
chmod 777 file1.txt
now we can see the below output-
Access Control Lists (ACL):
ACL provides fine-grained access control beyond standard permissions. With ACL, you can grant specific users or groups custom access rights to files and directories.
Getting Started with "getfacl" and "setfacl" Command 🕵️♀️
Let's dive into action and try out ACL commands: "getfacl" and "setfacl".
1.🗂️🔍 The "getfacl" Command 🕵️♀️
The "getfacl" command allows us to view the ACL permissions of a file or directory. Simply use:
getfacl /path/to/file_or_directory
You'll see a detailed output displaying ACL entries and their corresponding access rights.
2. ✍️ Setting ACL: The "setfacl" Command 📝
To define custom access rules, we use the "setfacl" command. For example:
bashCopy codesetfacl -m u:user1:rwx /path/to/file
This command grants "user1" read, write, and execute permissions to the specified file.
Additional Options:
"-m": Modify ACL entries.
"-x": Remove specific ACL entries.
"-b": Remove all ACL entries.
Understanding Mask and Default ACLs:
ACL also introduces two special entries – "mask" and "default". The "mask" entry limits the maximum permissions that can be granted via ACL. The "default" entry sets default ACL permissions for newly created files or directories within the parent directory.
Conclusion:🔁
In conclusion, mastering Linux file permissions is crucial for maintaining a secure and organized file system. Combining standard permissions with ACL gives you unparalleled control over access rights in the Linux ecosystem.
Stay tuned for more insights and practical knowledge as we continue our DevOps adventure! 🚀💻
