Day 6: File Permissions and Access Control Lists

Day 6: File Permissions and Access Control Lists

Create a simple file and do ls -ltr to see the details of the files

In Linux, there are three types of owners for a file.

User - The user permissions apply only the owner of the file or directory, they will not impact the actions of other users. user can also be called default owner of the file.

Group - It is a collection of users. If you assign certain permission to a group same permission will be shared by all the members of group.

Others - Any user that is not a owner of file or doesn’t belong to the group can be categorized as others.

Linux file permissions for all three categories of users:
i)Read permission: Read permission allow users to open and read the file only.
ii)Write permission: It allows the user to modify the file.
iii)Executable permission: It allows the user to run an executable script.

we can find permissions of files and folders using a long listing using command ls -lrt on a Linux terminal.

Write an article about file permissions based on your understanding from the notes.

In Linux and other Unix-like operating systems, file permissions are used to control which users and groups can access and modify files and directories.

There are three basic types of permissions that can be set for a file or directory:

  1. Read permission (r): This permission allows a user or group to view the contents of a file or directory. For directories, it also allows the user or group to list the files and subdirectories in the directory.

  2. Write permission (w): This permission allows a user or group to modify the contents of a file or directory. For directories, it also allows the user or group to create, delete, and rename files and subdirectories in the directory.

  3. Execute permission (x): This permission allows a user or group to execute a file (if it is a program or script) or to access a directory and its contents (if it is a directory).

    Each file or directory in Linux has three sets of permissions, one for the owner of the file, one for the group that owns the file, and one for all other users. These permissions can be set using numeric or symbolic notation.

    Numeric notation uses a three-digit code to represent the permissions for each of the three sets. The first digit represents the permissions for the owner, the second digit represents the permissions for the group, and the third digit represents the permissions for all other users. The values of the digits can range from 0 to 7, with 0 representing no permissions and 7 representing all permissions.

    Symbolic notation uses a combination of letters and symbols to represent the permissions. The letters "r", "w", and "x" represent read, write, and execute permissions, respectively. The symbols "+" and "-" are used to add or remove permissions, and the symbol "=" is used to set the permissions to a specific value.

    example: For add read write permission to group

    #chmod g+rw /test.txt

Read about ACL and try out the commands getfacl and setfacl

Access Control List (ACL) provides an additional, more flexible permission mechanism for file systems.

Access Control List is a service that is in use for providing special permission to specific users and groups for particular directories and files.

Think of a scenario in which a particular user is not a memeber of group created by you but still you want to give some read or write access, how can you do it without making user a member of group, here comes in picture Access Control List, ACL helps us to do this trick.

'getfacl' is used to display the ACL of a file or directory. It shows a list of users and groups that have been granted access to the file or directory, along with the specific permissions that have been granted.

'setfacl' is used to modify the ACL of a file or directory. It can be used to add or remove users and groups from the ACL, and to change the permissions that have been granted.

As you can see the user demo has been granted read exexcute permissions on devops folder for a specific file called as CreateDirectories.sh

Did you find this article valuable?

Support Akshay Phadke by becoming a sponsor. Any amount is appreciated!