Day- 6 : File Permissions and Access Control Lists

Day- 6 : File Permissions and Access Control Lists

ยท

5 min read

Introduction ๐Ÿ“š

Welcome to Day 6 of the #90DaysOfDevOps challenge. In this blog, we'll explore File Permissions and Ownership in Linux, making it simple to understand! We'll learn how to modify permissions, ownership, and even dive into Access Control Lists (ACL). Let's unlock the secrets of secure file management! ๐Ÿ—๏ธ๐Ÿ“‚

๐Ÿ“‚ File Permissions Overview In the Linux operating system, file permissions play a critical role in determining which users can access, modify, and execute files and directories. They are essential for maintaining security and control over sensitive data and system resources.

There are three distinct categories of users, each with their own set of permissions for a file:

  1. Owner (user) ๐Ÿ‘ค: The individual who creates or owns the file.

  2. Group ๐Ÿ‘ฅ: A specific group of users who share the same access permissions for the file.

  3. Others ๐Ÿ‘ค๐Ÿ‘ฅ: All users not falling into the owner or group categories.

๐Ÿ”‘ Each category can be assigned one or more of the following permissions:

  1. Read (r) ๐Ÿ”: Users with read permission can view the contents of a file or list the files in a directory.

  2. Write (w) โœ๏ธ: Users with write permission can modify or delete files and directories.

  3. Execute (x) ๐Ÿƒโ€โ™‚๏ธ: Users with execute permission can run executable files or access directories to list their contents.

๐Ÿ”ข File permissions are denoted using a three-character string for each category. For instance, "rw-r--r--" signifies that the owner has read and write permissions, while the group and others have only read permissions.

๐Ÿ‘€ To observe and modify file permissions, you can use the "ls -l" command to display the permissions of files and directories in the current location. To change permissions, you can utilize the "chmod" command, followed by the desired permission code and the filename.

Setting appropriate file permissions is crucial to prevent unauthorized access to sensitive files and to uphold the overall system's integrity. Always exercise caution when altering file permissions, as improper configurations can lead to security vulnerabilities and risks within the system.

๐Ÿ”’ Task 1: Change the Permission of file/directories

In Linux, when we want to modify file or directory permissions, we use the chmod command.

There are two ways to change permissions: the Symbolic method and the Absolute method. ๐Ÿ˜Š

Symbolic method (ugo):

  • "u" stands for User

  • "g" stands for Group

  • "o" stands for Other

For example, if a manager asks us to add execute permission for the user, add write permission for the group, and remove read permission for others, and to verify whether permission is changed or not use the following command:

chmod u+x, g+w, o-r file.txt
ls -l file.txt

Absolute method:

Here we use numbers to set permissions for a file or directory. ๐Ÿงฎ

Here's the numeric mapping:

  • 4 stands for Read ๐Ÿ“–

  • 2 stands for Write โœ๏ธ

  • 1 stands for Execute ๐Ÿƒโ€โ™‚๏ธ

For example, if we want to set the permissions to read, write, and execute for the owner, read and write for the group, and only read for others, we can use the following command:

chmod 632 test.txt
ls -l file.txt

Using numbers in the Absolute method provides a quick and precise way to manage permissions in Linux!

๐Ÿ”‘ Task 2: Change the ownership of a file/directory

In Linux, you can change the ownership of a file using the chown command, which stands for "change owner." Only the root user can perform this action.

For example, to change the owner of file.txt to ubuntu, you can use the following command:

sudo chown ubuntu file.txt
ls -l file.txt

After executing the command, the ubuntu user becomes the owner of the file.txt file.

๐Ÿ‘ฅ Task 3: Change the group permission of a file/directory

In Linux, you can alter the group ownership of a file or directory using the chgrp command. This task is exclusively restricted to the root user, meaning only the superuser can execute this command.

Example: To illustrate, consider the following command:

chgrp ubuntu devtxt.txt
ls -l file.txt

With this command, the group ownership of the file named file.txt is changed to "ubuntu." However, keep in mind that only the root user or a user with equivalent administrative privileges can successfully perform this action. ๐Ÿ›ก๏ธ๐Ÿ’ป

๐Ÿ” Access Control Lists (ACL)

It allows you to give a more specific set of permissions to a file or a directory without changing base ownership and permissions

Access Control Lists (ACLs) give precise control over file permissions. Unlike regular permissions (owner, group, and others), ACL lets you set specific access for users or groups.

๐Ÿ’ก Two helpful commands for ACL are getfacl (๐Ÿ”) to view ACL settings and setfacl (๐Ÿ› ๏ธ) to modify entries.

To see the ACL settings of a file, use:

getfacl file.txt

Note: To use ACL, install it using sudo apt install acl.

To change the ACL entries and give particular permissions to users or groups, utilize the setfacl command. For example, to grant read, write and execute permissions to a user:โœจ

setfacl -m u::rw file.txt

ACLs offer a cool way to handle file permissions, especially in tricky situations where you want to give certain people or groups special access.

๐ŸŽฏ Conclusion

Kudos on completing Day 5 of the exhilarating #90DaysOfDevOps challenge! ๐ŸŒŸ Today, we delved into the crucial topic of file permissions, a vital aspect of ensuring secure and controlled access to files and directories in the Linux environment. Throughout this insightful overview, we navigated through various tasks involving the manipulation of permissions, ownership, and group permissions for files and directories. Moreover, we gained valuable insights into Access Control Lists (ACL) and discovered the practical commands getfacl and setfacl, empowering us with finer control over permissions. Armed with this newfound knowledge, you can confidently wield the power to manage file access and safeguard data security within your Linux setup. ๐Ÿš€๐Ÿ”’

Stay in the loop with my latest insights and articles on cloud โ˜๏ธ and DevOps ๐Ÿš€ by following me on Hashnode, LinkedIn linkedin.com/in/sahil-kamble-40898b208

Thank you for reading! ๐Ÿ™ Your support means the world to me. Let's keep learning, growing, and making a positive impact in the tech world together.

Did you find this article valuable?

Support Sahil Kamble's blog by becoming a sponsor. Any amount is appreciated!

ย