Day 6 - File Permissions and Access Control Lists
TABLE OF CONTENTS
Introduction
File permission and overview
Task 1 - Change the Permission of file/directories
Task 2 - Change the ownership of a file/directory
Task 3: Change the group permission of a file/directory
Access Control Lists (ACL) commands getfacl and setfacl
Conclusion
Introduction📚
Welcome to Day 6 of the #90daysofdevops challenge. In this Blog, we will explore File permission and ownership in files and directories. also will learn how to apply ACL on files and directories. so let's explore the permissions in Linux.📝
File Permissions Overview📃
File permissions are core to the security model used by Linux systems.determine who can access files and directories on a system.
Linux File Ownership
Every file and directory on your Unix/Linux system is assigned 3 types of owner, given below.📚
User👨🏻
A user is the owner of the file. By default, the person who created a file becomes its owner. Hence, a user is also sometimes called an owner.
Group👩🏻🤝🧑🏿
A user- group can contain multiple users. All users belonging to a group will have the same Linux group permissions access to the file. Suppose you have a project where a number of people require access to a file. Instead of manually assigning permissions to each user, you could add all users to a group, and assign group permission to file such that only this group members and no one else can read or modify the files.
Other🤷♂️
Any other user who has access to a file. This person has neither created the file, nor he belongs to a usergroup who could own the file. Practically, it means everybody else. Hence, when you set the permission for others, it is also referred as set permissions for the world.
Linux File Permission📃
Basically, there are three types of permission are there,
Read (r) - This permission give you the authority to open and read a file.📰
Write (w) - Write permission gives you the authority to modify the contents of a file. we can add, remove or modify the file.📝
Execute - Execute permission gives you authority to run the files.💻
To view the permission we can use ls -l and to modify the permission we use chown.
Task 1- Change the Permission of file/directories📝
To change the file or the directory permissions, you use the chmod (change mode) command. There are two ways to use chmod — the symbolic mode and the absolute mode.
Symbolic method
The easiest way for a beginner to modify file or directory permissions is to use the symbolic mode. With symbolic permissions you can add, delete, or specify the permission set you want by using the operators,
u - user
g - group
o - other
In this file.txt user group and other don't have permission to execute the file so we are giving permission to them.
Now we give permission to this file for user,group and owner give execute permission.
Absolute method
The second way to modify permissions with the chmod command is to use a number to specify each set of permissions for the file.📚
read - 4
write - 2
execute - 1
we have to set a permission for file like wrx for users and group and others have no permission so we are using absolute method,
Task 2- Change the ownership of a file/directory📝
While creating an account on Unix, it assigns a owner ID and a group ID to each user. All the permissions mentioned above are also assigned based on the Owner and the Groups.📕
Two commands are available to change the owner and the group of files −
chown − The chown command stands for "change owner" and is used to change the owner of a file.
chgrp − The chgrp command stands for "change group" and is used to change the group of a file.
Now the owner of file.txt is root we want to change the ownership of file so we can change owner by chown command and give ownership to ubuntu.
after executing the command now ubuntu is the owner of file.
Task 3- Change the group permission of a file/directory
The chgrp command changes the group ownership of a file.📝
Now we can change the group owner of file.txt by using chgrp command.
by execyting the command now group owner is Ubuntu.
Access Control Lists (ACL) commands getfacl and setfacl 🔐
Access Control Lists (ACLs) provide access control to directories and files. ACLs can set read, write, and execute permissions for the owner, group, and all other system users.👨🏻 An ACL consists of a set of rules that specify how a specific user or group can access ACL enabled files and directories.📚
ACLs allow us to apply a more specific set of permissions to a file or directory without (necessarily) changing the base ownership and permissions. They let us "tack on" access for other users or groups.
We can view the current ACL using the getfacl command:
getfacl file.txt
Note: To use ACL, install it using sudo apt install acl.
We can see that right now, there are no ACLs on this directory because the only permissions listed are for the user, group, and other. To change acl entries we used setfacl command.💻
setfacl -m u::rw file.txt
Acl provides a way to give permission to only specific user.👨🏻
Conclusion✨
Its great we are complete our Day 5 of 90daysofdevops challange in very smoother way. Firasly we learned about the file permission. In that we are using how can we give permission to files, change the owner of file. On second part we learn how to apply acl to our files for giving specific permission to specific users only. Now we can handle our linux files hestation free with security of acl and file permission. 🌈
Stay connected with me for new blogs on linux, cloud☁and DevOps.📚
Thank you for reading🙏 Keep Learning and Keep Growing💐
