📝 Understanding Linux File Permissions and Access Control Lists (ACL) 🚀

Introduction

Hey there, fellow Linux learners! Today's Day 6 of our Linux Adventure, and we're diving into a crucial topic: File Permissions and Access Control Lists (ACL) 🤓. Let's break it down in simple terms!

🔒 File Permissions: Who Can Do What?

In Linux, every file and folder has its own set of rules, like a secret code, that decides who can read, write, or run it 🗝️. There are three groups of users involved:

1. Owner: The creator of the file/folder 👩‍💻. They have special powers to control everything about it.

2. Group: Files belong to specific groups, and people in that group share some permissions 👥.

3. Others: Everyone else who isn't the owner or part of the group 😊.

👀 Viewing Permissions

To check these permissions, use the ls -l command. It shows a string of letters like "rw-r--r--" 📋. The first letter shows if it's a file (-) or a folder (d). The next three letters are for owner permissions, the next three for groups, and the last three for others.

"newfile.txt" looks like this:

-rw-r--r--  1 user  users  4096 Jul 25 10:30 newfile.txt

🔧 Changing Permissions

With the chmod command, you can adjust permissions 🔨. You can use numbers (e.g., 755) or letters (e.g., u+x) to add or remove access rights 🎛️.

Before chmod:

-rw-r--r--  1 user  users  1024 Jul 25 12:00 newfile.sh

Let's say we want to give the owner (user) execute permission and allow the group to write to the file.

Using chmod:

chmod u+x,g+w newfile.sh

After chmod:

-rwxrw-r--  1 user  users  1024 Jul 25 12:00 newfile.sh

Numeric Notation Explanation:

• "r" (Read) permission is represented by 4.

• "w" (Write) permission is represented by 2.

• "x" (Execute) permission is represented by 1.

Using chmod with Numeric Notation:

chmod 764 example_script.sh

After chmod:

-rwxrw-r--  1 user  users  1024 Jul 25 12:00 example_script.sh

Numeric Notation Breakdown:

• The first number, "7," represents the owner's permissions. It adds read (4), write (2), and execute (1) permissions together.

• The second number, "6," represents the group's permissions. It adds read (4) and write (2) permissions together.

• The third number, "4," represents the permissions for others (everyone else). It only includes read (4) permission.

The resulting permissions are the same as in the previous example, where the owner has read, write, and execute permissions; the group has read and write permissions, and others have read-only access.

Numeric notation provides a more compact and efficient way to express file permissions, especially when you need to set multiple permissions at once.

👥 Changing Ownership and Group

The chown command helps you change the owner, and chgrp changes the group 🤝. But remember, only the superuser (root) can do this for other people's files.

Before chown:

-rw-r--r--  1 user1  users  4096 Jul 25 14:00 example_file.txt

Using chown:

chown user2 example_file.txt

After chown:

-rw-r--r--  1 user2  users  4096 Jul 25 14:00 example_file.txt

Before chgrp:

-rw-r--r--  1 user1  group1  4096 Jul 25 14:00 example_file.txt

Using chgrp:

chgrp group2 example_file.txt

After chgrp:

-rw-r--r--  1 user1  group2  4096 Jul 25 14:00 example_file.txt

🔒 Access Control Lists (ACL)

Sometimes, you need more control than just basic permissions. That's where ACLs come in! 🤩 They allow you to give specific permissions to specific users or groups 🎯.

Let's take an example of setting an ACL on a file named "confidential.txt."

Before ACL:

-rw-r-----  1 user1  group1  4096 Jul 25 14:00 confidential.txt

In this example, the file "confidential.txt" is owned by "user1" and belongs to the group "group1." The permissions allow the owner to read and write the file, the group members to read the file, and others to have no access.

Now, let's use ACL to provide read and write permissions to "user2" while keeping the existing permissions intact:

Setting ACL with setfacl:

setfacl -m u:user2:rw- confidential.txt

After ACL:

-rw-r-----+ 1 user1  group1  4096 Jul 25 14:00 confidential.txt

As you can see, there's a "+" sign at the end of the file permissions line, indicating that an ACL is set on the file. The ACL added read and write permissions for "user2" while still maintaining the original file permissions for "user1," "group1," and others.

Now, the file "confidential.txt" has the following permissions:

• The owner "user1" has read and write permissions.

• The group "group1" has read permission.

• "user2" has read and write permissions (due to the ACL).

• Others have no access.

ACLs provide a powerful way to grant specific access rights to different users or groups on a per-file or per-directory basis, allowing for a more flexible and precise permission management system.

✨ Conclusion

Understanding Linux file permissions is like having a secret language to protect your files. With chmod, chown, and chgrp, you can control who does what 🕵️. And if you need even more control, ACLs will come to the rescue!

Keep exploring and learning, and enjoy your Linux journey! 🌟

Note: Remember to be careful when changing permissions in the real Linux world. Make backups to avoid any mishaps! 🙏

Happy Learning!!!

Reference

To develop deeper into the world of DevOps I highly recommend following Shubham Londhe on TrainWithShubham and Bhupinder Rajput on Technical Guftgu.