Day 6 - File Permissions and Access Control Lists

Rahul GuptaRahul Gupta
4 min read

Table of contents

Introduction

Linux file systems are built on a foundation of security and access control. A critical aspect of this security model is file permissions, which determine who can read, write, or execute a file. Beyond traditional file permissions, Access Control Lists (ACL) provide additional granularity in defining who has access to files and directories.

In this article, we'll delve into Linux file permissions, understand how they work, and explore Access Control Lists to comprehend their broader utility in access management.

Linux File Permissions

In Linux, each file and directory has a set of permissions that dictate what users and groups can do with them. These permissions are divided into three categories:

  • Owner: The user who owns the file.

  • Group: A designated group that owns the file.

  • Others: All users who are neither the owner nor part of the group.

Each category has three types of permissions:

  • Read (r): Allows a user to view the content of a file or list the contents of a directory.

  • Write (w): Allows a user to modify a file or add/remove files in a directory.

  • Execute (x): Allows a user to execute a file or enter a directory.

Representation of Permissions

Permissions are represented in two ways:

  1. Symbolic Notation:

    • A string of 10 characters, with the first character indicating the file type (e.g., - for a file, d for a directory), followed by three sets of three characters representing the permissions for the owner, group, and others.

    • Example: -rwxr-xr--

      • The owner has read, write, and execute permissions (rwx).

      • The group has read and execute permissions (r-x).

      • Others have read-only permission (r--).

  2. Numeric Notation:

    • Each permission is assigned a numeric value: read is 4, write is 2, and execute is 1.

    • Permissions are summed for each category. For example, rwx is 7 (4 + 2 + 1), r-x is 5 (4 + 1), and r-- is 4.

    • Permissions are represented as a three-digit number, with each digit representing the permissions for owner, group, and others respectively.

    • Example: 755

      • The owner has rwx (7), the group has r-x (5), and others have r-x (5).

Changing File Permissions

Permissions can be changed using the chmod command. This command can be used with symbolic or numeric notation.

  • Symbolic notation:

    • chmod u+x myfile adds execute permission for the owner.

    • chmod g-w myfile removes write permission from the group.

    • chmod o+r myfile adds read permission for others.

  • Numeric notation:

    • chmod 755 myfile gives read, write, and execute permissions to the owner, and read and execute permissions to the group and others.

Changing Ownership and Group

The ownership and group association of a file can be changed with the chown and chgrp commands, respectively.

  • Changing ownership:

    • chown newowner myfile changes the owner of the file to newowner.

  • Changing group:

    • chgrp newgroup myfile changes the group of the file to newgroup.

Access Control Lists (ACL)

While traditional file permissions are sufficient for many use cases, they have limitations when you need to provide specific access to users outside of the owner and group categories. Access Control Lists (ACL) address this limitation by allowing more complex permission scenarios.

Understanding ACL

ACLs allow you to assign permissions to specific users or groups, in addition to the default owner, group, and others. This flexibility is useful when you need to grant fine-grained permissions to a specific set of users or groups without changing the file's ownership or group association.

Viewing and Setting ACL

To view ACLs on a file, you can use the getfacl command. Here's an example:

getfacl myfile

The output shows the traditional permissions and any additional ACL entries for specific users or groups.

To set or modify ACLs, you can use the setfacl command. Here are some examples:

  • Granting read permission to a specific user:

      setfacl -m u:alice:r myfile

  • Granting read and execute permissions to a specific group:

      setfacl -m g:developers:rx myfile

  • Removing all ACLs from a file:

      setfacl -b myfile

Conclusion

Understanding file permissions and ACLs is essential for managing security and access control in Linux environments. Traditional file permissions define access for the owner, group, and others, while ACLs provide a more flexible way to grant permissions to specific users or groups. By mastering these concepts, you'll be well-equipped to manage file and directory permissions in a Linux system effectively.

Thank you for reading our DevOps blog post. We hope you found it informative and helpful. If you have any questions or feedback, please don't hesitate to contact us.

I hope this helps!

Happy Learningโœจ

0
Subscribe to my newsletter

Read articles from Rahul Gupta directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Linuxfile-permissionaclaccess control listchmod #SystemAdministration cloudopsrahul

Written by

Rahul Gupta
Rahul Gupta

Hey there! ๐Ÿ‘‹ I'm Rahul Gupta, a DevOps Engineer passionate about all things AWS DevOps Technology. Currently, on a learning adventure, I'm here to share my journey and Blogs in the world of cloud and DevOps. ๐Ÿ› ๏ธ My focus? Making sense of AWS services, improving CI/CD, and diving into infrastructure as code. Whether you're fellow interns or curious enthusiasts, let's grow together in the vibrant DevOps space. ๐ŸŒ Connect with me for friendly chats, shared experiences, and learning moments. Here's to embracing the learning curve and thriving in the exciting world of AWS DevOps Technology!