Day 6: File Permissions and Access Control Lists (ACL)

Overview of File Permissions in Linux

Gaining a solid understanding of file permissions is vital for controlling access and ensuring security in Linux systems. Let's explore the foundational concepts, accompanied by examples to help you learn these key topics.

Types of Owners in Linux Systems

• User: The creator of a file. By default, the file's creator is the owner and has the authority to read, write, and execute the file.

• Group: A collection of users. Members of a group share the same level of access to a file.

• Other: Users who are neither the file's creator nor group members. They fall into this category and have their own set of permissions.

Management of users and groups can be done locally using /etc/passwd for users and /etc/group for groups.

Permission Types

Each owner category (user, group, others) has three types of permissions, shown as nine characters:

• Read (r): Grants the ability to view the contents of a file.

• Write (w): Allows modification, deletion, or renaming of a file.

• Execute (x): Permits running the file as a program.

Example: Understanding File and Directory Permissions

Permissions are displayed as a sequence of characters, each indicating different access levels:

• -rwxr-xr-x: A file where the user has read, write, and execute permissions, while the group and others have read and execute permissions.

• drwxr-xr-x: A directory with similar permissions.

Breakdown of Permission Characters:

Character Positions: 1  2  3  4  5  6  7  8  9  10
                     -  r  w  x  r  -  x  r  -  x

1  -  or d: Indicates whether it's a file (-) or directory (d)
2-4: User permissions (rwx - read, write, execute)
5-7: Group permissions (r-x - read, execute)
8-10: Others' permissions (r-x - read, execute)

Numerical Representation of Permissions

Permissions can also be depicted in octal (base-8) format, where each permission type has a numerical value:

• Read (r): 4

• Write (w): 2

• Execute (x): 1

Combining Permissions:

Commands to Modify Permissions

Modify File Permissions:

chmod <permissions> <file>

Example:

chmod 777 testfile.txt

Here, 777 assigns all permissions (read, write, execute) to user, group, and others.

Change Group Ownership:

chgrp <newgroup> <file>

Change File Owner:

chown <newowner> <file>

Access Control Lists (ACLs)

ACLs provide a more detailed permission mechanism, allowing you to specify different access levels for specific users or groups.

Commands for ACLs:

• View ACLs:

    getfacl /path/to/file
  

• Set User ACL:

    setfacl -m u:username:rwx /path/to/file
  

• Set Group ACL:

    setfacl -m g:groupname:r-x /path/to/file
  

• Set Default ACL for Directory:

    setfacl -dm u:username:rwx /path/to/directory
  

• Remove a Specific ACL Entry:

    setfacl -x u:username /path/to/file
  

• Remove All ACL Entries:

    setfacl -b /path/to/file
  

Tasks:

1. Read about ACL and try out the commandsgetfacl and setfacl.

2. Create a directory and set specific ACL permissions for different users and groups. Verify the permissions usinggetfacl.

Additional Tasks

Task 1: Script to Change Permissions of Multiple Files

Create a script to modify permissions of multiple files based on user input:

#!/bin/bash

read -p "Enter permission (e.g., 755): " perm
read -p "Enter directory path: " dir

for file in "$dir"/*; do
  chmod "$perm" "$file"
done

echo "Permissions changed to $perm for all files in $dir"

Task 2: Script to Set ACL Permissions for a User

Create a script to set ACL permissions for a user on a given file based on user input:

#!/bin/bash

read -p "Enter username: " user
read -p "Enter permissions (e.g., rwx): " perms
read -p "Enter file path: " file

setfacl -m u:"$user":"$perms" "$file"
echo "ACL permissions set to $perms for user $user on file $file"

Understanding Sticky Bit, SUID, and SGID

Sticky Bit

• Sticky Bit: Ensures only the file's owner or root can delete or modify a file within a directory.

• Example:

    mkdir /tmp/sticky_dir
    chmod +t /tmp/sticky_dir
  

SUID (Set User ID)

• SUID: Allows users to run an executable with the permissions of the executable's owner.

• Example:

    chmod u+s /path/to/executable
  

SGID (Set Group ID)

• SGID: Files created within the directory inherit the group of the directory.

• Example:

    chmod g+s /path/to/directory
  

Backup and Restore Permissions

Task: Script to Backup Permissions

Create a script to back up the current permissions of files in a directory to a file:

#!/bin/bash

read -p "Enter directory path to backup permissions: " dir
getfacl -R "$dir" > permissions_backup.txt
echo "Permissions backed up to permissions_backup.txt"

Task: Script to Restore Permissions

Create a script to restore the permissions from the backup file:

#!/bin/bash

read -p "Enter directory path to restore permissions: " dir
setfacl --restore=permissions_backup.txt
echo "Permissions restored from permissions_backup.txt"

Summary

Understanding file permissions and ACLs in Linux is crucial for maintaining system security and managing access. Basic file permissions offer a straightforward way to control access for users, groups, and others, while ACLs provide a more granular level of control. Additional concepts like Sticky Bit, SUID, and SGID further enhance security by controlling how files and directories are accessed and modified. By mastering these concepts and commands, you can efficiently manage and secure your Linux environment.