Day-6 of DevOps Challenge: Mastering File Permissions and Access Control Lists for Enhanced Security

File permissions and Access Control Lists (ACLs) are mechanisms used to control the access and permissions of users and groups to files and directories in a computer system. They are critical for maintaining the security and integrity of data. Here's an overview of each:

Create a simple file and do ls -ltr to see the details of the files

Owner — The owner of the file or application

"chown" is used to change the ownership permission of a file or directory.

Group — The group that owns the file or application.

"chgrp" is used to change the group permission of a file or directory.

Understanding Others: Access for All System Users Explained

"chmod" is used to change the other users permissions of a file or directory.

File Permissions

File permissions determine what actions different users can perform on a file or folder. There are three main types of actions:

1. Read (r): Look at the file's content.

2. Write (w): Change or delete the file.

3. Execute (x): Run the file as a program.

Permissions are set for:

• Owner: The person who created the file.

• Group: A set of users working together.

• Others: Everyone else.

Example: If Shubham has a file with permissions set to rwxr-xr--:

• Shubham (the owner) can read, write, and run the file (rwx).

• The group can read and run the file (r-x).

• Others can only read the file (r--).

Access Control Lists (ACLs)

ACLs provide a more detailed way to control access. They let you specify permissions for individual users or groups, not just the owner, group, and others.

Example: An ACL might say:

• Manoj can read and write the file.

• Shubham can only read the file.

• The Marketing Team can read and run the file.

Check ACL Permission on Any file

getfacl is a powerful command that allows you to view the ACLs of files and directories, providing fine-grained control over permissions.

Use of Setfacl command

setfacl is a powerful tool that allows you to set ACLs on files and directories, providing fine-grained control over permissions.

How to Set ACL user and the permissions

-m: Modify the ACL (you can also use -x to remove an ACL).

u:username:permissions: Specifies the user and the permissions to set. For example, u:shubham:rwx sets read, write, and execute permissions for the user shubham.

file_or_directory: The name of the file or directory to which you are applying the ACL.

How to Set ACL group and the permissions

setfacl: The command used to set file access control lists (ACLs).

-m: Stands for "modify". It indicates that you are modifying the ACL of a file or directory.

g:shubham:rw: This part of the command specifies the ACL entry to be modified:

g:: Indicates that you are setting permissions for a group.

How to remove ACL User and group permission entry from any file

This command removes any ACL entry for the user shubham on the file data.txt. This means that any specific permissions that were previously granted to the user shubham for data.txt will be revoked.

setfacl: The command used to set file access control lists (ACLs).

-x: Stands for "remove". It indicates that you are removing an ACL entry from a file or directory.

u:shubham: This part of the command specifies the ACL entry to be removed:

u:: Indicates that you are targeting a user.

How to Set ACL User and group permission on whole directory

setfacl: The command used to set file access control lists (ACLs).

-R: Stands for "recursive". It indicates that the command should be applied recursively to all files and directories within the specified directory.

-m: Stands for "modify". It indicates that you are modifying the ACL of the files or directories.

u:Shubham:rw: This part of the command specifies the ACL entry to be modified:

/data: The directory to which you are applying the ACL.

How to remove ACL User and group permission from whole directory

setfacl: The command used to set file access control lists (ACLs).

setfacl: The command used to set file access control lists (ACLs).

-b: Stands for "remove all ACL entries". It removes all extended ACL entries from the file or directory.

/path/to/directory: The directory from which you are removing all ACL entries.