File Permissions

Introduction

File permissions in Linux are like setting rules for who can access or change files and folders on your computer. They help keep your data safe by controlling who can read, modify, or run files. Let’s explore how these permissions work and how Access Control Lists (ACLs) provide even more control! 🚀

1. Types of File Permissions 🗂️🔒

• Read (r): Allows you to see the contents of a file. 📖

• Write (w): Lets you make changes to a file. 📝

• Execute (x): Allows you to run the file as a program. ▶️

2. Permission Categories 🏷️

• Owner/User (u): The person who created the file. 🌟

• Group (g): A group of users who have similar permissions. 👥

• Others (o): Everyone else who can access the file. 🌐

Viewing Permissions: Use the command ls -l to see file permissions:

$ ls -l myfile.txt
 -rwxr-xr-- 1 user group 0 Aug 25 12:34 myfile.txt

-rwxr-xr--: Shows file type and permissions.

• rwx for the owner: Can read, write, and execute.

• r-x for the group: Can read and execute.

• r-- for others: Can only read.

Changing Permissions:

• Grant execute permission:

    $ chmod u+x filename
  

• Remove write permission:

    $ chmod o-w filename
  

• Set all permissions for everyone:

    $ chmod 777 filename
  

Numerical Representation:

• Read = 4

• Write = 2

• Execute = 1 Combine these numbers to set permissions:

755 = rwxr-xr-x:

$ chmod 755 filename

Here’s the table arranged in serial order from 0 to 7:

This serial arrangement shows how each combination of read (r), write (w), and execute (x) permissions translates to its corresponding numerical representation.

You can take the help of above table to set the permission for your file.

• Apply recursively to folders:

    $ chmod -R 777 folder/
  

3. Special Permissions ✨

• Sticky Bit:

  • Purpose: Ensures only the file owner can delete or rename their own files in a directory.

  • Set Sticky Bit:

      $ chmod +t /path/to/directory
    

• SUID (Set User ID):

  • Purpose: Allows a program to run with the privileges of the file owner, not the user.

  • Example:

      $ echo -e '#!/bin/bash\necho "Current user: $(whoami)"' > /tmp/suid_test.sh
      $ chmod 4755 /tmp/suid_test.sh
      $ chown root /tmp/suid_test.sh
    

    • Running this script will show Current user: root even if you’re a different user. 🧑‍💻

• SGID (Set Group ID):

• Purpose: When set on a directory, new files inherit the directory's group ownership.

• Example:

    $ mkdir /tmp/sgid_test
    $ chmod 2775 /tmp/sgid_test
    $ chgrp somegroup /tmp/sgid_test
    $ touch /tmp/sgid_test/testfile
  

  • New files in this directory will have the group 'somegroup' instead of the creator's primary group. 🗃️

ACCESS CONTROL LISTS (ACLs)

What is ACL? 🤔

Access Control Lists (ACLs) provide a more flexible way to assign permissions to files and directories beyond the traditional owner, group, and others model. With ACLs, you can grant specific permissions to individual users or groups.

Why Use ACLs? 🛠️

In traditional file permissions, you can only set permissions for:

• Owner (u)

• Group (g)

• Others (o)

But what if you want to give specific access to a particular user who isn’t the owner or part of the group? That’s where ACLs come in!

Key Concepts 📜

1. Default ACLs: Applied to directories, affecting all newly created files and subdirectories.

2. Access ACLs: Applied to individual files or directories.

Basic Commands 📝

1. View ACLs:

    getfacl filename
   

   This shows all ACLs applied to a file.

2. Set ACLs:

    setfacl -m u:username:permissions filename
   

   Example: Give a user read and write permissions:

    setfacl -m u:vaish:rw filename
   

3. Remove ACLs:

    setfacl -x u:username filename
   

4. Remove All ACLs:

    setfacl -b filename
   

Real-Time Example 🌐

Imagine you’re working on a shared project. You want a specific user to have read and write permissions to a file, but others should only have read access. You can use ACLs to grant that user extra permissions without changing the group settings.

How ACLs Look 👀

Let’s say you run the getfacl command on a file:

# file: example.txt
# owner: vaishnavi
# group: devs
user::rw-
user:vaish:rw-
group::r--
mask::rw-
other::r--

• user::rw-: The owner (vaishnavi) has read and write permissions.

• user:vaish:rw-: The user "john" is specifically granted read and write permissions.

• group::r--: The group "devs" has read-only access.

• other::r--: Others can only read.

Why Are ACLs Important for DevOps? 🚀

ACLs allow fine-grained access control, especially in multi-user environments. As a DevOps engineer, managing file permissions in complex systems is crucial. ACLs provide the flexibility to meet different security and access requirements.

Conclusion

File permissions and ACLs are key to managing who can access files in Linux. Basic permissions (read, write, execute) cover most cases, while ACLs allow more specific control for different users and groups. Mastering both ensures better security and access management in any system.