Day 6 #90DaysOfDevOpsChallenge: Linux File Permissions and Access Control Lists (ACL)

ASHISH PATILASHISH PATIL
5 min read

Table of contents

Today’s focus is on learning and applying file permissions in Linux. File permissions and ownership are critical for ensuring system security by controlling who can access or modify files. Let’s explore the tasks and concepts around Linux permissions, ACLs, and some useful commands.

1.What are File Permissions?

In Linux, every file or directory has three sets of permissions that define how different users can interact with it:

  1. Owner: The user who created or owns the file.

  2. Group: A group of users who share certain access rights.

  3. Others: Everyone else who has access to the system.

Each of these groups can be given the following permissions:

  • Read (r): Allows reading or viewing the file’s contents.

  • Write (w): Allows modifying or changing the file.

  • Execute (x): Allows executing the file if it’s a script or program.

Viewing File Permissions

You can check the current file permissions using the ls -lh command:

ls -lh testfile.txt

Output Example:

-rw-r--r-- 1 ashish devgroup 1024 Oct 10 15:30 testfile.txt

In this output:

  • rw-: The owner (Ashish) has read and write permissions.

  • r--: The group (devgroup) has only read permissions.

  • r--: All other users also have read-only permissions.

2.Changing File Permissions and Ownership

  • Changing File Ownership: If you want to change the file owner, you can use the chown command. Here’s an example where ownership is changed from Ashish to another user:

      sudo chown rahul testfile.txt

    After running ls -lh:

      -rw-r--r-- 1 rahul devgroup 1024 Oct 10 15:30 testfile.txt

  • Changing Group Ownership: To change the group that owns the file, use the chgrp command:

      sudo chgrp opsgroup testfile.txt

    Output after running ls -lh:

      -rw-r--r-- 1 rahul opsgroup 1024 Oct 10 15:30 testfile.txt

  • Modifying File Permissions: To adjust permissions for a file, use chmod. For instance, to give all users execute permission, use:

      chmod a+x testfile.txt

    After modifying the permissions, running ls -lh will now show:

  •   -rwxr-xr-x 1 rahul opsgroup 1024 Oct 10 15:30 testfile.txt

3.Access Control Lists (ACL) in Linux

When basic file permissions aren’t flexible enough, Access Control Lists (ACL) offer more granular control. ACLs allow you to assign permissions to specific users or groups beyond the standard owner-group-others structure.

  • Viewing ACL: Use getfacl to display the current ACL for a file:

      getfacl testfile.txt

    Example Output:

      # file: testfile.txt
  # owner: rahul
  # group: opsgroup
  user::rwx
  user:ashish:rwx
  group::r-x
  mask::rwx
  other::r-x

  • Modifying ACL: To give a user (e.g., Ashish) specific permissions on a file, use setfacl:

      setfacl -m u:ashish:rw- testfile.txt

    This command grants Ashish read and write permissions on the file.

Task: Setting ACL for a Directory

mkdir acl_directory
setfacl -m u:john:rwx acl_directory  # Grant user 'john' full permissions on the directory
setfacl -m g:admin:r-- acl_directory  # Give the 'admin' group read-only access
getfacl acl_directory                 # Verify ACL settings

Example Output:

# file: acl_directory
# owner: rahul
# group: opsgroup
user::rwx
user:john:rwx
group::r--
mask::rwx
other::r-x

4.Writing Shell Scripts for Permissions and ACLs

To automate permission changes, I created a few scripts:

1. Script for Changing Permissions on Multiple Files

This script prompts the user for a directory and a permission level, then applies the changes to all files within that directory:

#!/bin/bash
# Script to change file permissions in a directory

echo "Enter the directory path:"
read directory
echo "Enter the permission level (e.g., 755):"
read perm

for file in $directory/*; do
    chmod $perm "$file"
    echo "Changed permissions for $file"
done

Sample Output:

Enter the directory path: /home/ashish/files
Enter the permission level (e.g., 755): 644
Changed permissions for /home/ashish/files/file1.txt
Changed permissions for /home/ashish/files/file2.txt

2. Script for Setting ACL

This script sets specific ACL permissions for a user based on user input:

#!/bin/bash
# Script to set ACL permissions on a file

echo "Enter the file name:"
read filename
echo "Enter the username:"
read username
echo "Enter the permission (e.g., rwx):"
read aclperm

setfacl -m u:$username:$aclperm $filename
echo "Set ACL permissions for $username on $filename"

Sample Output:

Enter the file name: testfile.txt
Enter the username: ashish
Enter the permission (e.g., rwx): rw-
Set ACL permissions for ashish on testfile.txt

5.Exploring Sticky Bit, SUID, and SGID

Here’s a quick explanation of three special permissions in Linux:

  • Sticky Bit: When set on a directory, only the file owner can delete files within it.

      chmod +t /path/to/directory

  • SUID (Set User ID): Allows a program to run with the file owner's privileges.

      chmod u+s /path/to/file

  • SGID (Set Group ID): Files created in a directory inherit the group of that directory.

      chmod g+s /path/to/directory

Task: Practical Examples of Sticky Bit, SUID, and SGID

I applied these special permissions on files and directories to see their effects.

6.Backing Up and Restoring File Permissions

Finally, I wrote two scripts to back up and restore file permissions using getfacl and setfacl.

1. Backup File Permissions:

#!/bin/bash
# Backup permissions of files in a directory

echo "Enter the directory path:"
read dir

getfacl $dir/* > permissions_backup.acl
echo "Permissions backed up to permissions_backup.acl"

Sample Output:

Enter the directory path: /home/ashish/files
Permissions backed up to permissions_backup.acl

2. Restore Permissions from Backup:

#!/bin/bash
# Restore permissions from a backup file

echo "Enter the backup file:"
read backupfile

setfacl --restore=$backupfile
echo "Permissions restored from $backupfile"

Sample Output:

Enter the backup file: permissions_backup.acl
Permissions restored from permissions_backup.acl

Conclusion

Understanding and managing file permissions and ACLs in Linux is crucial for system security. Through this learning experience, I gained insights into how to use commands like chown, chmod, and setfacl to manage access controls effectively.

Keep experimenting, share your knowledge with the DevOps community, and remember—learning is a continuous journey!

Let’s learn together and grow together in the world of DevOps! 🌱🚀 #DevOpsJourney #LearningTogether #GrowthMindset #TechCommunity #TrainWithShubham #90DaysOfDevOps

Follow my #90DaysOfDevOps challenge on LinkedIn, and stay tuned for more updates!

10
Subscribe to my newsletter

Read articles from ASHISH PATIL directly inside your inbox. Subscribe to the newsletter, and don't miss out.

TrainWithShubhamDevopsAWSfile-permissionaclLinuxCloudDockerTerraform#90daysofdevops chanllenge#90daysofdevops

Written by

ASHISH PATIL
ASHISH PATIL

Hi I am Ashish Patil, a fresher with a keen interest in AWS, DevOps, and Linux. I have been learning about cloud infrastructure and automation, and I am excited to apply my skills in real-world projects. I am committed to continuous improvement and eager to grow in the tech industry.