Day 6: Linux File Permissions & ACLs for DevOps - Deep Dive!

Kanav Preet SinghKanav Preet Singh
2 min read

Hey DevOps Enthusiasts! Welcome to Day 6 of the #90DaysOfDevOps challenge. Today we’re talking about one of the core pillars of Linux: file permissions and Access Control Lists (ACLs). As a DevOps engineer, understanding these concepts is crucial to maintaining system security and managing multiple users effectively.

What Are File Permissions?

In Linux, every file has three basic permissions: read, write, and execute. These permissions are divided among three categories of users:

  1. Owner (the file’s creator)

  2. Group (users in the file’s group)

  3. Others (everyone else)

To check the permissions of a file, run the command:

ls -ltr

You’ll see something like -rwxr-xr--. This cryptic line holds all the details about the file’s permissions for different users!

Manipulating File Permissions

DevOps engineers often need to adjust permissions for files and directories. Here are the most common commands:

  • chown: Change the file owner.

      sudo chown new_owner file_name

  • chmod: Modify the file’s permissions.

      chmod 777 file_name

These commands allow you to set custom permissions based on the security needs of your project.

ACLs (Access Control Lists)

If you need more granular control over permissions, ACLs are your friend. While Linux’s default permissions model covers basic needs, ACLs allow you to assign specific permissions to individual users or groups.

Key Commands:

  • setfacl: Modify ACLs for a file or directory.

      setfacl -m u:username:rwx file_name

  • getfacl: View ACL permissions.

      getfacl file_name

Task: Set specific ACL permissions for a group on a file and verify using getfacl.

SUID, SGID, and Sticky Bit

These are advanced file permission settings that every DevOps engineer should know:

  • SUID: Allows users to execute a file with the permissions of the file’s owner.

  • SGID: Ensures files created in a directory inherit the group permissions of that directory.

  • Sticky Bit: Prevents users from deleting files they don’t own in shared directories.

Backup and Restore Permissions

Lastly, backup and restore permissions using a shell script:

#!/bin/bash
getfacl /directory_path > permissions_backup.acl

This process is crucial for disaster recovery in production environments.

Keep mastering these concepts to ace your Linux administration and DevOps journey!

0
Subscribe to my newsletter

Read articles from Kanav Preet Singh directly inside your inbox. Subscribe to the newsletter, and don't miss out.

CloudTrainWithShubhamDevopswithsinghDevops

Written by

Kanav Preet Singh
Kanav Preet Singh