Day 6 of 90DaysOfDevOps : File Permissions and Access Control Lists

Pooja NaitamPooja Naitam
4 min read

Table of contents

1.Understanding File Permissions:

Create a simple file and run ls -ltr to see the details of the files.

Each of the three permissions are assigned to three defined categories of users. The categories are:

Owner: The owner of the file or application.

Use chown to change the ownership permission of a file or directory.

Group: The group that owns the file or application.

Use chgrp to change the group permission of a file or directory.

Others: All users with access to the system (outside the users in a group).

Use chmod to change the other users' permissions of a file or directory.

Task: Change the user permissions of the file and note the changes after running ls -ltr.

2.Writing an Article:

In Linux, file permissions control who can access or modify files. Here’s a quick guide to understanding and using permissions.

Types of Permissions

Each file has permissions for three categories:

  1. Owner: The user who created the file.

  2. Group: A group of users with similar access.

  3. Others: Anyone else with access to the system.

Each category can have:

  • Read (r): View the file.

  • Write (w): Edit the file.

  • Execute (x): Run the file as a program.

Checking Permissions

Use ls -ltr to view permissions. Here’s an example output:

-rwxr-xr-- 1 pooja devops 1024 Nov 10 10:00 example.sh

rwxr-xr-- shows the permissions for Owner (rwx), Group (r-x), and Others (r--).

Modifying Permissions

Use chmod to change permissions:

chmod 754 example.sh  # Sets Owner=rwx, Group=r-x, Others=r--

Changing Owner and Group

Access Control Lists (ACLs)

For specific user permissions, use ACLs:

setfacl -m u:username:rwx example.sh  # Set permissions for username
getfacl example.sh  # View ACLs

Special Permissions

  • Sticky Bit: Only file owners can delete files in shared directories.

      chmod +t /path/to/directory

  • SUID: File runs with owner’s permissions.

      chmod u+s example.sh

  • SGID: Files inherit directory’s group.

      chmod g+s /path/to/directory

Automating Permissions

Use scripts to change permissions on multiple files:

#!/bin/bash
chmod -R 755 /path/to/directory  # Apply permissions to all files

3.Access Control Lists (ACL):

Read about ACL and try out the commands getfacl and setfacl.

Task: Create a directory and set specific ACL permissions for different users and groups. Verify the permissions using getfacl.

Viewing and Setting ACLs

  1. View ACLs:

     getfacl example.sh

  2. Set ACLs:

     setfacl -m u:username:rwx example.sh

4.Additional Tasks:

    • Task: Create a script that changes the permissions of multiple files in a directory based on user input.

      • Task: Write a script that sets ACL permissions for a user on a given file, based on user input.

5.Understanding Sticky Bit, SUID, and SGID:

Read about sticky bit, SUID, and SGID.

Task: Create examples demonstrating the use of sticky bit, SUID, and SGID, and explain their significance.

  • Sticky Bit: When set on a directory, only the file owner can delete files within that directory.

      chmod +t /path/to/directory

  • SUID (Set User ID): When set, a program runs with the file owner's permissions, not the user's.

      chmod u+s example.sh

  • SGID (Set Group ID): Files created in a directory inherit the group of that directory.

      chmod g+s /path/to/directory

6.Backup and Restore Permissions:

Task: Create a script that backs up the current permissions of files in a directory to a file.

#!/bin/bash
echo "Enter directory path:"
read dir
echo "Enter permission (e.g., 755):"
read perm
chmod -R $perm $dir
echo "Permissions changed for all files in $dir"

Task: Create another script that restores the permissions from the backup file.

To back up permissions of all files in a directory, use getfacl:

  1. Backup:

     getfacl -R /path/to/directory > permissions_backup.acl

  2. Restore:

     setfacl --restore=permissions_backup.acl

Summary

Understanding and managing file permissions is essential for Linux users to secure files effectively. With basic permissions, ACLs, and special permissions like sticky bit, SUID, and SGID, Linux provides robust tools to control access precisely. By using these commands and creating automation scripts, you can efficiently manage permissions in any Linux environment.

0
Subscribe to my newsletter

Read articles from Pooja Naitam directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#90daysofdevops#TWSDevopsshell scriptautomation

Written by

Pooja Naitam
Pooja Naitam

👋 Hello! I'm Pooja Naitam, a passionate DevOps fresher with a solid foundation in the field. I hold the AWS Certified Cloud Practitioner (CCP) certification, and I'm eager to apply my knowledge to real-world projects while continuously learning cutting-edge technologies. Let's connect and grow together in the exciting world of DevOps!