File Permissions and Access Control Lists

File Permissions and Access Control Lists

✍️Why File permission

Linux is a multi-user system where users can assign different access permission to their files. Access permissions can be set per file for owner, group and others on the basis of read (r), write (w) and execute permissions (x).

📂File permission type & users

In Linux, every file or folder has access permissions. There are three types of permissions.

read access: The read permission lets a user read the contents of the file. For directories, read permission lets the user list the contents of the directory (using Is).

write access: The write permission lets the user write and modify the file. For directories, write permission lets the user create new files or delete files within the directory.

execute access: The execute permission lets the user run the file as a program or shell script (if the file is a program or shell script). For directories, execute permission lets the user open the directory.

Permissions are defined for three types of users:

owner of the file

the group that the owner belongs to

other users

The concept of Linux File permission and ownership is important in Linux. Here, we will be working on Linux permissions and ownership and will do tasks on both of them. Let us start with the Permissions.

🗃️How do you View the File Permission

📂How do you Modify Linux File Permission

You can modify file and directory permissions with the chmod command, which stands for "change mode."chmod take two lists as the arguments permission changes and nonames. You can specify the list of permissions using the characters r, w and x for read, write and execute respectively. Any of the permissions can be added or removed. The symbol to add permission is the plus sign.

Permissions can be specified using symbolic or numeric notation.

The symbolic notation consists of letters representing the permission types (e.g., u for the user, g for the group, o for others) and operators (+ for adding permissions, - for removing permissions, = for setting exact permissions).

The above example, adds the execute permission to the user (owner) removes the write permission from the group, read and writes permissions for others.

chmod u+x,g-w,o+rw MarkII.sh

👨‍💻Access Control List

ACL commands are used to provide temporary permissions to a particular user or group without changing the actual permission of files or directories.

Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource. We can use commands like setfacl and getfacl to do so.

getfacl

getfacl is a command in Linux used to retrieve and display the Access Control Lists (ACLs) of files and directories, showing detailed information about the permissions assigned to users and groups beyond the traditional owner, group, and others categories. Some applications of the getfacl commands are:

#Display ACLs for a file: 
getfacl MarkII.sh
    file: MarkII.sh
    owner :devasc 
    group: devasc 
    user: : rwx 
    group: : r -- 
    other: : rw-

setfacl

It provides the ability to assign specific permissions. Here are some ways to implement this command

setfacl - set file access control lists

Syntax: setfacl -<option>u:<username>:<permission><filename>

#Granting specific permissions to a user:
setfacl -m u:user1:rw file.txt
#Granting specific permissions to a group:
setfacl -m g:group1:rx file.txt
#Granting specific permissions to others:
setfacl -m o:rw file.txt
#Granting multiple permissions to a user and group:
setfacl -m u:user1:rw,g:group1:rx file.txt
#------Recursively applying ACLs to a directory and its subdirectories: 
#This command applies read and write (rw) permissions to user1 on 
#the directory directory/ and all its subdirectories and files.-----#

📍Conclusion 🎉

I hope you enjoyed reading this blog. Subscribe to my newsletter by visiting my site and also have a look at the consolidated list of all my blogs.

For updates follow me on LinkedIn: Suraj Barik

Cheer