Shefali Mishra's Blog
#Day 6: File Permissions and Access Control Lists

Photo by Lukas on Unsplash

#Day 6: File Permissions and Access Control Lists

Shefali Mishra's photo
Shefali Mishra
·

6 min read

What is File Permission and why it is Important?

File permissions in Linux play a crucial role in the realm of security and user management. They are a fundamental component for controlling access, ensuring data privacy, and safeguarding against unauthorized use of files and directories. Understanding and effectively managing these permissions is a vital skill for Linux users, system administrators, and developers.

Linux file permissions revolve around the concepts of ownership and access levels. Each file and directory has an owner and group, with permissions assigned to dictate what actions can be performed by these entities. The permission system comprises three key elements: read, write, and execute permissions. These permissions can be configured separately for the file's owner, the group, and others.

This introduction lays the foundation for a deeper exploration of file permissions and access control in Linux, providing essential insights into managing and optimizing these crucial elements for a secure and customized Linux environment.

In my previous articles, I have mentioned that everything in Linux is either a file or a directory and in Linux you work in a multi-user environment, it is very crucial to know about the File Permissions of the Linux Operating System.

How to Check File Permission?

If you know the basics of terminal in Linux then you might know how to list files with the Command Line Interface/Terminal (CLI). It is very similar to that.

If you don't know how to list files normally, It is done with the ls command

ls
  • use the ls command in any directory and it will list all the contents in the directory. an example of that can be seen below.

You now know how to list files normally using CLI. Now let's see how you can list the files with their permissions.

How to list File with Permission?

This can be done using a simple flag with the ls command which is -l (hyphen l). This will list the permission along with the contents present inside the directory.

Now you might be wondering what are those few things that are listed before the file names. Well, those are the permissions.

To understand file permissions, let's create a simple file and use the ls -ltr command to view its details. Here's how to do it:

  1. Create a File: You can create a new file using the touch command. For example:
  •    [root@ip-172-31-1-21 ec2-user]# touch content.txt

  • Check File Details: Use ls -ltr to list files in long format, including details like permissions, ownership, and more:

 [root@ip-172-31-1-21 ec2-user]# ls -ltr

This command will show you information about the newly created file, including its permissions.

Changing Ownership and Group

Changing Ownership (chown)

The chown command is used to change the ownership of a file or directory. For instance, if you want to change the owner of a file named content.txt to a user named newUser, you would use the following command:

[root@ip-172-31-1-21 ec2-user]# useradd newUser
[root@ip-172-31-1-21 ec2-user]# chown newUser content.txt

Changing Group (chgrp)

Similarly, you can change the group ownership of a file or directory using the chgrp command. To change the group of content.txt to a group named newGroup, use the following command:

[root@ip-172-31-1-21 ec2-user]# groupadd newGroup
[root@ip-172-31-1-21 ec2-user]# chgrp new 
[root@ip-172-31-1-21 ec2-user]# chgrp newGroup content.txt

Modifying Permissions

Changing Permissions (chmod)

The chmod command allows you to modify the permissions of a file or directory. Permissions can be specified using a three-digit octal number or by using symbolic notation.

For example, to give the owner read and write permissions while allowing the group and others to read-only, you can use the symbolic notation as follows:

[root@ip-172-31-1-21 ec2-user]# chmod u=rw,go=r content.txt

Practical Exercise

Let's put this knowledge to use with a practical example. Create a simple file and list its details using ls -ltr. You'll notice the permissions, ownership, and group associated with the file.

Next, try changing the user permissions of the file using the chmod command and note the changes after running ls -ltr again.

Step 1: Create a Simple File

First, let's create a simple text file named myFile.txt using the touch command:

[root@ip-172-31-1-21 ec2-user]# touch myFile.txt

Step 2: Check File Details

Now, let's use the ls -ltr command to list files in long format and view the details, including permissions, ownership, and group associated with the file:

[root@ip-172-31-1-21 ec2-user]# ls -ltr myFile.txt

You will see an output similar to the above, where the details of the myFile.txt are displayed

  • rw-r--r--: These are the permissions for the owner, group, and others, respectively.

  • root: The owner of the file.

  • root: The group that owns the file.

Step 3: Change User Permissions

Now, let's change the user permissions for the file using the chmod command. To give the owner read and write permissions while allowing the group and others to have read-only access, you can use the following command:

[root@ip-172-31-1-21 ec2-user]# chmod u=rw,go=r myFile.txt

This command translates as:

  • u=rw: Give read and write permissions to the owner.

  • go=r: Give read-only permissions to the group and others.

Step 4: Check File Details Again

After changing the permissions, let's run ls -ltr again to see the updated permissions:

[root@ip-172-31-1-21 ec2-user]# ls -ltr myFile.txt

You'll notice that the permissions for myFile.txt has changed to reflect the modifications you made. The output might now look like the below:

The owner (root) has read and write permissions (rw), while the group and others have read-only permissions (r).

You've successfully created a file, inspected its details, changed user permissions, and observed the changes. This hands-on experience reinforces your understanding of Linux file permissions.

Understanding Advanced Concepts

Access Control Lists (ACL)

ACLs extend the traditional file permission system by allowing you to set permissions for individual users or groups, making it more flexible and suitable for complex access control requirements. An ACL can be applied to files and directories, and it provides additional entries beyond the standard user, group, and others.

Using getfacl to View ACLs

The getfacl command is used to display the ACLs for a file or directory. Here's how you can use it:

To view the ACL of a file, simply run:

getfacl /path/to/your/file

For example, if you want to view the ACL of a file named myFile.txt located in your home directory, you would use:

[root@ip-172-31-1-21 ec2-user]# getfacl myFile.txt

The getfacl command will display the ACL entries for the specified file, including the owner, group, and additional users or groups with specific permissions.

Using setfacl to Modify ACLs

The setfacl command is used to set or modify ACL entries for a file or directory. You can use it to add, modify, or remove ACL entries. Here's the basic syntax:

setfacl -m user:userA:permissions /path/to/your/file

  • user:userA is the user or group to which you want to grant or modify permissions.

  • permissions are the permissions you want to set, such as r for read, w for write, and x for execute.

For example, if you want to grant user shubham read and write permissions to the file myFile.txt, you would use:

[root@ip-172-31-1-21 ec2-user]# setfacl -m user:shubham:rw myFile.txt

The setfacl command can also be used to remove ACL entries. To remove all permissions for shubham, you can use:

[root@ip-172-31-1-21 ec2-user]# setfacl -x user:shubham myFile.txt

#90daysofdevops chanllengeDevopsTrainWithShubhamLinux