Day 6 File Permissions and Access Control Lists

Day 6 File Permissions and Access Control Lists

Permissions in Linux:-

Linux is a multi-user operating system, so it has security to prevent people from accessing each other’s confidential files. When you execute a “ls” command, you are not given any information about the security of the files, because by default “ls” only lists the names of files. You can get more information by using an “option” with the “ls” command. All options start with a ‘-‘. For example, to execute “ls” with the “long listing” option, you would type ls -l . When you do so, each file will be listed on a separate line in a long format.

Example :-

There’s a lot of information in those lines.

  1. The first character = ‘-‘, which means it’s a file ‘d’, which means it’s a directory.

  2. The next nine characters = (rw-rw-r--) show the security

  3. The next column shows the owner of the file. (Here it is ubuntu)

  4. The next column shows the group owner of the file. (Here it is ubuntu which has special access to these files)

  5. The next column shows the size of the file in bytes.

  6. The next column shows the date and time the file was last modified.

  7. Last Column = File_name or Directory_name. (For example, here are: basic, devops, makeDirectory)

What are the three permission groups in Linux?

First, you must think of those nine characters as three sets of three characters. Each of the three “rwx” characters refers to a different operation you can perform on the file.

  1. Owners: These permissions apply exclusively to the individuals who own the files or directories.

  2. Groups: Permissions can be assigned to a specific group of users, impacting only those within that particular group.

  3. All Users: These permissions apply universally to all users on the system, presenting the highest security risk. Assigning permissions to all users should be done cautiously to prevent potential security vulnerabilities.

What are the three kinds of file permissions in Linux?

How to Change Permissions in Linux

The command you use to change the security permissions on files is called “chmod,which stands for “change mode” because the nine security characters are collectively called the security “mode” of the file.

Chart

Here's a breakdown of the permissions notation:

  • rw-: Read and write permissions for the owner.

  • ---: No permissions for the group.

  • ---: No permissions for others.

Access Control Lists:-

Access Control Lists (ACLs) extend the standard Unix file permission model by providing a more fine-grained control over file and directory access. ACLs allow you to define permissions for specific users and groups beyond the owner, group, and others.

Here are a few key points about ACL:

  1. Additional Permissions: ACLs provide additional permissions beyond the standard read (r), write (w), and execute (x) permissions. These additional permissions include things like read/write for specific users, granting permissions to a group, etc.

  2. getfacl Command:

    • The getfacl command is used to display the ACL (Access Control List) entries for a file or directory.

    • Syntax: getfacl [options] file/directory

    • Example:

        getfacl sample_file.txt
      

      This command will show the ACL entries for sample_file.txt.

  3. setfacl Command:

    • The setfacl command is used to set or modify ACL entries for a file or directory.

    • Syntax: setfacl [options] file/directory

    • Example:

        setfacl -m u:jane:rw sample_file.txt
      

      This command adds read and write permissions for the user "jane" to sample_file.txt.

  4. ACL Entries:

    • ACL entries have the following format: user|group|other:permissions.

    • Example:

        user:jane:rw-
      

      This entry grants read and write permissions to the user "jane."

Here's a quick example to illustrate the use of getfacl and setfacl:

# Create a file
touch sample_file.txt

# Display the initial ACL entries
getfacl sample_file.txt

# Add read and write permissions for a specific user
setfacl -m u:jane:rw sample_file.txt

# Display the updated ACL entries
getfacl sample_file.txt

This example creates a file, displays its initial ACL entries, adds read and write permissions for the user "jane," and then displays the updated ACL entries using getfacl. Remember that for ACLs to be effective, the underlying file system must support ACLs, and it needs to be mounted with ACL support.