GCP
Day 6 File Permissions and Access Control Lists

Day 6 File Permissions and Access Control Lists

Anurag Dutt 's photo
Anurag Dutt
·

8 min read

The concept of Linux File permission and ownership is important in Linux. Here, we will be working on Linux permissions and ownership and will do tasks on both of them. Let us start with the Permissions.

Task-

  1. Create a simple file and do ls -ltr to see the details of the files refer to Notes

Each of the three permissions is assigned to three defined categories of users. The categories are:

  • owner — The owner of the file or application.

  • "chown" is used to change the ownership permission of a file or directory.

  • group — The group that owns the file or application.

  • "chgrp" is used to change the group permission of a file or directory.

  • others — All users with access to the system. (outised the users are in a group)

  • "chmod" is used to change the other users permissions of a file or directory.

    As a task, change the user permissions of the file and note the changes after ls -ltr

  1. Write an article about File Permissions based on your understanding from the notes.

  2. Read about ACL and try out the commands getfacl and setfacl

1.) Create a simple file and do ls -ltr to see the details of the files

Each of the three permissions are assigned to three defined categories of users. The categories are:

  • owner — The owner of the file or application.

  • "chown" is used to change the ownership permission of a file or directory.

  • group — The group that owns the file or application.

  • "chgrp" is used to change the group permission of a file or directory.

  • others — All users with access to the system. (outised the users are in a group)

  • "chmod" is used to change the other users permissions of a file or directory.

    As a task, change the user permissions of the file and note the changes after ls -ltr

  1. Create a simple file. I will call it test.txt.
echo "This is a test file" > test.txt
  1. Use the ls -ltr command to see the details of the file.
ls -ltr

This will output the following:

-rw-r--r-- 1 root root 0 Aug 30 04:35 test.txt

The first column shows the permissions of the file. The - character indicates that the file is a regular file. The next three characters represent the permissions for the owner, group, and others, respectively. In this case, the owner has read and write permissions, the group has read permission, and others have read permission.

  1. Change the user permissions of the file so that only the owner has read and write permissions. We can do this using the chmod command.
chmod 600 test.txt

The 600 in this command represents the permissions for the owner, group, and others. The 6 indicates that the owner has read and write permissions. The 0 indicates that the group and others have no permissions.

  1. Use the ls -ltr command again to see the changes.
ls -ltr

This will output the following:

-rw------- 1 root root 0 Aug 30 04:35 test.txt

As you can see, the permissions for the group and others have now been changed to -, which means that they have no permissions.

for changing the ownership -

  1. Create a simple file. I will call it test.txt.
echo "This is a test file" > test.txt
  1. Use the ls -ltr command to see the details of the file.
ls -ltr

This will output the following:

-rw-r--r-- 1 root root 0 Aug 30 04:44 test.txt

The first column shows the permissions of the file. The - character indicates that the file is a regular file. The next three characters represent the permissions for the owner, group, and others, respectively. In this case, the owner has read and write permissions, the group has read permission, and others have read permission.

  1. Change the owner of the file to anurag using the chown command.
chown anurag test.txt

This will change the owner of the file to anurag.

  1. Use the ls -ltr command again to see the changes.
ls -ltr

This will output the following:

-rw-r--r-- 1 root anurag 0 Aug 30 04:44 test.txt

As you can see, the owner of the file is now anurag.

for changing the group -

The chgrp command is used to change the group ownership of a file or directory. The syntax of the chgrp command is as follows:

chgrp [OPTIONS] GROUP FILE...

The GROUP parameter specifies the new group ownership for the file or directory. The FILE... parameters specify the files or directories whose group ownership you want to change.

Here are some of the options that you can use with the chgrp command:

  • -R: Recursively change the group ownership of all files and subdirectories.

  • -f: Suppress any error messages.

  • -v: Verbose mode, which will print out the name of each file whose group ownership is changed.

For example, to change the group ownership of the file test.txt to anurag, you would use the following command:

chgrp anurag test.txt

To recursively change the group ownership of all files and subdirectories in the current directory to anurag, you would use the following command:

chgrp -R bard .

2.) Write an article about File Permissions based on your understanding from the notes.

File Permissions

File permissions control who can access a file or directory and what they can do with it. There are three types of permissions: read, write, and execute.

  • Read permission allows a user to open and read the contents of a file.

  • Write permission allows a user to modify the contents of a file or create new files in a directory.

  • Execute permission allows a user to run a file as a program.

The permissions for a file or directory are assigned to three categories of users: the owner, the group, and others. The owner is the user who created the file or directory. The group is the group that the owner belongs to. Others are all users who do not belong to the owner's group.

The permissions for each category of users are represented by three characters: r, w, and x. r stands for read, w stands for write, and x stands for execute.

For example, the permissions rw-r--r-- mean that the owner has read and write permissions, the group has read permission, and others have read permission.

The permissions for a file or directory can be changed using the chmod command. The syntax of the chmod command is as follows:

chmod [OPTIONS] MODE FILE...

The MODE parameter specifies the new permissions for the file or directory. The FILE... parameters specify the files or directories whose permissions you want to change.

Here are some of the options that you can use with the chmod command:

  • a: Applies the permissions to all users.

  • o: Applies the permissions to others.

  • g: Applies the permissions to the group.

  • u: Applies the permissions to the owner.

  • +: Adds the specified permissions.

  • -: Removes the specified permissions.

For example, to give the group read and write permissions to the file test.txt, you would use the following command:

chmod g+rw test.txt

To remove the execute permission from the file test.txt for everyone, you would use the following command:

chmod -x test.txt

File permissions are an important security feature that can help to protect your files from unauthorized access. By understanding how file permissions work, you can better secure your files and directories.

3.) Read about ACL and try out the commands getfacl and setfacl

Access Control Lists (ACLs)

ACLs are a way to control access to files and directories in Linux. They are more flexible than the standard file permissions, which only allow you to control access by user, group, and others. ACLs allow you to control access by individual users or groups, and you can also specify different permissions for different actions, such as read, write, and execute.

getfacl and setfacl commands

The getfacl and setfacl commands are used to manage ACLs. The getfacl command displays the ACL for a file or directory. The setfacl command sets or modifies the ACL for a file or directory.

The syntax of the getfacl command is as follows:

getfacl [OPTIONS] FILE...

The FILE... parameters specify the files or directories whose ACLs you want to display.

Here are some of the options that you can use with the getfacl command:

  • -R: Recursively display the ACLs for all files and subdirectories.

  • -n: Do not display the default ACL.

  • -x: Do not display extended ACLs.

For example, to display the ACL for the file test.txt, you would use the following command:

getfacl test.txt

The syntax of the setfacl command is as follows:

setfacl [OPTIONS] ACL_SPEC FILE...

The ACL_SPEC parameter specifies the new ACL for the file or directory. The FILE... parameters specify the files or directories whose ACLs you want to set.

Here are some of the options that you can use with the setfacl command:

  • -R: Recursively set the ACLs for all files and subdirectories.

  • -m: Add the specified ACL entries to the existing ACL.

  • -d: Delete the specified ACL entries from the existing ACL.

For example, to add the user adutt with read and write permissions to the file test.txt, you would use the following command:

setfacl -m u:adutt:rw test.txt

To delete the user adutt from the ACL for the file test.txt, you would use the following command:

setfacl -d u:adutt test.txt

Let me know if you have any other queries.

Thank You

If you liked this blog then click on ❤

and do follow for more interesting and helpful blogs.

Did you find this article valuable?

Support GCP by becoming a sponsor. Any amount is appreciated!

DevopsLinuxlearningCloud#90daysofdevops