Day 6 Task: File Permissions and Access Control Lists

Day 6 Task: File Permissions and Access Control Lists

File permissions and Access control

File permission

File permission is really very important in Linux OS for security and access control. They regulate who can read, write, or execute a file or directory. Understanding and managing these permissions is fundamental for system administrators and users to maintain security and control over their data.

Dir/file has basically 3 types

  1. Owner: The user who owns the file or directory.

  2. Group: A designated group that has specific access rights to the file or directory.

  3. Others: All remaining users on the system who are not the owner or part of the designated group.

For managing the file permission, Linux has some commands

  • chown: This command is used to change the ownership of a file or directory. It allows users to transfer ownership between users.

  • chgrp: It changes the group ownership of a file or directory, enabling the assignment of a particular group to the file.

  • chmod: This command is used to modify the permissions of a file or directory for all three categories of users: owner, group, and others. It allows users to assign read, write, and execute permissions to different user categories.

How to change permission

For adding file permission

chmod u+r <filename>

For removing file permission

chmod u-r <filename>

u->user
g->group
0->other

r->read
w->write
x->execute

For collectively changing permission

chmod ugo+r <filename>
chmod ugo-r <filename>
# or , here a-> all user,group,other
chmod a+rwx <filename>

Examples for better understanding, i am going to put screenshots

  1. i created folder and inside folder created file known as filename.txt and write something on it . Then i check the permission
ls -ltr

  1. As you see, here group doesn't have write and execute permission so i am going to give write permission to filename.txt

  1. Now I am going to give all read, write and execute permission to user, group and others.

  1. now I just remove all permission from other.

In Linux, we can also give permission through the Numeric mode

chmod 756 <filename>
# here basically 7-> user, 5->group, 6->other user

This figure represents things more clearly

Access control List(ACL)

It allows you to give a more specific set of permissions to a file or directory without changing the base ownership and permissions.
Commands: setfacl & getfacl .

Commands for ACL

For adding permission for users-

setfacl -m u:user:rwx <target_file>

For adding permission for group -

setfacl -m g:group:rwx <target_file>

To remove a specific entry -

setfacl -x u:user:rwx <target_file>

To remove all entries

setfacl -b <target_file>

The reason why ACL use:-

Sometime when we need to change permission for specific user , due to this linux use ACL.

Example:-

  1. I change filename permission for user and then I add user 'monu' and then i switch to monu.

  2. With getfacl , i clearly see all permission.

  3. With setfacl, i change the permission as you see in above screen shot.

Conclusion

Understanding and effectively managing file permissions and ACLs are crucial for maintaining the security and integrity of a Linux system, enabling users and administrators to control access to files and directories according to their specific needs. By utilizing these commands and concepts, users can effectively manage access and security, ensuring that files and data remain protected.