Day 6 Task: File Permissions and Access Control Lists
File permissions and Access control
File permission
File permission is really very important in Linux OS for security and access control. They regulate who can read, write, or execute a file or directory. Understanding and managing these permissions is fundamental for system administrators and users to maintain security and control over their data.
Dir/file has basically 3 types
Owner: The user who owns the file or directory.
Group: A designated group that has specific access rights to the file or directory.
Others: All remaining users on the system who are not the owner or part of the designated group.
For managing the file permission, Linux has some commands
chown: This command is used to change the ownership of a file or directory. It allows users to transfer ownership between users.
chgrp: It changes the group ownership of a file or directory, enabling the assignment of a particular group to the file.
chmod: This command is used to modify the permissions of a file or directory for all three categories of users: owner, group, and others. It allows users to assign read, write, and execute permissions to different user categories.
How to change permission
For adding file permission
chmod u+r <filename>
For removing file permission
chmod u-r <filename>
u->user
g->group
0->other
r->read
w->write
x->execute
For collectively changing permission
chmod ugo+r <filename>
chmod ugo-r <filename>
# or , here a-> all user,group,other
chmod a+rwx <filename>
Examples for better understanding, i am going to put screenshots
- i created folder and inside folder created file known as filename.txt and write something on it . Then i check the permission
ls -ltr
- As you see, here group doesn't have write and execute permission so i am going to give write permission to filename.txt
- Now I am going to give all read, write and execute permission to user, group and others.
- now I just remove all permission from other.
In Linux, we can also give permission through the Numeric mode
chmod 756 <filename>
# here basically 7-> user, 5->group, 6->other user
This figure represents things more clearly
Access control List(ACL)
It allows you to give a more specific set of permissions to a file or directory without changing the base ownership and permissions.
Commands: setfacl & getfacl .
Commands for ACL
For adding permission for users-
setfacl -m u:user:rwx <target_file>
For adding permission for group -
setfacl -m g:group:rwx <target_file>
To remove a specific entry -
setfacl -x u:user:rwx <target_file>
To remove all entries
setfacl -b <target_file>
The reason why ACL use:-
Sometime when we need to change permission for specific user , due to this linux use ACL.
Example:-
I change filename permission for user and then I add user 'monu' and then i switch to monu.
With getfacl , i clearly see all permission.
With setfacl, i change the permission as you see in above screen shot.
Conclusion
Understanding and effectively managing file permissions and ACLs are crucial for maintaining the security and integrity of a Linux system, enabling users and administrators to control access to files and directories according to their specific needs. By utilizing these commands and concepts, users can effectively manage access and security, ensuring that files and data remain protected.