Kulwinder Singh's blog

day - 06 File Permissions and ACL (Access Control List)

The concept of file permission, acl, and the differentiating factor between file permission and acl are explained in this article.

Kulwinder Singh's photo
Kulwinder Singh
·

5 min read

day - 06 File Permissions and ACL (Access Control List)

Day 06 #90DaysOfDevops

tasks 1 :-

1.Create a simple file and do ls -ltr to see the details of the files

The ls command in Linux is used to list files and directories in a directory. When you use the ls command with the options -ltr, it provides a long listing of files and directories, sorted by modification time in reverse order (oldest to newest). Here's the breakdown of each option:

  • -l: Provides a long listing format that displays detailed information about files and directories. The long format typically includes permissions, number of hard links, owner, group, file size, modification date, and the file/directory name.

  • -t: Sorts the output based on the time of last modification. The most recently modified files/directories will appear at the top of the listing.

  • -r: Reverses the sorting order. By default, the ls command lists files and directories in ascending order. When using the -r option, it changes the order to descending, so the oldest files/directories appear at the top.

So, when you run ls -ltr in a directory, you'll get a long listing of files and directories with the oldest ones listed at the top and the newest ones at the bottom. This is often useful to see which files were modified most recently or to review the order of file changes in a directory.

task-2

2.Write an article about File Permissions based on your understanding from the notes.

File permissions in Linux refer to a set of rules that determine who can do what with a file or directory. These permissions help control access to files and ensure that only authorized users can read, write, or execute them.

In simple terms, file permissions answer three main questions about a file:

  1. Who can access the file? It can be the file owner, members of a group, or all other users on the system.

  2. What can they do with the file? Users can have different levels of permissions: read (view the contents), write (modify the file), or execute (run the file as a program or script).

  3. In what context can they do it? Permissions can be set separately for the file owner, the group associated with the file, and all other users.

File permissions are usually represented by a combination of letters and symbols, such as "r" for read, "w" for write, and "x" for execute. These permissions are assigned to the owner, group, and others using a notation like "rw-r--r--" or "drwxr-xr-x".

In Linux, file permissions determine who can read, write, and execute files or directories. We can check this using "ls -l" command, it will display a list of files and directories with their permissions, owner, groups, size, and modification dates.

  1. Owner (u): It determines the permission for the user.

  2. Group (g): It determines the permission for groups

  3. Others (o): It determines the permission for other users

To summarize, file permissions in Linux regulate who can do what with a file, ensuring data security and access control on the system.

lab- let's do it on the Ubuntu terminal.

(ls -la) command means a list of all and =>

it will display the directories and files and also their permissions.

here we can see that user, group and other have only read and write permission of file dev-files.txt. Now we have to change the permission to rwx.

Change the permission of user by chmod command:-

--->"chmod" is used to change the other users permissions of a file or directory.

sudo chmod 777 dev-files.txt

777 is used to give read, write, and execute permission to dev-files.txt. You can see that before giving the permission to user, group, and others, they had only read and write permission, but after giving the permission by chmod 777 to all three users, group, and others, they now have read, write, and execute permission.you can try other command to change permission

For Example:

chown <owner> <file_name>: By using this command we can change the owner of files and directories

chgrp <group> <file_name>: This command is used to change group of files and directories

The following table demonstrates how the numbers and permissions are related:

Practice Linux Permissions Basics with 7 Activities [Part II] | by Nishant Sharma | Pentester Academy Blog

Task-3 . Read about ACL and try out the commands getfacl and setfacl

In Linux, ACL stands for "Access Control List." ACL is a feature that enhances file permissions by allowing more fine-grained control over access to files and directories. It provides the ability to specify access permissions for individual users and groups beyond the traditional user-group-other permissions model.

With traditional file permissions, a file or directory can have three sets of permissions: one for the owner, one for the group associated with the file, and one for all other users. This is represented by the three sets of permission bits: read (r), write (w), and execute (x).

ACLs, on the other hand, allow you to assign specific permissions to multiple users and groups. This means you can grant read, write, and execute permissions to specific users and groups without changing the default permissions for owner, group, and others.

For example, with ACLs, you can grant read and write access to a particular file to UserA and UserB, while maintaining the standard permissions for the owner, group, and others.

Some common commands to work with ACLs in Linux are:

  • getfacl: Displays the ACL information for a file or directory.

  • setfacl: Sets or modifies ACL entries for files and directories.

  • chacl: Changes the ACL entries for files and directories.

  • ACLs provide increased flexibility in managing access to files and directories, especially in multi-user environments or when you need to grant specific permissions to individual users or groups beyond the standard permission model.

  • Acl is used to give permission quickly consists of two command :

    1. Setfacl : you can set (acl) permission to any file.

    2. getfacl : you can see the details of permission of any file.

    In acl you can change the permission without changing the ownership.

    Suppose you want to give acl permission to a particular user i.e you want to give rwx permission of dev-files.txt of the shubham-dev user to the ubuntu user,then use following command:

    Sudo setfacl -m u:ubuntu:rwx /home/shubham-dev/dev-file.txt

    After this, you have to use getfacl command and in o/p i it s showing that

    user :ubuntu have: rwx permissions

I appreciate you reading the blog.

All suggestions are appreciated. Thanks a lot!

#90daysofdevopsfile-permissionlinux for beginnersDevopsLinux