Day 06: Linux File Permissions & Access Control Lists (ACLs)

CloudDeepDive
4 min readJun 6, 2023
Access Control Lists(ACL)

When it comes to managing files and directories in Linux, file permissions and access control lists (ACLs) are essential tools for controlling access to these resources. In this blog, we’ll take a closer look at how file permissions and ACLs work, as well as the various commands and tools that are available for managing them.

Understanding File Permissions:

File permissions in Linux determine which users and groups can access a file, and what type of access they have.

There are three types of access: read, write, and execute.

  • Read access allows a user to view the contents of a file
  • write access allows a user to modify the contents of a file
  • execute access allows a user to run a file as a program.
File Permissions

File permissions are represented by a three-digit number, with each digit representing a different set of permissions.

  • The first digit represents the owner’s permissions
  • The second digit represents the group’s permissions
  • The third digit represents everyone else’s permissions.

Each digit is a combination of three binary digits (0 or 1), representing read, write, and execute permissions.

For example, the number 755 represents read, write, and execute permissions for the owner, and read and execute permissions for the group and everyone else.

For example, a file with permissions set to 644 would allow the owner to read and write the file, while members of the group and other users would only be able to read it.

To view the permissions of a file or directory, use the ls command with the -l option:

$ ls -l file.txt
-rw-r--r-- 1 user group 0 Apr 12 2023 file.txt

The output of this command shows the permissions of the file, as well as the owner and group.

The chmod Command:

The chmod command is used to change file permissions in Linux. The syntax for chmod is as follows:

chmod [permissions] [file_or_directory]

For example, to give the owner read, write, and execute permissions, the group read and execute permissions, and everyone else read and execute permissions, you would use the following command:

chmod 755 example.txt
$ ls -l file.txt
-rwxr-xr-x 1 user group 0 Apr 12 2023 file.txt

The number 7 represents read, write, and execute(rwx) permissions for the owner (4 + 2 + 1 = 7), 5 represents read and execute(r-x) permissions for the group (4 + 1 = 5), and 5 represents read and execute(r-x) permissions for everyone else (4 + 1 = 5).

The chown Command:

The chown command is used to change the owner of a file or directory. The syntax for chown is as follows:

chown [new_owner] [file_or_directory]

For example, if you wanted to change the owner of the file “example.txt” to “johndoe”, you would use the following command:

chown johndoe example.txt

The chgrp Command:

The chgrp command is used to change the group ownership of a file or directory. The syntax for chgrp is as follows:

chgrp [new_group] [file_or_directory]

For example, if you wanted to change the group ownership of the file “example.txt” to “finance”, you would use the following command:

chgrp finance example.txt

Understanding Access Control Lists

While file permissions are a powerful tool for controlling access to files and directories, they have some limitations. For example, file permissions only allow you to specify one owner and one group for each file or directory, which can make it difficult to grant access to specific users or groups. This is where access control lists come in.

Access control lists (ACLs) are an extension of file permissions that allow you to specify more granular access control for individual users and groups. With ACLs, you can specify not only read, write, and execute permissions, but also more specific permissions such as delete, append, and modify.

The setfacl Command:

The setfacl command is used to set ACLs in Linux. The syntax for setfacl is as follows:

setfacl [options] [file_or_directory]

For example, to give the user “johndoe” read and write permissions on the file “example.txt”, you would use the following command:

setfacl -m u:johndoe:rw example.txt

The “-m” option tells setfacl to modify the ACL, and the “u:johndoe:rw” argument specifies that the user “johndoe” should be granted read and write permissions.

To view the ACL for a file or directory, you can use the getfacl command. The syntax for getfacl is as follows:

getfacl [file_or_directory]

For example, to view the ACL for the file “example.txt”, you would use the following command:

getfacl example.txt

This would display the ACL for the file, including any users or groups that have been granted specific permissions.

Managing ACLs can be complex, but they provide a powerful tool for controlling access to files and directories in Linux. By using a combination of file permissions and ACLs, you can ensure that only authorized users and groups have access to sensitive data.

Conclusion:

In conclusion, file permissions and access control lists are powerful tools for controlling access to files and directories in Linux. By understanding how file permissions and ACLs work, and how to use commands like chmod, chown, chgrp, and setfacl, you can ensure that only authorized users and groups have access to sensitive data. With careful management of file permissions and ACLs, you can maintain the security and integrity of your data in Linux.

This is the #Day06 of the #90DaysofDevOps challenge! Hope you found this blog informative and useful. If so, please give it a clap👏 and share it with others who might benefit from it.

Don’t forget to subscribe to our “CloudDeepDive” space for more exciting content on DevOps and cloud technologies.

Thanks for reading!

Next Blog: Day 07: Day 07: “Understanding Package Manager and Systemctl in Linux”

--

--

CloudDeepDive

Hey Folks! Let's Deep Dive the clouds 🌨️ with me. In this journey we will discover hidden treasures of cloud together. #Cloud #DevOps #CloudComputing