Day 6: File Permissions and Access Control Lists (Linux)
As a cloudops engineer with nine years of experience, I have developed a deep understanding of cloud infrastructure and operations. Throughout my career, I have honed my skills in designing, deploying, and maintaining cloud-based systems and services, working with a range of technologies such as AWS and Google Cloud Platform.
I have a passion for automating infrastructure and streamlining operations, leveraging tools such as salt-stack, Terraform, and Kubernetes. I enjoy collaborating with cross-functional teams to deliver reliable and scalable solutions that meet business requirements and exceed customer expectations.
In addition to my technical expertise, I am committed to staying up-to-date with the latest industry trends and best practices, attending conferences and workshops, and participating in online communities. I am a strong communicator and enjoy sharing my knowledge and experience with others, whether through mentoring or presenting at industry events.
Overall, I am a dedicated and results-driven cloudops engineer with a proven track record of delivering high-quality solutions and driving business value through cloud technologies.
Introduction:
In the world of Linux, file security is very important. To protect sensitive information and ensure that only authorized users have access to specific files and directories, Linux employs a robust system of file permissions and access control lists (ACLs).
In this blog post, we'll dive into the fundamentals of file permissions and ACLs, exploring how they work and how you can utilize them effectively.
Types of permissions:
1) File Permissions:
File permissions are a vital aspect of Linux security. They dictate who can perform specific actions on a file, such as reading, writing, or executing. Linux file permissions are organized into three categories: user, group, and others.
2)User Permissions:
The user permissions define the access rights of the file owner. The three main permissions are read (r), write (w), and execute (x). By combining these permissions, the file owner can control what they can do with the file.
3)Group Permissions:
Group permissions determine the access rights of the group associated with the file. A file can be assigned to a specific group, and the group permissions function similarly to user permissions, allowing control over the actions of group members.
4)Other Permissions:
Other permissions apply to everyone else who is not the file owner or part of the file's group. These permissions enable or restrict access for all other users on the system.
Note:
drwxrwxrwt. 13 root root 4096 May 20 07:56 tmp
Here 'd' represents Directory
-rwxrwxrwt. 13 root root 4096 May 20 07:56 file.txt
Here '-' represents file
Understanding the numerical representation of permissions, such as 644 or 776, can provide a concise overview of access rights for each category.
After this, let us discuss how to change the permissions.
Changing Permissions:
To modify file permissions, the 'chmod' command is used. With this command, you can assign or revoke permissions for the file owner, group, or others.
The “mode” helps in setting new permissions that have to be applied to files or directories. This mode can be specified in several ways, we will discuss two modes: Symbolic and Octal mode.
1)Symbolic mode:
If we talk about symbolic mode, we can say that it is the most common method used for specifying for permissions. In this, we have to make a combination of letters and operators to set or tell what to do with permissions.
The following operators can be used with the symbolic mode:
| Operators | Definition |
+ | Add permissions |
- | Remove permissions |
= | Set the permissions to the specified values |
The following letters can be used in symbolic mode:
| Letters | Definition |
r | Read permission |
w | Write permission |
x | Execute permission |
The following Reference that is used:
| Reference | Class |
| u | Owner |
| g | Group |
| o | Others |
| a | All (owner,groups,others) |
Examples of Using the Symbolic mode:
- Read, write and execute permissions to the file owner:
chmod u+rwx [file_name]
- Remove write permission for the group and others:
chmod go-w [file_name]
- Read and write for Owner, and Read-only for the group and other:
chmod u+rw,go+r [file_name]
2)Octal mode:
It is also a method for specifying permissions. In this method we specify permission using three-digit number. Where..
First digit specify the permission for Owner.
Second digit specify the permission for Group.
Third digit specify the permission for Others. The digits
NOTE: The digits are calculated by adding the values of the individual permissions.
| Value | Permission |
| 4 | Read Permission |
| 2 | Write Permission |
| 1 | Execute Permission |
Examples of Using the Octal mode:
Suppose if we to give read and write permission to the file Owner. Read, write and executable permission to the Group. Read-only permission to the Other. They our command would be.
chmod 674 [file_name]
Here.
6 represent permission of the file Owner which are (rw).
7 represent permission of Group which is (rwx).
4 represent permission of Other which is (r).
Access Control Lists (ACLs):
While file permissions suffice for basic access control, there are scenarios that demand more granular control over file access. This is where Access Control Lists (ACLs) come into play. ACLs allow you to define permissions for multiple users and groups on a file or directory.
ACLs extend the traditional three-category permission model by introducing additional rules and levels of control. With ACLs, you can assign permissions to specific users, groups, or even define default permissions for newly created files in a directory.
To manage ACLs, the 'setfacl' and 'getfacl' commands are commonly used. 'setfacl' enables you to modify ACLs, granting or revoking specific permissions for users or groups. 'getfacl' displays the ACLs currently set on a file or directory.
If we want to give specific permission to a particular user who is not a member of the group we still want to give the read and write permissions here ACL comes into the picture.
But First, we need to install the ACL, it is not available in the system by default.
[root@test-server /]# yum install ac
[root@test-server /]# getfacl tmp
Summary:
File permissions and access control lists are essential for Linux file security, protecting sensitive files and directories from unauthorized access.your Linux system and maintain the confidentiality, integrity, and availability of your data.
