Episode
File Permissions and Access Control Lists

File Permissions and Access Control Lists

Mayur S. Mutkekar's photo
Mayur S. Mutkekar
·

5 min read

Day 6/90 - #90daysofdevops

In today's blog let's deep dive into File Permissions and access control Lists ACL and learn about it. So buckle up and let's start.

Let's create a simple file and do ls -ltr to see the details of the files.

Each of the three permissions are assigned to three defined categories of users. The categories are:

  •      owner   —   The owner of the file or  application.

  • "chown" is used to change the ownership permission of a file or directory.

         group   —   The group that owns the file or application.

  • "chgrp" is used to change the group permission of a file or directory.

         others  —   All users with access to the system. (outised the users are in a group)

File Permission in Linux

Check Permissions in Command-Line with Ls Command

Go to the command line, you can easily find a file’s permission settings with the ls command, used to list information about files/directories. You can also add the –l option to the command to see the information in the long list format.
To check the permission configuration of a file, use the command

ls –l [file_name]

For instance, the command for the previously mentioned file would be:

ls –l test.txt

Episodes@Episodes:~$ ls -l test.txt
-rw-r--r-- 1 Episodes Episodes 0 jyh 26 16:00 test.tx

  • file permission

  • the owner (creator) of the file

  • the group to which that owner belongs to

  • the date of creation.

It shows the permission settings, grouped in a string of characters (-, r, w, x) classified into four sections:

  1. File type. There are three possibilities for the type. It can either be a regular file (), a directory (d), or a link (i).

  2. File permission of the user (owner)

  3. File permission of the owner’s group

  4. File permission of other users

file permission syntax explained

The characters r, w, and x stand for read, write, and execute.
The categories can have all three privileges, just specific ones, or none at all (represented by , for denied).

Users that have reading permission can see the content of a file (or files in a directory). However, they cannot modify it or add or remove it. On the other hand, those who have writing privileges can edit (add and remove) files. Finally, being able to execute means the user can run the file. This option is mainly used for running scripts.

In the previous example, the output showed that test.txt is a regular file with read and write permission assigned to the owner, but gives read-only access to the group and others.

Using Chmod Command to Change File Permissions

As all Linux users, you will at some point need to modify the permission settings of a file/directory. The command that executes such tasks is the chmod command.

The basic syntax is:

chmod [permission] [file_name]

There are two ways to define permission:

  1. using symbols (alphanumerical characters)

  2. using the octal notation method

Define File Permission with Symbolic Mode

To specify permission settings using alphanumerical characters, you’ll need to define accessibility for the user/owner (u), group (g), and others (o).

Type the initial letter for each class, followed by the equal sign (=) and the first letter of the read (r), write (w), and/or execute (x) privileges.

To set a file, so it is public for reading, writing, and executing, the command is:

chmod u=rwx,g=rwx,o=rwx [file_name]

To set permission as in the previously mentioned test.txt to be:
• read and write for the user
• read for the members of the group
• read for other users

Use the following command:

chmod u=rw,g=r,o=rest.txt

Note: There is no space between the categories; we only use commas to separate them.

Another way to specify permission is by using the octal/numeric format. This option is faster, as it requires less typing, although it is not as straightforward as the previous method.

Instead of letters, the octal format represents privileges with numbers:

  • read has a value of 4

  • w(rite) has the value of 2

  • execute has the value of 1

  • no permission has the value of 0

The privileges are summed up and depicted by one number. Therefore, the possibilities are:

  • 7 – for read, write, and execute permission

  • 6 – for read and write privileges

  • 5 – for read and execute privileges

  • 4 – for read privileges

As you have to define permission for each category (user, group, owner), the command will include three (3) numbers (each representing the summation of privileges).

For instance, let’s look at the test.txt file that we symbolically configured with the chmod u=rw,g=r,o=r test.txtcommand.

The same permission settings can be defined using the octal format with the command:

chmod 644 test.txt

Access Control Lists Command (ACL )

The access Control List command provides an additional more flexible permission mechanism for a file system. ACL is a Service that is used for providing special permission to specific users and groups to a particular directory and files.

The two main ACL command are ⚙getfacl and setfacl

The Getfacl command is used to retrieve the ACLs of a file or directory. It shows the detailed ACL entries and their associated permissions for specific users and groups.

getfacl cron.txt
#first we need to install acl using: sudo apt install acl

The setfacl command is used to set or modify ACLs on a file or directory. It allows you to define specific access permissions for individual users or groups.

setfacl -m g::rwx cron.txt
#Here we are adding read,write and execute permission to group and the file name is cron

And just like we have completed Day 6/90 with a bit of information on File Permission and ACL. Keep practicing and Happy learning!