Day 6: File Permissions and Access Control Lists
Table of contents
File Permissions
File permissions in Linux control who can access a file and what actions they can perform on it.
There are three types of permissions: read, write, and execute.
Each type of permission has three levels: for the owner of the file, for the members of the file's group, and for all other users.
To change the permissions of a file, we can use the chmod
command.
The basic syntax of the command is chmod [permissions] file_name
, where [permissions]
is a series of letters and digits representing the desired permissions, and file_name
is the name of the file we want to change.
One way to specify permissions is to use numerical values. In this case, each digit in the numerical value represents one of the three types of permissions (read, write, or execute), and each level of permission is represented by a letter (either r
, w
, or x
).
Here's how the permissions work:
r
: read permission (the ability to open and view the contents of the file)w
: write permission (the ability to create, edit, or delete the file)x
: execute permission (the ability to run the file as a program)
The numerical values are added together to form the total permission value for each type of user. For example, the total permission value for the owner of a file might be 755, which represents read (4), write (2), and execute (1) permissions.
To calculate the total permission value, we simply add up the numerical values for each action that the user is granted. For example:
Owner:
- Read (4) + Write (2) + Execute (1) = 7
Group:
- Read (4) + Write (2) + Execute (1) = 7
Others:
- Read (4) + Write (2) + Execute (1) = 7
So, the total permission value for the owner, group, and others would all be 7.
Overall, using numerical values with the chmod
command provides a flexible and precise way to manage file permissions in Linux. By combining different permissions and user groups, we can fine-tune the access controls on your files to match our specific needs.
Access Control Lists
Access control lists (ACLs) are a way to control who has access to files and directories in Linux. They are more flexible than the standard file permissions, which only allow us to specify who can read, write, and execute files. ACLs allow us to specify more fine-grained permissions, such as who can read, write, execute, or delete a file.
The getfacl
command is used to view the ACL for a file or directory. The output of the getfacl
command will show us the owner of the file, the group that owns the file, and the ACL entries for the file. Each ACL entry specifies a user or group, a permission, and a flag. The permission can be read, write, execute, delete, or list. The flag can be allow or deny.
The setfacl
command is used to set the ACL for a file or directory. The syntax for the setfacl
command is:
setfacl [options] [file or directory]
The options for the setfacl
command allow us to specify the following:
The permissions that we want to set
The users or groups that we want to give the permissions to
The flags that we want to use (allow or deny)
For example, the following command would set the permissions for the file myfile
so that the user pankaj
can read and write to the file, and the group admins
can only read the file:
setfacl -m u:pankaj:rwx,g:admins:r myfile
We can also use the setfacl
command to delete ACL entries. The -d
option is used to delete ACL entries. For example, the following command would delete the ACL entry for the user pankaj
from the file myfile
:
setfacl -d u:pankaj myfile
If you have read until here a big Thankyou.Please do share your review.