#Day6:- 90 Days DevOps Challenge @ File Permissions and Access Control Lists In Linux
Securing Your Files: File Permissions and Access Control Explained
π Welcome to the world of Linux File Permissions and Access Control Lists! π
In the Linux world, file permissions play a crucial role in maintaining security and controlling user access to files and folders. Think of file permissions as digital guardians, deciding who gets to access your files and what actions they're allowed to perform. π
Picture it like a treasure chest with special locks β only those with the right keys can open it and manipulate its contents. In this blog, we'll unravel the mystery behind Linux file permissions and explore the superpowers of Access Control Lists (ACLs). Get ready to equip yourself with the knowledge to safeguard your files like a true Linux hero! π‘οΈππ»
π Linux File Permissions Made Fun! π
In Linux, files and folders have special permissions to control who can do what with them. There are three categories of users:
π Owner: The owner of the file or folder.
π₯ Group: The group that owns the file or folder.
π€ Others: All users outside the owner and group.
Each category can have three types of permissions:
π Read (r): Allows users to view the content of a file or list the contents of a folder.
βοΈ Write (w): Permits users to modify the content of a file or add/remove files within a folder.
πββοΈ Execute (x): Grants users the ability to execute a file as a program or enter/traverse a folder.
Now, let's see some examples of how to change file permissions:
π Changing Ownership with 'chown' π
To change the owner of a file named "example.txt" to the user "ubuntu," use:
chown ubuntu example.txt
ππLet's understand with an easy Example:-
:- So as of now I have created the file (example.txt) and currently the ownership is set as a root and will change it with the help of the chown commandπ¨βπ».
:- Now I have changed the ownership from "root" to "ubuntu". π§π₯
π₯ Changing Group with 'chgrp' π₯
To change the group ownership of "example.txt" to group "developers," use:
chgrp ubuntu example.txt
ππLet's understand with an easy Example:-
:- We can able to change the group to any file or folder With the help of chgrp command, In the below image current group is rootπ¨βπ».
:- Now I have changed the group π― from "root" to "ubuntu".
π Modifying Permissions with 'chmod' π
You can use either symbolic notation or octal notation to modify permissions.
- 𧩠Symbolic Notation π§©
'+' adds permissions
'-' removes permissions
'=' sets permissions explicitly
For example, to give the group write and execute permissions to "example.txt," use:
chmod g+wx example.txt
πΈ In the image below, I've modified the file permissions to grant the group write and execute permissions. βοΈπ»π
- π² Octal Notation π²
Use a three-digit number (0-7) to represent permissions:
0: No permissions (---)
1: Execute-only (--x)
2: Write-only (-w-)
3: Write and execute (-wx)
4: Read-only (r--)
5: Read and execute (r-x)
6: Read and write (rw-)
7: Read, write, and execute (rwx)
Example: To set read, write, and execute permissions for the owner and read-only permissions for the group and others, use:
chmod 755 example.txt
πAccess Control Lists (ACLs) in Linux π
In Linux, file permissions are essential for controlling who can access, modify, or execute files and folders. However, there are situations where the standard permissions might not provide enough granularity. This is where Access Control Lists (ACLs) come to the rescue! ACLs allow us to fine-tune permissions, providing more flexibility and control over access rights.
π Using 'getfacl' to View ACLs π
To see the ACLs associated with a file or folder, we can use the 'getfacl' command. It displays a detailed list of users and groups with their respective access permissions.
getfacl <file/directory>
ππNOTE: Please check the image below. If you don't see ACL listed, don't worry! We can easily install it by running the command: sudo apt install ACL. Once installed, you'll be all set to use the respective commandsπ¨βπ».
πββοΈπ¨Re-Run the getfacl command:
For instance, if we run 'getfacl example.txt,' we might see something like this:
The output shows the default owner and group permissions, as well as any additional ACL entries.
π§ Using 'setfacl' to Modify ACLs π§
The 'setfacl' command empowers us to modify ACLs for specific users and groups. For example, let's say we want to grant read, write and execute permissions to "ubuntu" for the file "example.txt":
setfacl -m u:ubuntu:rwx example.txt
π· In the image below π, you'll notice that the permissions of the Ubuntu user have been π changed!
After executing the above command, the ACL for "example.txt" would be updated to include "ubuntu" with read, write and execute permissions.
π πConclusion π
Understanding Linux file permissions is like giving different keys to people for accessing a room. The owner, group, and others have their keys, each with different powers (read, write, execute). We can use the 'chown,' 'chgrp,' and 'chmod' commands to manage basic permissions.
π§ββοΈβ¨However, in scenarios where we need more nuanced control, Linux offers the magical world of πACLs through 'getfacl' and 'setfacl.' πACLs enable us to provide specific access rights to individual users and groups, enhancing security and flexibility.
Feel free to reach out if you have any questions or need further assistanceπ by following me on Hashnode, LinkedIn (linkedin.com/in/mahesh-verma-441178250), and GitHub (https://github.com/maheshverma123)