Table of contents
- 1-Create a simple file and do ls -ltr to see the details of the files. As a task, change the user permissions of the file and note the changes after ls -ltr
- 2-Write an article about File Permissions based on your understanding from the notes.
- 3-Read about ACL and try out the commands getfacl and setfacl
1-Create a simple file and do ls -ltr
to see the details of the files. As a task, change the user permissions of the file and note the changes after ls -ltr
ubuntu@ip-172-31-11-41:~/Day6$ echo "This is new file" >> new_file.txt
ubuntu@ip-172-31-11-41:~/Day6$ ls
new_file.txt
ubuntu@ip-172-31-11-41:~/Day6$ ls -ltr
total 4
-rw-rw-r-- 1 ubuntu ubuntu 17 Apr 4 17:32 new_file.txt
ubuntu@ip-172-31-11-41:~/Day6$ chmod 774 new_file.txt
ubuntu@ip-172-31-11-41:~/Day6$ ls -ltr
total 4
-rwxrwxr-- 1 ubuntu ubuntu 17 Apr 4 17:32 new_file.txt
ubuntu@ip-172-31-11-41:~/Day6$
2-Write an article about File Permissions based on your understanding from the notes.
In Linux, every file and directory is owned by a user and a group. Each user can have different levels of access to these files and directories, which is determined by a set of permissions.
To view the permissions of a file or directory in Linux, we can use the ls -ltr command. This will display a detailed list of files and directories, including their ownership and permissions.
Every file and directory on your Unix/Linux system is assigned 3 types of owner, given below.
User / Owner-A user is the owner of the file. By default, the person who created a file becomes its owner. Hence, a user is also sometimes called an owner.
Group-A user- group can contain multiple users. All users belonging to a group will have the same Linux group permissions access to the file. Suppose you have a project where a number of people require access to a file. Instead of manually assigning permissions to each user, you could add all users to a group, and assign group permission to file such that only this group members and no one else can read or modify the files.
Other-Any other user who has access to a file. This person has neither created the file, nor he belongs to a usergroup who could own the file. Practically, it means everybody else. Hence, when you set the permission for others, it is also referred as set permissions for the world.
There are two modes of chmod command that we can use.
1- Symbolic mode
The permissions for a file or directory can be set for the owner, for the group that the file belongs to, and for all other users. There are three types of permissions in Linux read, write, and execute with three categories of Owner/User , Group and Others
chmod g+w filename #To give write permission to groups
chmod o-r filename #To remove the read permission from others users
chmod a-rwx filename #To remove read,write and execute permission from all the 3 categories
The letters u, g, and o represent the file owner, group, and others, respectively. The + and - symbols indicate whether to add or remove permissions. The letters r, w, and x indicate which permissions to add or remove.
2- Numeric Method
To specify permissions using numbers, we can use a three-digit code that represents the permissions for the file owner, group, and others. Each digit represents a combination of read(4), write(2), and execute(1) permissions.
chmod [permissions] [file or directory]
chmod 700 [file or directory] #represents all permissions for the file owner and no permissions for the group and others
chmod 760 [file or directory] #represents all permissions for the file owner and read,write for the group and no permissions for the others
3-Read about ACL and try out the commands getfacl
and setfacl
Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource.
Use of ACL
Think of a scenario in which a particular user is not a member of group created by you but still you want to give some read or write access, how can you do it without making user a member of group, here comes in picture Access Control Lists, ACL helps us to do this trick.
The setfacl command is used to add or modify an ACL, while the getfacl command is used to display the current ACL settings for a file or directory.
To set ACL permission to user : setfacl -m u:user:permissions /path_to_file
ubuntu@ip-172-31-2-150:~/Day6$ getfacl new_file.txt
# file: new_file.txt
# owner: user
# group: user
user::rw-
group::rw-
other::r--
ubuntu@ip-172-31-2-150:~/Day6$ setfacl -m u:user1:rw new_file.txt
ubuntu@ip-172-31-2-150:~/Day6$ getfacl new_file.txt
# file: new_file.txt
# owner: user
# group: user
user::rw-
user:user1:rw-
group::rw-
mask::rw-
other::r--
To remove ACL permission from user: setfacl -x u:user: /path_to_file
ubuntu@ip-172-31-2-150:~/Day6$ setfacl -x u:user1: new_file.txt
ubuntu@ip-172-31-2-150:~/Day6$ getfacl new_file.txt
# file: new_file.txt
# owner: user
# group: user
user::rw-
group::rw-
mask::rw-
other::r--
To set ACL permission to Group: setfacl -m g:group:permissions /path_to_file
To remove ACL permission from group: setfacl -x g:group: /path_to_file
To remove all ACL permissions: setfacl -b /path_to_file
Where m is for modifying the mode of permission and x is for removing permission and b is for base permission.
Thankyou for reading!! many more in a queue
~Nikunj Kishore Tiwari
Great initiative by the #trainwithshubham community. Thank you Shubham Londhe for Guiding Us.
#devops #90daysofdevops #allaboutdevops #linux