Basic Concepts
Every Linux system has three types of owners:
User: A user is the one who created the file. By default, whoever creates the file becomes the owner of the file. A user can create, delete, or modify the file.
Group: A group can contain multiple users. All the users belonging to a group have the same access permission for a file.
Other: Anyone who has access to the file other than the user and group comes in the category of other. Other has neither created the file nor is a group member.
Users and groups can be locally managed in /etc/passwd or /etc/group.
All three owners (user owner, group, others) in the Linux system have three types of permissions defined. Nine characters denote the three types of permissions.
Read (r): The read permission allows you to open and read the content of a file. But you can't do any editing or modification in the file.
Write (w): The write permission allows you to edit, remove or rename a file. For instance, if a file is present in a directory, and write permission is set on the file but not on the directory, then you can edit the content of the file but can't remove, or rename it.
Execute (x): In the Unix-type system, you can't run or execute a program unless execute permission is set.
Example to show File/Dir Permission
In the below snapshot, you can see the first column where it is written -rwxr-xr-x . This is known as file permission.
In the below snapshot, you can see the first column where it is written drwxr-xr-x . This is known as directory permission.
| position | characters | ownership |
| 1 | - and d | denotes file and dir respectively |
| 2-4 | rwx | permissions for user |
| 5-7 | r-x | permissions for group |
| 8-10 | r-x | permissions for others |
Octal permissions to a file/directory
These combinations can be for any of the three owners. Before moving with combinations, you must know that some octal values have been provided to read, write and execute.
They are: -
For read, it is 4.
For write, it is 2.
For execution, it is 1.
Now, moving forward with Combinations. We have 7 combinations in which we can give permissions to a file/dir.
| binary(rwx) | octal(r+w+x) | permissions |
| 000 | 0 | No permission (---) |
| 001 | 1 | only execute (--x) |
| 010 | 2 | only write (-w-) |
| 011 | 3 | write & execute (-wx) |
| 100 | 4 | only read (r--) |
| 101 | 5 | read & execute (r-x) |
| 110 | 6 | read & write (rw-) |
| 111 | 7 | All permissions (rwx) |
Commands related to change permissions
chmod <ownerName>+<permissionName> <fileName> -> to change the permission of file
chmod 777 filename -> to give all permission to all the owners.
777 -> The first digit represents the user's permissions, the second the group's, and the third for others.
chgrp <newgroup> <filename> -> to change the group ownership of a file or directory.
chown <newOwner> <fileName> -> to change the owner of the file
Access Control Lists(ACL)
Access Control Lists (ACLs) provide access control to directories and files. ACLs can set read, write, and execute permissions for the owner, group, and all other system users. An ACL consists of a set of rules that specify how a specific user or group can access ACL enabled files and directories.
setfacl and getfacl are used for setting up ACL and showing ACL respectively.
getfacl <filename> -> For getting detailed permission of a file
List of commands for setting up ACL :
1) setfacl -m "u:user:permissions" /path/to/file -> To add permission for user
2) setfacl -m "g:group:permissions" /path/to/file -> To add permissions for a group
3) setfacl -dm "entry" /path/to/dir -> To allow all files or directories to inherit ACL entries from the directory it is within
4) setfacl -x "entry" /path/to/file -> To remove a specific entry
5) setfacl -b path/to/file -> To remove all entries
Conclusion
In Conclusion, File permissions and Access Control Lists (ACLs) are crucial aspects of Linux security, governing access to files and directories.
Basic file permissions provide a straightforward and effective means of regulating access for owners, groups, and others. On the other hand, ACLs offer a more sophisticated layer of control, enabling nuanced permissions for specific users or groups.
*👆The information presented above is based on my interpretation. Suggestions are always welcome.*😊
~Smriti Sharma✌