Hello readers! Today we will be learning about file permissions and access control lists.
Any given file in Linux will have read and or write and or execute permissions. The concept file permissions refer to changing the read(r), write(w) and executable(x) permissions of a file or directory for any user, group or others.
Permissions in detail
The commands ls -l and ls -ld can be used to get permissions for a file or directory respectively. This gives information on
File permissions: -rw-rwxr--
Link: 1
Owner of the file: ubuntu
Group to which the owner belongs: ubuntu
Size of file: 3484 bytes
Date and time of file creation: June 9, 04:17
Name of the file: log-file.txt
The file log-file.txt has the following permissions:
The directory prod has the following permissions:
Types of file permissions:
File permissions can be set in any of the following ways :
Basic file permissions: Commands used- chmod, chown ang chgrp
Access Control list: Commands used- setfacl, getfacl
Basic File permissions
This includes changing the file permissions through symbols or numeric files.
Change permissions through symboll
| command | usage |
| chmod | change read, write or execute permissions |
| chown | change the ownership |
| chgrp | change the group ownership |
| symbol | meaning |
| u | user |
| g | group |
| o | owner |
Example :
In the below example, the file log-file.txt did not have execute permissions to the user which was later given through chmod command
Similarly chown and chgrp can be used in the below ways :
- Change permissions through numeric values.
For example, to give read, write and execute access to user, group and others for file traces-only.txt the below command can be used
Similarly, to give read access to the user(owner of the file), write access to any group and execute option to all others, the below command can be used
Access-Control List(ACL)
ACL is another way of providing permissions to file systems but is more flexible.
For if you think of a scenario wherein you need to provide access to a particular user who is not part of any group, it can be done only through ACL.
To check the permissions of a file, getfacl can be used
Syntax: getfacl <name of file/directory>
To set permissions, setfacl can be used.
Syntax: setfacl <name of file/directory>
For example, to give read and write permissions to a particular user called tappu, the below command can be used
Before:
After:
Simlarly,
- to remove ACL permissions of user
setfacl -x u:jthalal:r traces-only.txt
to remove ACL permissions of group
setfacl -x g:devops:r traces-only.txt