Day 6, 90 Days of Devops challenge

·

3 min read

Task: File Permissions and Access Control Lists

When you do ls -ltr to list the files. You can see the permissions of the files.

d or - :- Generally the permissions of any file or folder starts with d or -. d is for directory and - is for a file. user (first set of rwx) – The user permissions apply only to the owner of the file or directory, they will not impact the actions of other users.
group(second set of rwx) – The group permissions apply only to the group that has been assigned to the file or directory, they will not affect the actions of other users.
others (third set of rwx) – The other permissions apply to all other users on the system, this is the permission group that you want to watch the most.

"chmod" is the command to provide permission for file/directory.

chmod <permission_value> <file_name>

Read, write, execute and –

  • The ‘r’ means you can “read” the file’s contents.

  • The ‘w’ means you can “write”, or modify the file’s contents.

  • The ‘x’ means you can “execute” the file. This permission is given only if the file is a program.

  • If any of the “rwx” characters is replaced by a ‘-‘, then that permission has been revoked.

  • If the permission is given as 777 as per the below mode, then the user will have full access to the folder or file. This is not advisable if the user is not a root user.

Symbolic

Mode

Absolute Mode

r

-read

4

w

-write

2

x

-execute

1

(-)

Null

0

In the above file1.txt, ubuntu denotes the owner of the file. Generally, the default owner of the file is the user who creates it.

To change the ownership of a file/directory "chown" command is used.

chown ownername:groupname <folder/file>

In below example we have changed the owner of file from ubuntu to Suraj

After executing above command, we have successfully changed the owner of file.txt as below.

GROUP OF THE FILE/DIRECTORY

In the above file1.txt, ubuntu is the group, the users belonging to this group will have relevant permissions to perform any action in the file/folder.

To change the group of the file/folder "chgrp" is used.

chgrp <new_group_name> <file/foldername>

Use below command to change the group

here newone is the group name.

On execution of above commmand the file group name is changed as below.

ACL

ACL stands for Access Control Lists.

Think of a scenario in which a particular user is not a member of group created by you but still you want to give some read or write access, how can you do it without making the user a member of the group, here comes in picture Access Control Lists, ACL helps us to do this trick.

ACLs are used to make a flexible permission mechanism in Linux.

getfacl is the command to show what are permission assigned to any file/folder.

setfacl is the command used to grant permission to any file/folder.

getfacl <file or foldername>

setfacl -m "u:user:permissions" /path/to/file

setfacl -m "g:group:permissions" /path/to/file

After changing the file permissions to above mentined folder Task we will get below result.

After changing the file permissions to above mentined folder Task we will get below result.