#90DaysOfDevOps - Day 6: Linux File Permissions and Access Control Lists
Introduction
Welcome to the 6th day of the 90 Days DevOps Challenge! In today's session, we'll delve into the fascinating realm of Linux file permissions and access control lists. Our focus will be on comprehending the various components that constitute file permissions, exploring techniques to alter these permissions, and gaining proficiency in managing access control lists.
Without further ado, let's embark on this enlightening journey!
File permissions
Every file on a Linux system has three types of permissions: read (r), write (w), and execute (x). These permissions apply to three categories of users: the file owner, the file group, and everyone else (others). The owner, who created the file, the group โ a collection of users with access, and others โ all remaining users.
To break it down further, these permissions mean:
Read (r): Allows users to read the contents of a file or directory.
Write (w): Allows users to modify or delete a file or directory.
Execute (x): Allows users to execute a file or access the contents of a directory.
You can control these permissions using a combination of numbers and letters. The letters signify the user groups, and the numbers represent the permission values. By understanding and managing these permissions, you can effectively control who can do what with your files and directories.
The following table shows all the possible permission values and their corresponding privileges:
| Permission Value | Binary | Octal | Permissions |
| 0 | 000 | 0 | No permissions |
| 1 | 001 | 1 | Execute permission |
| 2 | 010 | 2 | Write permission |
| 3 | 011 | 3 | Write and execute permissions |
| 4 | 100 | 4 | Read permission |
| 5 | 101 | 5 | Read and execute permissions |
| 6 | 110 | 6 | Read and write permissions |
| 7 | 111 | 7 | Read, write, and execute permissions |
chmod
The chmod command is used to change the file permissions for a file or directory.
Using values for chmod
To change the file permissions using chmod, you need to specify the permission value, which is a combination of the letters and numbers that represent the permissions for the owner, group, and others. Here are some examples:
chmod 644 myfile.txt
The above command sets the file permissions for myfile.txt to read and write permissions for the owner, and read-only permissions for the group and others.
chmod 755 myscript.sh
The above command sets the file permissions for myscript.sh to allow the owner to read, write, and execute the file while allowing the group and others to only execute the file.
Using letters for chmod
In addition to using the numerical values to set file permissions, you can also use letters to specify which permissions to enable or disable. Here are the letters you can use:
r: Read permissionw: Write permissionx: Execute permissionu: User/ownerg: Groupo: Othersa: All (user, group, and others)
chmod u+w myfile.txt
The above command adds write permission for the owner of a file
chmod g-x myfile.txt
The above command removes execute permission for the group of a file.
Access Control List (ACL)
Access Control List (ACL) is a special tool for controlling who can do what with files and folders on a computer running Linux. Normally, Linux has basic rules for who can use files, but ACL adds more options. It's like giving different people specific keys to certain rooms in a building, instead of just one owner or a group having keys. This way, you can manage who can access things in more detailed ways using ACL.
There are two commands setfacl and getfacl that are associated with ACL.
ubuntu@~/scripts$: getfacl copydir.sh
# file: copydir.sh
# owner: ubuntu
# group: ubuntu
user::rwx
group::rwx
other::r-x
We use getfacl to check the current ACL for copydir.sh script.
ubuntu@~/scripts$: setfacl -m u:user1:r-x copydir.sh
ubuntu@~/scripts$: getfacl copydir.sh
# file: copydir.sh
# owner: ubuntu
# group: ubuntu
user::rwx
user:user1:r-x
group::rwx
mask::rwx
other::r-x
ubuntu@~/scripts$: setfacl -b copydir.sh
ubuntu@~/scripts$: getfacl copydir.sh
# file: copydir.sh
# owner: ubuntu
# group: ubuntu
user::rwx
group::rwx
other::r-x
We use setfact to set the permission for read and execute for user user1 . When we use getfacl command again, we see that the ACL entry for user1 user:user1:r-x has been added.
We can also delete the ACL entries of the file by using -b option with setfacl command.
Conclusion
Day 6 of the DevOps Challenge covered Linux file permissions and Access Control Lists (ACLs). We learned chmod for changing permissions using numbers or letters and explored ACLs like special keys for detailed access control. getfacl and setfacl commands help manage ACLs. This knowledge is a valuable addition to our DevOps toolkit, enhancing our ability to control access and permissions effectively.
"๐ฑ Keep learning, and spread the knowledge to inspire others. ๐๐ก"