Table of contents
Linux is a multi-user operating system, so it has the security to prevent users from accessing each other’s confidential files. Individuals sharing access to files pose a risk of exposing classified information or even data loss if other users access their files or directories. To address this, Unix added the file permission feature to specify how much power each user has over a given file or directory. Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. ACL allows you to give permissions for any user or group to any disc resource.
In this tutorial, we will learn how to view and change file permissions in Linux as well as how to use Access Control Lists.
File Permissions
Ownership of Files
In linux, we have three different class of users - User, Group and Others.
User(u) | A user is the owner of the file i.e. the person who created the file. |
Group(g) | A user group can contain multiple users. All users belonging to a group will have the same permissions to the file. |
Others(o) | It involves everybody else, the person who neither created the file nor belongs to any group. |
Permission of Files
There are different types of permission which apply to each class of users:
R | |
Read(r) | It gives the authority to open and read a file. Read on directory gives you the ability to list its content. |
Write(w) | It gives the authority to modify the content of a file. Write on directory gives you the authority to add, remove and rename files stored. |
Execute(e) | It gives the authority to execute the file. You cannot run a program unless execute permission is given. |
Following is the syntax to use the read, write and execute permission-
Changing File Permissions
We can change the permission of the file using chown, chgrp and chmod command with the absolute numeric mode.
Symbolic | Mode | Absolute Mode |
r | read | 4 |
w | write | 2 |
x | execute | 1 |
(.) | null | 0 |
Permission can be changed by giving the sum of the mode. Ex- 777 means user, group and others have permission to read, write and execute i.e. 7=4+2+1.
"chown" is used to change the ownership permission of a file or directory.
"chgrp" is used to change the group permission of a file or directory.
"chmod" is used to change the other users permissions of a file or directory.
Task:
Create a simple file and do ls -lr
to see the details of the files. Change the user permissions of the file and note the changes after ls -lr.
We can see that earlier the permission for checkFilePermission.txt was set to -rw-rw-r-- but when changed the permission to 776 i.e. rwx for user and group, and rw for others then on giving ls -lr checkFilePermission.txt, we get -rwxrwxrw- permission.
Access Control Lists
While traditional file permissions (read, write, execute) for owner, group, and others are limited to just three permission sets, ACLs allow to define permissions for multiple users and groups with greater flexibility. In real life, we might have a list of people who can enter a restricted area or a list of friends allowed to borrow our stuff. Well, an ACL is a similar concept for computer files. In simple terms, an Access Control List (ACL) in Linux is like a special set of rules that allows us to decide who can do what with specific files and directories on your computer.
The commands used to manage ACLs in Linux are
getfacl
andsetfacl
.To view the ACLs associated with a file or directory, we can use the
getfacl
command:To modify or set ACLs for a file or directory, we can use the
setfacl
command:Thank You!
~Shilpi