Siddharth Patil's Blog
Day 6 of My #90DaysOfDevOps Challenge: Understanding Linux File Permissions and Access Control Lists (ACL)

Day 6 of My #90DaysOfDevOps Challenge: Understanding Linux File Permissions and Access Control Lists (ACL)

Siddharth Patil's photo
Siddharth Patil
·

5 min read

Table of contents

Today’s focus is on reading, learning, and implementing file permissions in Linux. File permissions and ownership are crucial for managing file access in any Linux system. These permissions ensure that only the right people can read, write, or execute files.

Let’s go over the concepts I learned and the tasks I performed to get a deeper understanding of file permissions and ACLs.

What are File Permissions?

In Linux, each file or directory has a set of permissions that define who can access or modify it. These permissions are divided into three categories of users:

  1. Owner: The person who owns the file.

  2. Group: A group of users that have specific access to the file.

  3. Others: All other users on the system who are not the owner or part of the group.

Each of these categories can have the following permissions:

  • Read (r): The user can view the file’s contents.

  • Write (w): The user can modify the file.

  • Execute (x): The user can run the file as a program (if it’s a script or executable).

Checking File Permissions

You can check the file permissions using the ls -ltr command.

ls -ltr example.txt

Example Output:

-rw-r--r-- 1 siddharth users 1024 Oct 10 12:00 example.txt

In this output:

  • rw-: The owner (Siddharth) has read and write permissions.

  • r--: The group (users) has read permissions.

  • r--: Others have read permissions.

Changing File Ownership and Permissions

  • Changing Ownership: To change the owner of a file, we use the chown command.

      sudo chown new_owner example.txt

    Output after running ls -ltr:

      -rw-r--r-- 1 new_owner users 1024 Oct 10 12:00 example.txt

  • Changing Group: To change the group ownership, we use the chgrp command.

      sudo chgrp new_group example.txt

    Output after running ls -ltr:

      -rw-r--r-- 1 new_owner new_group 1024 Oct 10 12:00 example.txt

  • Changing Permissions: To change file permissions for users, we use the chmod command. For example, to remove write permissions for others:

      chmod o-w example.txt

    Output after running ls -ltr:

      -rw-r----- 1 new_owner new_group 1024 Oct 10 12:00 example.txt

Access Control Lists (ACL)

Access Control Lists (ACL) allow more detailed control over who can access files and directories, beyond the basic owner-group-others structure.

  • View ACL using getfacl:

      getfacl example.txt

    Example Output:

      # file: example.txt
  # owner: new_owner
  # group: new_group
  user::rw-
  user:username:rwx
  group::r--
  mask::rwx
  other::r--

  • Set ACL using setfacl:

      setfacl -m u:username:rwx example.txt

    This command grants the user username full access (read, write, execute) to the file example.txt.

Task: Setting ACL for a Directory

I created a directory and set ACL permissions for different users and groups:

mkdir acl_test_dir
setfacl -m u:user1:rwx acl_test_dir    # Give user1 full access to the directory
setfacl -m g:group1:rx acl_test_dir    # Give group1 read and execute access
getfacl acl_test_dir                   # Verify ACL settings

Output of getfacl:

# file: acl_test_dir
# owner: siddharth
# group: users
user::rwx
user:user1:rwx
group::r-x
group:group1:r-x
mask::rwx
other::r-x

Scripting for File Permissions and ACL

1. Changing Permissions with a Script

To automate changing permissions for multiple files, I wrote a script that takes user input to modify file permissions:

#!/bin/bash
# Script to change permissions of files in a directory

echo "Enter the directory path:"
read dir
echo "Enter the permission (e.g., 755):"
read perm

for file in $dir/*; do
    chmod $perm "$file"
    echo "Changed permissions for $file"
done

Example Output:

Enter the directory path:
/home/siddharth/files
Enter the permission (e.g., 755):
644
Changed permissions for /home/siddharth/files/file1.txt
Changed permissions for /home/siddharth/files/file2.txt

2. Setting ACL with a Script

I also created a script to set ACL permissions for a specific user on a file:

#!/bin/bash
# Script to set ACL permissions

echo "Enter the file name:"
read filename
echo "Enter the username:"
read username
echo "Enter the permissions (e.g., rwx):"
read permissions

setfacl -m u:$username:$permissions $filename
echo "ACL permissions set for $username on $filename"

Example Output:

Enter the file name:
example.txt
Enter the username:
user1
Enter the permissions (e.g., rwx):
rwx
ACL permissions set for user1 on example.txt

Understanding Sticky Bit, SUID, and SGID

These are special file permissions in Linux:

  • Sticky Bit: When set on a directory, only the file's owner can delete their files, even if others have write permissions on the directory.

      chmod +t /path/to/directory

  • SUID (Set User ID): When set on a file, it allows users to execute the file with the permissions of the file owner.

      chmod u+s /path/to/file

  • SGID (Set Group ID): When set on a file or directory, it allows users to execute it with the group’s permissions or inherit the group of the directory.

      chmod g+s /path/to/file

Backup and Restore Permissions

Finally, I created scripts to back up and restore file permissions:

1. Script to Backup Permissions:

#!/bin/bash
# Backup file permissions in a directory

echo "Enter the directory path:"
read dir

getfacl $dir/* > permissions_backup.txt
echo "Permissions backed up to permissions_backup.txt"

Example Output:

Enter the directory path:
/home/siddharth/files
Permissions backed up to permissions_backup.txt

2. Script to Restore Permissions:

#!/bin/bash
# Restore file permissions from a backup file

echo "Enter the backup file name (e.g., permissions_backup.txt):"
read backup_file

setfacl --restore=$backup_file
echo "Permissions restored from $backup_file"

Example Output:

Enter the backup file name (e.g., permissions_backup.txt):
permissions_backup.txt
Permissions restored from permissions_backup.txt

Conclusion

Linux file permissions and ACLs are powerful tools for managing access to files and directories. They allow you to control who can read, modify, or execute a file. With additional features like sticky bit, SUID, and SGID, you can further fine-tune how files are accessed or modified.

This learning experience gave me a deeper understanding of managing file security in Linux. I hope this explanation, along with the scripts and examples provided, makes it easier for you to understand how Linux permissions work. Let’s keep sharing our learnings and grow together in the DevOps community!

Let’s learn together and grow together in the world of DevOps! 🌱🚀 #DevOpsJourney #LearningTogether #GrowthMindset #TechCommunity #TrainWithShubham #90DaysOfDevOps

Follow my #90DaysOfDevOps challenge on LinkedIn, and stay tuned for more updates!

DevopsDevops articlesCloudCloud ComputingLinuxlinux for beginnersshell scriptAWS#90daysofdevopsTrainWithShubham