Ketan Hiray's Blog
Day 6 - Linux File Permissions and Access Control Lists

Day 6 - Linux File Permissions and Access Control Lists

Ketan Hiray's photo
Ketan Hiray
·

4 min read

Understanding File Permissions 🛡️

File permissions in Linux determine who can read, write, or execute a file. Understanding these permissions is crucial for securely managing your files and directories. Let's get started!

  1. Create and Check File Permissions✍

    Create a file:

     ubuntu@ip-172-31-45-42:~$ touch test.txt

    List file details:

     ubuntu@ip-172-31-45-42:~$ ls -l

    You'll see something like this:

    -rw-rw-r--

    Categories of Users 👥

    • Owner: The person who created the file.

      • Change owner: chown newowner test.txt

    • Group: Users in a specific group.

      • Change group: chgrp newgroup test.txt

    • Others: All other users with access.

      • Change permissions: chmod o+w test.txt (adds write permission for others)

Changing Permissions 🛠️

  1. Change user permissions:

     ubuntu@ip-172-31-45-42:~$ chmod 700 test.txt
 ubuntu@ip-172-31-45-42:~$ ls -l

Writing an Article:✍

File Permissions in Linux
File permissions are essential for system security. By using commands such as chown, chgrp, and chmod, you can control access to your files and directories. This helps protect sensitive data and ensures that users can only perform authorized actions.

  • Basic Permissions

    • Permissions in Linux are represented by a three-digit number, where each digit represents a different set of users: owner, group, and others.

    • Highest Permission:7 (4+2+1)

    • Maximum Permission:777, but effectively 666 for files due to security reasons, meaning no user gets execute permission.

    • Effective Permission for Directories:755

    • Lowest Permission:000 (not recommended)

    • Minimum Effective Permission for Files:644 (default unmask value of 022)

    • Default Directory Permission: Includes execute permission for navigation

Access Control Lists (ACL):⚙

Check ACL:

    getfacl test.txt

Set ACL:

    setfacl -m u:ubuntu:rwx test.txt

Additional Tasks:🎲

  • Task: Create a script that changes the permissions of multiple files in a directory based on user input.

  •     vim multi_user_permissions.sh

    #!/bin/bash
    read -p "Enter the directory path: " dir
    read -p "Enter the file type (e.g., txt, sh, etc.): " filetype
    read -p "Enter the permissions (e.g., 755, u+x, etc.): " permissions

    # Change permissions for each file in the specified directory and file type
    for file in "$dir"/*.$filetype; do
      if [ -e "$file" ]; then
        chmod "$permissions" "$file"
        echo "Changed permissions of $file to $permissions"
      else
        echo "No files of type $filetype found in $dir"
      fi
    done

Task: Write a script that sets ACL permissions for a user on a given file, based on user input.

    ubuntu@ip-172-31-45-42:~$ vim set_acl.sh

    #!/bin/bash
    # Function to check if setfacl is installed
    check_setfacl_installed() {
      if ! command -v setfacl &> /dev/null; then
        echo "setfacl command not found. Please install the ACL package."
        exit 1
      fi
    }
    # Function to get user input
    get_user_input() {
      read -p "Enter the username: " username
      read -p "Enter the file path: " file_path
      read -p "Enter the ACL permission (e.g., rwx): " acl_permission
    }
    # Function to set ACL permission
    set_acl_permission() {
      setfacl -m u:$username:$acl_permission $file_path
      if [ $? -eq 0 ]; then
        echo "ACL permission set successfully."
      else
        echo "Failed to set ACL permission."
      fi
    }
    # Main script execution
    check_setfacl_installed
    get_user_input
    set_acl_permission

    ubuntu@ip-172-31-45-42:~$ chmod +x set_acl.sh
    ubuntu@ip-172-31-45-42:~$ ./set_acl.sh

Understanding Sticky Bit, SUID, and SGID:🤔

  • Sticky bit: Used on directories to prevent users from deleting files they do not own. Only the file owner, the directory owner, or the root user can delete or rename the files.

    drwxrwxr-t

  • SUID (Set User ID): Allows users to run an executable with the permissions of the executable's owner.

    drwsrwxr-t

  • SGID (Set Group ID): Allows users to run an executable with the permissions of the executable's group .

    drwsrwsr-t

Backup and Restore Permissions:💾

  • Task: Create a script that backs up the current permissions of files in a directory to a file.

Task: Create another script that restores the permissions from the backup file.

Conclusion

In the blog post, you learned about Linux file permissions and how to view and change them using different methods. You also learned about special permissions and access control lists that allow you to fine-tune your file security.

Permissions are an essential part of Linux system administration and DevOps engineering. They help protect your data from unauthorized access, ensuring that only authorized users and processes can perform specific tasks on your files and directories.

#90daysofdevopsDevopsLinuxshell script