📚 File Permissions and Access Control Lists

📚 File Permissions and Access Control Lists

DevOps 90-Days Challenge, Day-06


INTRODUCTION -

🔐Consider your computer as a vault with many rooms, each holding important data. Imagine now that each area is controlled by a complex key system, similar to 📁**file permissions and Access Control Lists (ACLs)** in the digital realm. Who can enter, see, alter, or even breathe close to these data rooms is determined by these "keys." We will solve the puzzles surrounding these digital guardians—file permissions and ACLs—in today's exploration. We'll figure out how they protect your virtual "rooms," manage who has access, and guarantee the integrity and confidentiality of your data. Prepare yourself for an engaging exploration of the fascinating realm of digital access control, from comprehending the fundamentals of access rights to deciphering the complex control provided by ACLs!


File and Directory Permission Operations -

OptionExecution
+Adds a permission.
_Removes a permission.
=Assigns entire set of permissions.
r 📖Sets read permission for a file or directory. A file can be displayed or printed. A directory can have the list of its files displayed.
w 📝Sets write permission for a file or directory. A file can be edited or erased. A directory can be removed.
x ⚙️Sets execute permission for a file or directory. If the file is a shell script, it can be executed as a program. A directory can be changed to and entered.
uSets Permission for user who created and owns the file or directory.
gSets permissions for group access to a file or directory.
oSets permissions for access to a file or directory by all other users on the systems.
aSets permissions for access by the owner, group and all other users.
sSets User ID and Group ID permission; program owned by owner and group.
tSets Sticky bit permission; program remains in memory.
CommandExecution
chmodChanges the permission of a file or directory.
chgrp groupname filenameChanges the group for a file or files.
ls -l filenameLists a filename with its permission displayed.
ls -ld directoryLists a directory name with its permissions displayed.
ls -lLists all files in a directory with its permission displayed.

Many people feel that setting permissions using numbers rather than letters is simpler.

The binary representation of the numbers is as follows:

  • r: Read permission 📖

  • w: Write permission 📝

  • x: Execute permission ⚙️

RESULTING PERMISSIONRESULTING PERMISSIONRESULTING PERMISSIONNUMBERING
4217
rwx7
rw-6
r-x5
r--4
-wx3
-w-2
--x1
---0

1)Limiting User Access to Files and Directory -

A file or directory may have read, write,and execute permissions. When a file is created, it is automatically given read and write permissions for the owner, enabling you to display and modify the file. You may change these permissions to any combination you want. A file can also have read-only permission, preventing any modifications.

Three different categories of users can have access to a file or directory the owner, the group and all others not belonging to that group. The owner is the user who created the file. Any file you create, you own. You can also permit a group to have access to a file. In this case every other that file In this sense, every other user on the system makes up the others category.

chmod -

The chmod program allows you to modify various permission settings. It accepts two lists as inputs: filenames and permission changes. There are two ways in which you can specify the permissions list. The symbolic technique is one approach that makes use of permission symbols. Another approach is referred to as the numbering technique.

Example

command - chmod 765 notes.txt/(note- add dir name) - numeric technique

chmod u+rwx g+rw o+rx notes.txt/(note -add dir name) - symbolic technique

The chmod change permissions of file as -

Owner has the permissions to read, write, and execute for users, groups, and others. For others, their rights are read and x-execute.

2) Modifying the Owner or Group of a File/ Directory:

chown

Only the owner has the ability to modify a file's or dir permissions, even though other users might be able to access it. On the other hand, you can change the owner of the file or dir from yourself to another user if you wish to grant them power over any of the permissions on your file or dir. A file/dir can be turned over to another user with the chown command. The other user's name is the first argument this command accepts.

Example - "chown" is used to change the ownership permission of a file or directory

command - chown courseTWS notes.txt

The chown change the ownership of file note.txt from ubuntu to courseTWS

chgrp -

The chgrp command can also be used to modify a file's group, if desired. The name of the new group for a file or files is the first input that chgrp receives. You list the files you want moved to that group after the new group name.

Example - "chgrp" is used to change the group permission of a file or directory.

command - chgrp DAy1 notes.txt


Access Control List (ACL) -

Access Control Lists (ACL) allow users to give more precise control over their files and directories.

The acl option must be used when mounting file systems. To set permissions, use the setfacl and getfacl commands found in the ACL tools (acl package).

The user, owner, and group permissions can be listed using the getfacl command.

The read, write, and execute permissions can be set with the setfacl to restrict access for particular users.

command -

getfacl users <name of directory / file>

setfacl -m u:shub:rwx /de - permission of user

setfacl -m g:test:rwx /devops - permissoin to group

setfacl -b /devops - to remove all permission


CONCLUSION -

Emphasizing how crucial ACLs and file permissions are to preserving system security and allowing for the right kind of data access.

Kindly feel free to ask any queries in the section below. I'd be pleased to respond to them.

Please follow and use the heart❤❤ button below to express your support if you think this content is helpful 😊.

I appreciate you taking the time to read.

Shubham Londhe #90DaysofDevopschallenge #devops #Filepermissions#Cloud