Day 6: Understanding File Permissions and Access Control Lists

Day 6: Understanding File Permissions and Access Control Lists


4 min read

Play this article

Today is more on Reading, Learning and Implementing File permissions.

Create a simple file and do ls -ltr to see the details of the file.

Each of the three permission are divided into three categories of users. Here are the categories:

  1. owner - The owner of the file or application.

    • chown is used to change the ownership permissions of a file or application.
  2. group - The group that owns the file or application.

    • chgrp is used to change the group permissions of a file or application.
  3. others - All users with access to the system (outside the group).

    • chmod is used to change all user permissions of a file or application.

Change the user permissions of a file and note changes after ls -ltr

Understanding of File permission:

File permission in Linux is an important thing to learn. So you can change the file permissions according to your needs. Let's break down to make a better understanding of file permission:

  1. Three Permission Types

There are three primary types of permissions:

  • Read (r): Allows viewing the contents of a file or listing the contents of a directory.

  • Write (w): Permits modifying or deleting a file, or adding and removing files within a directory.

  • Execute (x): Grants the ability to run a file or access the contents of a directory.

  1. Three Permission Categories

Permissions apply to three categories of users:

  • User (u): The owner of the file or directory.

  • Group (g): Users in the file's group.

  • Others (o): Everyone else who has access to the system.

  1. The Permission String

File permissions are represented as a string of characters. For example, "rw-r--r--" denotes read and write permissions for the user, but only read permissions for the group and others.

  1. Numeric Permissions

Under the surface, each permission type is assigned a numeric value: read (4), write (2), and execute (1). Adding these three digits together to change the permissions as you want.

  1. Using Commands

File permissions can be modified using commands like chmod and chown in the terminal. The chmod command lets you change permissions, while chown allows you to alter the file's owner or group.

Access Control Lists:

Access Control Lists (ACLs) are a mechanism that extends the traditional Unix file permission system. ACLs enable you to specify permissions for specific users and groups, even if they are not the file's owner or part of the owning group. Here's the basic understanding of ACL's:

  1. Understanding ACLs:
  • Traditional Unix Permissions: In Unix-based systems, file permissions are managed using the owner, group, and others' settings, each having read (r), write (w), and execute (x) permissions.

  • Limitations: Traditional permissions are effective but limited when it comes to managing access for multiple users or groups.

  • ACLs Address Limitations: ACLs provide a solution by allowing you to define permissions for individual users and groups, granting or restricting access more precisely.

  1. Use Cases for ACLs:
  • Complex Access Scenarios: ACLs are useful when you need to manage access for multiple users or groups with varying permissions on the same file or directory.

  • Shared Directories: In shared environments, ACLs help specify who can read, write, or modify files within shared directories.

  • Multi-User Systems: On multi-user systems, ACLs allow administrators to control access to sensitive data with precision.

  1. getfacl Command:
  • Purpose: The getfacl command is used to retrieve the ACL information for a file or directory.

  • Usage: getfacl filename_or_directory

  • Output: It displays the current ACL settings, including user and group permissions, in a user-friendly format.

  1. setfacl Command:

    • Purpose: The setfacl command is used to set or modify ACLs for a file or directory.

    • Usage: setfacl [options] filename_or_directory

    • Options: setfacl supports various options to specify permissions, users, and groups. You can refer to the man page (man setfacl) for comprehensive details.

Access Control Lists (ACLs) are a powerful addition to Unix-like systems, providing administrators with the flexibility to manage access rights in complex and diverse environments.