📚🔒Day 6: Understanding File Permissions and Access Control Lists(ACLs)

🔐🐧 File Permissions in Linux:

File permissions are like the security bouncers for computer files. They decide who gets the VIP lounge (your files) and what they can do once inside. 💻🔧

Source: https://pressidium.com/

• In Linux, file permissions are represented using a 10-character string. 📝

• The first character indicates the file type (e.g., - for regular files, d for directories). 📁

• The remaining nine characters represent permissions for the user, group, and others. 🔐

• These permissions are grouped into three sets of three characters each:

  1. User Permissions: Read (r), Write (w), Execute (x) 👤

  2. Group Permissions: Read (r), Write (w), Execute (x) 👥

  3. Others Permissions: Read (r), Write (w), Execute (x) 👤👥

Example*:*

Consider a file with the following permissions:

-rw-r--r--

• The first - indicates it’s a regular file. 📄

• The user (owner) has read and write permissions. 👤✍️

• The group has read-only permissions. 👥🔍

• Others (everyone else) also have read-only permissions. 👤👥🔍

1. Numeric Representation:

   • Permissions can also be represented numerically:

     • r = 4

     • w = 2

     • x = 1

   • For example:

     • -rw-r--r-- = 644 (user: 6, group: 4, others: 4) 🔢

🤔🔐Why are file permissions important?

• File permissions are crucial in maintaining security and controlling access to files and directories.

• They ensure that only authorized users can read, modify, or execute specific files.

• Properly configured permissions prevent accidental data loss, unauthorized changes, and protect sensitive information. 🚪🔒

👉How do I check if a user has permission to access a directory? 📁

1. Using ls:

   To view the permissions of a specific directory, run:

    $ ls -ld <-directory name->
   

   -d: Lists directory entries instead of contents.

2. Using stat (for detailed information):

   The stat command provides detailed information on a file or directory, including permissions:

    $ stat <-directory name->
   

📝🐧Access Control List (ACL) in Linux:

Access Control Lists (ACLs) allow to give grant specific permissions to users or groups without changing the base ownership and permissions of files or directories. 📝🔍

• For example, if Sushil(an employee) needs to read specific files owned by Micheal (his manager), ACLs make it happen. 📝🔍

🔍 Viewing the Current ACL:

• To check the current ACL of a file or directory, use the getfacl command.

• Imagine you’re in the accounting department, and you want to see the ACL for the /accounting folder:

    ubuntu@ip-172-31-31-83:~/Day6$ getfacl accounting/
    # file: accounting/
    # owner: ubuntu
    # group: ubuntu
    user::rwx
    group::rwx
    other::r-x
  

  

Note:

• user::rwx means the owner (accounting) has read, write, and execute permissions.

• group::rwx allows the accounting group the same access.

• And other::r-x means outsiders have only read and execute access. 🚫

🔍Setting and Verifying ACLs:

#Example1: To grant Sushil read, write, and execute access to the accounting file, use:

setfacl --modify user:Sushil:rwx accounting
OR
setfacl -m user:Sushil:rwx accounting

Note:

• Verify whether the user “Sushil” is a valid user on your system.

• You can list all users using the cat /etc/passwd command.

• If “Sushil” is not listed, create the user or use an existing valid username.

• Creating users directly within the setfacl command is not possible. User creation and access control are separate processes in Linux.

• To create a user, you’ll need to use a different command or system utility. Once the user exists, you can then manage their access using setfacl.

#Example 2: To change grand access to default owner or group, use:

setfacl -m g::rwx accounting/

Note:

The double colon :: indicates that the entry applies to the default owner or group, as opposite to specifying a specific user or group.

When ACL entries specify a specific user or group, they are written in the form user:<username> or group:<groupname> respectively.

Happy Coding :) 🚀🔑📝📌