In Linux, file permissions play a critical role in securing and managing files and directories. Every file and directory in the Linux system has associated permissions that determine which users and processes can access, modify or execute them. These permissions are essential to ensure data integrity and prevent unauthorized access, deletion, or modification of sensitive files.
In this blog, I will try and explain how file permissions work and how to manage them, which is a fundamental skill for any Linux user or system administrator.
There are three types of File Permissions in Linux: Basic Permission, Special Permission, and ACL(Access Control Lists) Permissions.
File Permissions:
I have created multiple files and directories in my Linux OS to understand these permissions. To check how to create multiple directories and files, you can check my blog on Creation of Files and Directories in Linux. To check file permissions we can use the command:
ls -ltr
The ls -ltr
command is used to list the files in a directory in long format with the most recently modified files displayed last. 'l' stands for the long format, 't' stands for time sorting and 'r' stands for reverse order.
This command would give the following result:
Let's understand the first line of the output:
The image is self-explanatory, though I will try making things simpler.
There are three types permissions for files/directories in Linux:
Read permission (represented by 'r'): Allows a user to view the contents of a file or directory.
Write permission (represented by 'w'): Allows a user to modify or delete a file or directory.
Execute permission (represented by 'x'): Allows a user to execute a file or access a directory.
In total, there are nine permission bits, which are represented as a sequence of three characters for each user type.
In Linux, UGO stands for User, Group, and Others.
These permissions can be assigned to three types of users:
Owner: The user who created the file or directory.
Group: A collection of users who share the same permissions to the file or directory.
Others: All other users who are not the owner or part of the group.
There are a few commands which are used in changing the permission of users and groups.
chown
The "chown" command is used to change the ownership of a file or directory.
The syntax of the command is
chown <new_owner_name> <file_name>
For example, "chown sneha myfile" would change the ownership of "myfile" to the user "sneha". This command requires root privileges to change the ownership of a file that you don't own.
chgrp
The "chgrp" command is used to change the group ownership of a file or directory.
The syntax of the command is:
chgrp <new_group_name> <file_name>
chmod
The "chmod" command is used to change the permissions of a file or directory.
The syntax for the command is:
chmod <permissions> <file_name>
The permissions can be represented in different ways, such as symbolic notation or octal notation.
Permission Sets
A permission set refers to a set of permissions assigned to a file or directory that defines who can access, modify, or execute the file or directory. A permission set can be represented in either symbolic notation or octal notation.
Symbolic notation:
In symbolic notation, the permissions are represented by a combination of letters and symbols that represent the owner, group, and others, and the actions allowed on the file or directory.
The symbolic notation consists of three parts: the who, the operator, and the permissions. The who can be represented by the letters "u" for the owner, "g" for the group, and "o" for others, or the letter "a" for all. The operator can be "+" to add permissions, "-" to remove permissions, or "=" to set permissions. The permissions can be represented by the letters "r" for read, "w" for write, and "x" for execute.
An example of symbolic notation would be:
Consider a file textfile.txt. It has only read permissions for the user. We need to give execute permissions also, so the command would look like this:
chmod u+x textfile.txt
The + operator will be used to provide permissions and the - operator will be used to remove permissions.
Octal notation:
In octal notation, the permissions are represented by a three-digit number that represents the combination of permissions for the owner, group, and others.
Each digit represents a combination of read, write, and execute permissions, with 4 for read, 2 for write, and 1 for execute.
For example, "755" represents read, write, and execute permissions for the owner and read and execute permissions for the group and others.
The first digit represents the owner's permissions, the second digit represents the group's permissions, and the third digit represents the permissions for others.
The chmod command is used to modify permission sets using either symbolic or octal notation.
An example of Octal Notation:
So we will try and change the permissions for files and directories.
Image1: Before the change of permission for file1.txt
Image2: After the change of permission for file1.txt
The command " chmod 700 file1.txt " changed the permissions of the file file1.txt to rwx------ from rw-r--r--. This means, the file previously had read-and-write permission for the user and read-only access to groups and other users. Now the file has all access to the user, ie, read, write, and execute permissions while the group and users have no other access.
The green color change in the file name conveys that it's an executable file now.
The blue color denotes a directory.
Ubuntu uses color to indicate different types of files in terminals while using 'ls' command. Some of them are:
Blue: Directories
Green: Executable files
Cyan: Symbolic links
Yellow: Device files
Magenta: Archives or compressed files
Red: Broken symbolic links or other types of errors.
The octal notation can be understood easily through the table below:
Symbol | Permission | Octal Value | Description |
r | Read | 4 | Allows the file to be viewed and its contents to be read |
w | Write | 2 | Allows modifications to the file, such as adding, deleting, or modifying its contents |
x | Execute | 1 | Allows the file to be executed as a program or script |
- | No Permission | 0 | Indicates that the respective permission is not granted |
Octal Value | Permission | Description |
0 | --- | No permissions |
1 | --x | Execute only |
2 | -w- | Write only |
3 | -wx | Write and execute |
4 | r-- | Read only |
5 | r-x | Read and execute |
6 | rw- | Read and write |
7 | rwx | Read, write, and execute |
Access Control List (ACL)
ACL stands for Access Control List, which is a way of assigning additional permissions to files and directories in Linux beyond the traditional owner, group, and other's permissions.
With ACLs, you can specify access permissions for specific users and groups, and you can grant or revoke permissions without affecting the traditional file permissions. This allows for more fine-grained control over access to files and directories.
To install ACL, the following commands are used as per the distribution systems:
For Ubuntu and Debian:
sudo apt-get install acl
For CentOS:
sudo yum install acl
For Fedora:
sudo dnf install acl
These are the commands used to install acl on some of the Linux distributions.
The commonly used commands with ACL are getfacl and setfacl.
getfacl
This command is used to display the current ACLs for a file or directory.
The syntax would be:
getfacl <filename>
The output for the command would look like this:
The picture above explains that the output shows the details about the file, like filename, owner of the file, and the group to which the owner belongs, and all the permissions associated with the file.
setfacl
This command is used to set the ACLs for a file or directory.
The syntax would be:
setfacl [options] [acl_spec] file_or_directory
To conclude, Linux provides a robust and flexible permission model that allows for different levels of access to be granted or revoked for files and directories. Understanding the various permission types, permission sets, and permission notation formats is essential for managing and controlling file access in Linux.
To help me improve my blog and correct my mistakes, I am available on LinkedIn as Sneha K S. Do reach me and I am open to suggestions and corrections.
#Day6 #90DaysofDevops