1. About File Permissions:
File permissions are core to the security model used by Linux systems. They determine who can access files and directories on a system and how.
To check file permission as :
ls -l <file-name>
Permission Descriptions:
Read (r): The read permission allows you to open and read the content of a file. But you can't do any editing or modification in the file.
Write (w): The write permission allows you to edit, remove or rename a file. For instance, if a file is present in a directory, and write permission is set on the file but not on the directory, then you can edit the content of the file but can't remove, or rename it.
Execute (x): In Unix type system, you can't run or execute a program unless execute permission is set. But in Windows, there is no such permission available.
Owner (u): Permissions used for the Owner of the file.
Group(g): Permissions used by members of the group.
Other(o): Permissions used by all other users.
Permission Set:
Permissions in detail:
Change File Permissions:
a) chmod: Change file access permissions.
Description: This command is used to change the file permissions. These permissions read, write and execute permission for the owner, group, and others.
Syntax (symbolic mode): chmod [ugoa][[+-=][mode]] file
The first optional parameter indicates who – this can be (u)ser, (g)roup, (o)there, or (a)ll.
The second optional parameter indicates opcode – this can be for adding (+), removing (-), or assigning (=) permission.
The third optional parameter indicates the mode – this can be (r)ead, (w)rite, or e(x) acute.
Example: Add writes permission for user, group, and others for file1.
$ chmod ugo+w file1
There is another way to change file permissions by numeric symbol:
Example: Give read/write/execute permission to the user, read/execute permission to the group, and execute permission to others.
$ chmod 751 file1
b) chown: Change ownership of the file.
Description: Only the owner of the file has the right to change the file ownership.
Syntax: chown [owner] [file]
Example: Change the owner of file1 to user2 assuming it is currently owned by the current user
$ chown user2 file1
c) chgrp: Change the group ownership of the file
Description: Only the owner of the file has the right to change the file ownership
Syntax: chgrp [group] [file]
Example: Change group of file1 to group2 assuming it is currently owned by the current user
$ chgrp group2 file1
2. Create a simple file and check the details of the file:
Here I created one file by using the touch command and then check the details of the file by using the ls -l command and then change the file permissions to 766 [all owner permissions, read and write permissions to group and others].
3 . Read about ACL and try out the commands getfacl and setfacl
Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource.
Use Of ACL: Think of a scenario in which a particular user is not a member of a group created by you but still you want to give some read or write access, how can you do it without making the user a member of the group, here comes in picture Access Control Lists, ACL helps us to do this trick.
ACLs are used to make a flexible permission mechanism in Linux.
ACLs are used to define more fine-grained discretionary access rights for files and directories.
setfacl and getfacl command:
The command "setfacl" refers to Set File Access Control Lists and "getfacl" refers to Get File Access Control List.
Example:
getfacl <file or directory name>
1. To add permission for user
setfacl -m "u:user: permissions" /path/to/file
setfacl -m u:maher:rwx test/declarations.h
2. To add permissions for a group
setfacl -m "g:group: permissions" /path/to/file
3. To remove ACL permission of user:
setfacl -x "u:user: permissions" /path/to/file
4. To remove ACL permission of group:
setfacl -x "g:group: permissions" /path/to/file