Rohit Johari's blog

#day6 Task: File Permissions and Access Control Lists

Rohit Johari's photo
Rohit Johari
·

3 min read

About File Permissions :

File permissions are an essential aspect of computer security that allows users to control access to files and directories. In Unix-based operating systems, file permissions are governed by three different types of users: the owner, the group, and the other. The owner is the user who created the file, the group is a set of users with similar permissions, and the other refers to all other users on the system.

File permissions consist of three sets of permissions: read, write, and execute. Each set of permissions can be set for the owner, the group, and the others.

The read permission allows a user to view the contents of a file or directory. This permission is denoted by the letter "r" and is represented by the number 4 in the file permissions code.

The write permission allows a user to modify the contents of a file or directory. This permission is denoted by the letter "w" and is represented by the number 2 in the file permissions code.

The execute permission allows a user to execute a file or access the contents of a directory. This permission is denoted by the letter "x" and is represented by the number 1 in the file permissions code.

The file permissions code is represented by a series of numbers, with each number representing a different set of permissions. The first number represents the permissions for the owner, the second number represents the permissions for the group, and the third number represents the permissions for the others.

For example, a file with permissions code 644 would allow the owner to read and write to the file, while members of the group and others would only be able to read the file.

File permissions are an essential aspect of computer security, and it is important to understand how to set and modify them properly. By setting appropriate file permissions, we can protect our files from unauthorized access or modification, ensuring that our sensitive data remains safe and secure.

Each of the three permissions is assigned to three defined categories of users. The categories are:

  • owner — The owner of the file or application.

  • group — The group that owns the file or application.

  • others — All users with access to the system. (outside the users are in a group)

  • "chown" is used to change the ownership permission of a file or directory.

  • "chgrp" is used to change the group permission of a file or directory.

  • "chmod" is used to change the other user's permissions of a file or directory.

About ACL (Access Control Lists):

ACL stands for Access Control Lists. ACLs are a set of permissions attached to a file or directory that determine who can access that file or directory and what actions they can perform on it. Unlike traditional Unix permissions, which only allow for a single owner and a single group to control access to a file, ACLs allow for multiple users and groups to have varying levels of access.

The getfacl command is used to display the ACLs attached to a file or directory. The syntax for using getfacl is as follows:

This will display the ACLs for the specified file or directory.

The setfacl command is used to set the ACLs for a file or directory. The syntax for using setfacl is as follows:

We can add or modify ACLs by specifying the user or group to which the ACL applies and the permissions they should have. Here is an example of how to set an ACL using setfacl:

In this example, the -m option tells setfacl to modify the ACL, u:johndoe specifies that the ACL applies to the user johndoe, and rwx grants the user johndoe read, write, and execute permissions on myfile.txt.

#day6FilePermissionand ACL