Create a simple file and do ls -ltr
Each of the three permissions is assigned to three defined categories of users. The categories are:
owner — The owner of the file or application."chown" is used to change the ownership permission of a file or directory.
group — The group that owns the file or application."chgrp" is used to change the group permission of a file or directory.
others — All users with access to the system. (outised the users are in a group)
"chmod" is used to change the other users permissions of a file or directory.
As a task, change the user permissions of the file and note the changes after ls -ltr
Here in above example - We have created a file sample_file.txt and checked it's permission once created by ls -ltr command.
Now we have chanaged permission of the file sample_file.txt by chmod command (We will see how fast we can remember the changing persmission in this same article later)
Now that we have changed the permission of the file the final output is we have changed the permissions to read,write and execute the file by user and no permissions are given to group and others.
NOTE - I used && notation here that represents AND as a meaning to CLI and executes two commands in one go.
Write an article about File Permissions in linux
(Trick to remember)
Linux file permissions can be intimidating for newcomers, but with a few easy-to-remember tricks, you'll be able to navigate this aspect of the system with confidence. Understanding file permissions is crucial for ensuring the security and proper functioning of your Linux system. Let's dive into some tricks that will help you grasp and remember file permissions effortlessly.
1. The Permission Notation: File permissions are represented using a 10-character notation. The first character represents the file type ('-' for regular files, 'd' for directories, 'l' for symbolic links, etc.), and the next nine characters are divided into three sets of three. Each set represents the permissions for the owner, group, and others in that order.
For example, 'rw-r--r--' means the owner has read and write permissions, while the group and others have only read permissions.
2. The Three Basic Permissions: The three basic permissions are Read (r), Write (w), and Execute (x). To remember them easily, think of "r" as "reading," "w" as "writing," and "x" as "execution."
3. Numeric Representation: Each permission (r, w, or x) has a numeric value associated with it. Read (r) is 4, Write (w) is 2, and Execute (x) is 1. To find the numeric representation of a combination of permissions, add up the values accordingly. For example, rw- (read and write) would be 4 (read) + 2 (write) = 6.
4. Calculating Total Permissions: To calculate the total permissions for a file or directory, combine the numeric representation of the owner, group, and others' permissions. For instance, if the owner has read and write (6), the group has read-only (4), and others have no permissions (0), the total permission would be 640.
5. Understanding Octal Notation: The total permission number can also be expressed in octal notation. For the same permissions as mentioned above (rw-r-----), convert the owner, group, and others' permissions to octal and combine them. rw- (6) becomes 110 in octal, r-- (4) becomes 100, and --- (0) remains unchanged. So, the total permission in octal is 640.
6. chmod Command: The 'chmod' command is used to change file permissions. It can be used with either the symbolic notation (like "u+x" for adding execute permission to the owner) or the octal notation (like "chmod 755 file_name" for giving the owner read, write, and execute, and others read and execute).
7. Recursive Changes: When you need to change permissions for all files and directories within a folder, use the '-R' option with 'chmod.' This will make the change recursively for all subdirectories and files.
8. Be Cautious with 'chmod 777': Avoid setting permissions to '777' (read, write, and execute for everyone) on sensitive files or directories, as it can lead to security vulnerabilities. Only use this when absolutely necessary and for directories like '/tmp'.
Remember, file permissions are a crucial aspect of Linux security. Mishandling them could lead to unintended consequences. So, always double-check before making any changes to ensure your system remains safe and stable.
By keeping these tricks in mind, you'll soon become proficient in managing file permissions in Linux, and your confidence in working with the system will grow substantially. Happy Linuxing!
Read about ACL and try out the commands getfacl and setfacl
What is ACL and it's need?
Standard file permissions are satisfying when files are used by only a single ownner and a single designated group. However, If we want to give access to a user or group which not listing on default file permission, then ACL will come in use.
With ACL, you can grant permission to multiple users and groups, identified by user name, group name, UID, GID. using the same permission flags used with regular file permission: read, write and execute.
To check ACL is enable in our file system or not type cat /etc/fstab, where if mounted file system is defaults means ACL is enable in our file system.
If the output is not same as above that shows defaults then we have to enable/install the acl in our system.
Below example shows - When we create a file name mytestfile.txt it has some permissions assigned already. We checked those by ls -ltr command.
Now we will use getfacl <file name> to see it's details. And will set new user into that file to which no access before.
setfacl -m u:ajay:rw mystestfile.txt
Here -m for modify and u is for user and we are giving ajay persmission to read and write the file so rw.
Once we do that and check again the persmission by ls -ltr mytestfile.txt, now we see -rw-rw-r--+ 1 as it's permission so here thing to note is + is shown in file persmission only if any ACL is set to the file.
Now we give command , getfacl mytestfile.txt
And the output shows new user with its persmission and mask with same permission as newly added user.
Now to remove the ACL permission for user, we use command
setfacl -x <username> <filename>
As seen above, persmissions set for ajay on file mytestfile.txt has been removed.
Now, to remove complete ACL from a file we use command
setfacl -b <file name>
Now we can see + sign is removed from the permissions and hence ACL is completely removed.
This is how ACL works.
Thanks for reading the blog & do share them with someone in need :)
Please share your views and suggestions, they are always welcome.
See you then in the next blog.
Happy learning :)