CharanWrites

day6 of #90DaysOfDevops

File Permissions and Access Control Lists

Nagacharan's photo
Nagacharan
·

7 min read

day6 of #90DaysOfDevops

Photo by Aaron Burden on Unsplash

File Permissions and Access Control Lists

Tasks :

1. create a simple file and do ls -ltr

  • Here I have created a file named "myfile.txt" and then I did ls -ltr

2. Write about file permissions

  • In Linux, file permissions are used to control access to files and directories. Each file and directory has a set of permissions that specify which users and groups are allowed to read, write and execute the file.

  • There are 3 types of permissions in Linux. They are 1. Read (r) 2. write (w) 3. Execute (x). These permissions can be granted or denied to 3 categories of users. They are 1. The owner (U) 2. Member of files group (g) and 3. others (o) .

  • The permissions for a file or a directory are displayed in the output of the ls -l command in the below format

    .

    Let's understand the format of the output.

  • The first row shows the total number of files and directories in a particular file path.

  • the first column of the third row of the output shows the permissions for the file.

  • the - character indicates whether the file is regular(normal) or a special file (e.g; d for a directory, l for symbolic link)

  • The next three characters (-rw) in the same row, represents the permissions for the owner of the file, the next three characters (-rw) represents the permissions for the members of file group and the final three characters (r--) represents the permissions for all the other users.

  • To change the permissions of a file or directory. You can use chmod command.

  • For ex: To give the owner of a file read, write and execute permissions, and give all other users read and execute permissions. You can use the following command. $ chmod 755 <filename>

    Here in these for the owner (7) which means for read (r) = 4 , write (w) = 2 and execute (x) = 1

  • That means, if we wanted to give read permissions then we can give 4 like that for other permissions also.

permission can be set on any file/dir by two methods :

  1. symbolic method (ugo) and 2. Absolute method (numbers)

    1. symbolic method :

      1. $ chmod u=rwx, g=rw, o=r <filename> or $ chmod ugo=rwx <filename>

      2. Absolute method :

        $ chmod 777 <filename>

umask :

  • when we create any file using touch, cat or vi commands they get created with default file permissions as stored in umask ( user creation mask ).

  • umask is a 4-digit octal number that tells Unix which of the three permissions are to be denied rather than granted.

  • umask will decide what should be the default permissions for a file and a directory when it is created.

  • The default umask value is 0022

    To check umask value of a file/directory give $ umask command.

different file types in linux

(-) ---> Regular file

d ------> Directory

c -------> character device file ( character and device files allow users and programs to communicate with a hardware peripheral devices). The server console is a character device file that talks to devices in a character by character

b -----> block device file

s ------> Local socket file used for communication between processes

p--------> named pipe

l ---------> Symbolic link

$ file is used to identify the file type

$ stat is used to view details like access, modify, change time, size, inode, block etc

$ ln is used to make links between files.

There are two types of links :

Soft linkHard link
size of the link file is equal to no.of characters in the name of the original filesize of both files is the same
can be created across partitioncan't be created across partition
inode no.of source and link file is differentinode no.of both files is the same
if the original file is deleted, the link is broken and data is lostif the original file is deleted then also the link will contain data
shortcut filebackup file
creation : $ ln -s <sourcefile> <destination>creation : $ ln <sourcefile> <destination>

3. Read about ACL and try "getfacl" and "setfacl"

  • ACL stands for access control list. It is a mechanism that allows you to specify the control over access to files and directories.

    steps to implement ACL :

    • create a partition and format it with (fielesystemextension) ext4 file system. [$mkfs.<extension like ext4> <drive location like /dev/sda]

    • mount a file system with ACL [$ mount -o acl <drivelocation like /dev/sda> <user> then $ mount ]

    • apply ACL on it.

  • `$ getfacl` is used to view the ACLs for a file or directory.

  • `$ setfacl ` is used to set or modify the ACLs for a file or directory.

    Below image shows how to user getfacl

    NOTE: By default, some ubuntu flavors may not be available by default. So, we need to get it by using the command $ sudo apt install acl

This output shows the ACLs for the file myfile.txt the user field shows the owner of the file ubuntu has read and write permission. The group field shows that members of the group ubuntu have read and write permission (rw-) the other filed shows that all other users have read-only permission(r--).

Here is an example of how to use setfacl`

This command ($ setfacl) sets the ACL for the file myfile.txt so that the user user1 has read and write permissions. the -m option stands for "modify" and the u:user:rw specifies that user1 should be given read and write permissions.

Additional Information

Linux File System

Linux uses single rooted, inverted tree-like file system hierarchy

LINUX FILE STRUCTURE - LinuxBaya

image credits: linuxbaya

let's explore each of them

symbolExplanation
/This is a top-level directory

It is a parent directory of all other directories
It is a root directory
It is denoted by a slash(/)
It is like c:/ of windows for Linux | | /root | It is the home directory for the root user (super user)
-> it provides a working environment for root user | | /home | It is a home directory for other users
it provides a working environment for other users (other than root) | | /boot | It contains bootable files in linux
like GRUB, boot.ini, ntldr | | /etc | It contains all configuration files
like /etc/passwd, /etc/resolve.conf etc | | /usr | By default, software is installed in /usr directory
usr = Unix Sherable resources | | /opt | it is an optional directory for /usr
It contains third-party software | | /sbin | it contains commands used by only the super user (root)
super user's binary files | | /dev | it contains device files
like /dev/hda | | /proc | it contains process files
Its contents are not permanent, they keep changing
it is also called as a virtual directory
It's file contains useful information used by OS
like /proc/meminfo --information of RAM/SWAP | | /var | It contains variable data like mail, log files | | /mnt | It is a default mount point for any partition
It is empty by default | | /media | It contains all of the removable media like CD-ROM, Pendrive | | /lib | It is similar files which are used by OS
it is similar to the dll files of windows
Library files in Linux are SO (shared object ) files. |

That's it for Today. Thanks for your time.

Please share your valuable feedback by liking 👍, sharing🤝 and commenting.

See you tomorrow, with another blog.

For more such content please follow me here on hashcode.

#day6 #90DaysOfDevops #Linux #DevOps

Did you find this article valuable?

Support CharanWrites by becoming a sponsor. Any amount is appreciated!

#90daysofdevopsDevOps JourneyDevops#shubhamLondheLinux