Day 6 Task: 🔐 File Permissions and Access Control Lists (ACLs) 🎯

Day 6 Task: 🔐 File Permissions and Access Control Lists (ACLs) 🎯

¡

4 min read

Today is all about reading, learning, and applying file permissions. Understanding how file permissions and ownership work in Linux is crucial. We’ll dive into these concepts, focusing on how to manage permissions and ownership effectively. By the end of the day, you’ll have hands-on experience with both!

Tasks

  1. Understanding File Permissions:
  • Create a simple file and run ls -ltr to see the details of the files.

  • Each of the three permissions are assigned to three defined categories of users. The categories are: Owner, Group, Others.

    Task: Change the user permissions of the file and note the changes after running ls -ltr.

  • Owner: The owner of the file or application.

    Use chown to change the ownership permission of a file.

  • Group: The group that owns the file or application.

    Use chgrp to change the group permission of a file or directory.

  • Others: All users with access to the system (outside the users in a group).

    Use chmod to change the other users' permissions of a file or directory.

  1. Write an article about file permissions based on your understanding from the notes.

Answer: File permissions are a fundamental aspect of Linux systems, playing a critical role in maintaining security and functionality. In Linux, every file and directory has associated permissions that control the actions users can perform on them. Permissions are divided into three categories:

  1. User (u): The owner of the file.

  2. Group (g): Users who are part of the file's group.

  3. Others (o): All other users who do not own the file and are not part of the group.

Types of Permissions

Each category can have three types of permissions:

  1. Read (r): Allows viewing the contents of a file or directory. (Value: 4)

  2. Write (w): Allows modifying the contents of a file or adding/removing files in a directory. (Value: 2)

  3. Execute (x): Allows executing a file as a program or entering a directory. (Value: 1)

Numeric Permission Representation

Permissions can be represented numerically (octal notation) by summing the values associated with each permission type. For example:

  • Read + Write + Execute: 4 (read) + 2 (write) + 1 (execute) = 7

  • Read + Write: 4 (read) + 2 (write) = 6

  • Read + Execute: 4 (read) + 1 (execute) = 5

  • Read Only: 4

  • Write Only: 2

  • Execute Only: 1

  • No Permission: 0

These values can be combined to set permissions for the user, group, and others.

Viewing Permissions

[if !supportLists]4. [endif]You can view the permissions of files and directories using the ls -l command. The output includes a string representing the permissions:

-rw-rw-rw- 1 Anjali Mygroup 0 Oct 15 08:30 day6task.txt

The first character indicates the file type (- for a file, d for a directory).

The next nine characters are divided into three sets of three, representing the permissions for the user, group, and others, respectively.

Manipulating File Permissions in Shell Scripts

Manipulating file permissions in shell scripts is often done using the chmod, chown, and chgrp commands as we did in first task.

  1. Access Control Lists (ACL):

ACLs extend the basic file permission model by allowing the assignment of permissions to individual users or groups on a per-file basis. This is particularly useful in scenarios where you need to give specific users different levels of access to the same file or directory without changing the ownership or group.

The two primary commands used to view and modify ACLs in Linux are getfacl and setfacl.

1. getfacl: The getfacl command is used to retrieve and display the ACLs of files and directories. It shows the current ACL entries along with traditional permissions.

Basic syntax: getfacl filename

2. setfacl

The setfacl command is used to set or modify the ACLs for files and directories. This command allows you to add, remove, or modify ACL entries.

Basic syntax: setfacl [options] <acl> <file>

Task: Create a directory and set specific ACL permissions for different users and groups. Verify the permissions using getfacl.

First need to install the acl package.

  1. Additional Tasks:

    Task: Create a script that changes the permissions of multiple files in a directory based on user input.

    Answer:

     #!/bin/bash
     echo "Enter the directory path:"
     read dir_path
     echo "enter the permissions (e.g: 742):"
     read dir_permissions
     chmod -R $dir_permissions $dir_path
     echo "Permissions changed successfully"
    

    Task: Write a script that sets ACL permissions for a user on a given file, based on user input.

    Answer:

     #!/bin/bash
     echo "Enter the file path:"
     read file_path
     echo "enter the Username:"
     read username
     echo "enter the permissions (e.g: rwx):"
     read file_permissions
     sudo setfacl -m u:$username:$file_permissions $file_path
     echo "ACL permissions on given user applied successfully."
    
  2. Understanding Sticky Bit, SUID, and SGID.

    Task: Create examples demonstrating the use of sticky bit, SUID, and SGID, and explain their significance.

    Sticky bit: Used on directories to prevent users from deleting files they do not own.

    The ‘t’ indicates that sticky bit is set.

    SUID (Set User ID): Allows users to run an executable with the permissions of the executable's owner.

    The s in the User permission field indicates that the SUID bit is set.

    SGID (Set Group ID): Allows users to run an executable with the permissions of the executable's group.

    The s in the group permission field indicates that the SGID bit is set.

Â