What is File Permission?
In Linux, file permissions determine who can access a file or directory, and what actions they can perform on it. There are three types of permissions: read, write, and execute, and these permissions can be assigned to three different groups of users: the owner of the file, members of the owner's group, and all other users.
Ownership Types
User: A user is the one who created the file. By default, the user creates the file and becomes the owner of the file. A user can create, delete, or modify the file.
Group: A group can contain multiple users. All the users belonging to a group have the same access permission for a file.
Other: Anyone who has access to the file other than the user and group comes in the category of other. Other has neither created the file nor is a group member.
NOTE: Users and groups can be locally managed in /etc/psswd or /etc/group
File Permission Types
Read (r) - The read permission allows you to open and read the content of a file.
Write (w) - The write permission allows you to edit, remove or rename a file.
Execute (x) - In Unix type system, you can't run or execute a program unless execute permission is set.
| Numeric | Permission | Symbolic |
| 7 | read, write and execute | rwx |
| 6 | read and write | rw- |
| 5 | read and execute | r-x |
| 4 | read-only | r-- |
| 3 | write and execute | -wx |
| 2 | write only | -w- |
| 1 | execute only | --x |
| 0 | no permissions | --- |
Changing file/directory permission in Linux
- we can modify permissions using the chmod command.
Syntax:
chmod permissions filename
We can change permissions using two modes:
- Symbolic mode: this method uses symbols like u, g, o to represent users, groups, and others. Permissions are represented as r, w, x for read write and execute, respectively. You can modify permissions using +, - and =.
#Lists file according to modified date recursively
ls -ltr
#All permission to user
chmod u+rwx file1.txt
#Read & write permission to group user
chmod g+rw file1.txt
Absolute mode: this method represents permissions as 3-digit octal numbers ranging from 0-7.
#Lists file according to modified date recursively ls -ltr #Changing permission of the file chmod 766 file1.txt #Read-only permission chmod 444 file1.txt
Changing Ownership and Group
- You can change the ownership of a file or folder using the chown command.
Syntax:
chown <user_name> <file/directory name>
- You can change the ownership of a file or folder using the chgrp command.
chgrp <group_name> <file/directory name>
NOTE:
Wheel Group:
-- Wheel is a system group that by default has sudo privileges if we add any member to that group then that user gets sudo privileges.
Syntax:
~ useradd
~ gpasswd -a wheel
** By default all member of the wheel group got sudo privileges
Access Control List
Access Control List (ACL) is a mechanism that extends the traditional Unix permissions system, allowing for more granular control over file and directory access.
The Linux ACL system consists of two sets of permissions: the standard Unix permissions and the ACL permissions. The standard Unix permissions are based on three categories: owner, group, and other, with permissions being either read, write, or execute. ACL permissions, on the other hand, are based on a set of rules that define who can access a particular file or directory and what level of access they have.
To get the ACL in the machine, we have to install it
apt-get install acl
To check ACL permission:
SYNTAX: getfacl <file/directory name>
To add an ACL permission to a User:
SYNTAX: setfacl -m u:<user_name>:permissions /path_of_file
To remove ACL permission from a user
SYNTAX: setfacl -x u:<user_name> /path_of_file
To set ACL permission to Group
SYNTAX: setfacl -m g:<user_name>:permission /path_of_file
To remove ACL permission from a group
SYNTAX: setfacl -x g:<user_name>: /path_of_file
To remove all ACL Permission
SYNTAX: setfacl -b /path_of_file
Thank You,
Abhisek Moharana