Linux security permissions designate who can do what with a file or directory. They specify which user can access what data.
In Linux, we have 3 types of owners for a file :
user — Permissions used by the owner of the file or application.
A user is the owner of the file. By default, the person who created a file becomes its owner. Hence, a user is also sometimes called an owner.
group — Permissions used by the members of the group.
A group can contain multiple users. Members share certain permissions of the group if it allows.
others — Permissions used by all other users.
Any user who is not an owner of the file or doesn’t belong to the group can be categorized as others.
File permissions used in Linux :
Read (r = 4): Read permission allows users to open and read the file only.
Write (w = 2): Write permissions allow the users to modify the file.
Execute (x = 1): Execute permissions allow the user to run an executable script.
1. Create a simple file and do ls -ltr to view file details :
In the above image, the first character d indicates the directory, if it is - then it indicates that it is a file. For the next 9 characters where each character has 3 triples, 1st 3 triples indicate the user owner permissions, the next 3 triples indicate the group permissions & last 3 triples indicate the other user's permission.
The below commands enable you to change the permissions of the file or directory:
1. "chmod" is used to change the other user's permissions of a file or directory.
chmod permissions can be changed using two modes:
1. Symbolic mode: Use combinations of letters and symbols to add or remove permissions.
ex: chmod u+x test.txt
2. Absolute mode: In absolute mode, we have to use numbers to assign permissions.
ex: chmod 777 test.txt
2. "chgrp" is used to change the group permission of a file or directory.
Syntax for changing group permissions of a file or directory :
chgrp <group-name> <file/directory-name>
3."chown" is used to change the ownership permission of a file or directory.
Syntax for changing ownership permissions of a file or directory :
chown <username> <file/directory-name>
2. Read about ACL and the commands getfacl and setfacl
Access control list (ACL) provides a flexible permission mechanism for file systems. ACL allows you to give permissions for any user or group to any resource.
setfacl and getfacl are used for setting up ACL and showing ACL respectively.
List of commands for setting up ACL :
To add permission for user:
setfacl -m "u:user:permissions" filename
To add permission for the group:
setfacl -m "g:group:permissions" filename
To remove a specific entry
setfacl -x "entry" filename
To remove all entries
setfacl -b filename
View ACL :
To show permissions : getfacl filename