File permission and Access control Lists (ACLs) are security mechanisms used in Linux to control access to files and directories. It allows us to specify who can read, write, and execute files, as well as control what other users or groups can do with the files.
File Permission:
File permissions are a set of rules that determine who can read, write, and execute files on a Linux system. In Linux, each file and directory is associated with an owner and a group, and there are three types of permissions for each file or directory: read (r), write (w), and execute (x).
The permission settings for a file or directory can be viewed using the "ls -la" command. For example, "ls -la myfile.txt" will show the permissions for the file "myfile.txt".
The permission settings are displayed in the first column of the output, as a string of 10 characters. The first character indicates the file type.
"-" for a regular file, and "d" for a directory
the next nine characters represent the permissions for the owner, group, and other users.
The owner has read, write, and execute permissions on the file, represented by the character "rwx". The group and other users have separate sets of permissions, also represented by the character "rwx". For example, "rw-r--r--" means that the owner has read and write permissions, and the group and other users have read-only permissions.
We can change permissions using two methods: numeric and symbolic
Numeric type: is one of the methods of changing permissions on a file or directory in Linux systems. Numeric permissions use a three-digit sequence of numbers to represent different types of permissions for three different categories of users: owner, group, and others.
Each digit in the sequence represents a set of permissions. The first digit represents the permissions for the owner, the second digit represents the permissions for the group, and the third digit represents the permissions for others. Each digit can have a value from 0 to 7.
The permission you can give by chmod command.
For example, #chmod 764 filename
764 would mean that the owner has read, write, and execute permissions (7), the group has read and write permissions (6), and others have read-only permissions (4).
change the ownership permission:
Before showing the permission section let see how to add the group. to add the group we are using the #groupadd (group_name) command.
here i have given the name of the group as script_group, and to see the group added or not , we are using sudo cat /etc/group to the groups.
after we run the command we can see at the end our group name is present.
here, first colum is (script_name) group name, x : is the passward, and 1003 is the group ID and if add the member it comes after group ID..
To add the user to group we are using the command # sudo gpasswd -a (user-name) groupname.
here ubuntu is the user added to script group.
And if you want add the multipal user we can use the command # sudo gpasswd -M user-1, user-2 groupname.
user-1 is ubuntu and user-2 is Raju, now ubuntu is group member of scrip_group.
now lets give the permission only to group.
In the given example, the file "script.sh" belongs to the user "ubuntu" and the group "script_group". The permissions are set to read, write, and execute for the group, and no permissions for others.
This means that only members of the "script_group" can read, write, and execute the file, while other users cannot access the file in any way. If a user belongs to the "script_group", they will have the necessary permissions to execute the script.
In this we can give the multpal user to respective group and give required permission, insted of giving each one.
To change the user ownership of the file we use #chown <user> <file/directory name>.
To change the group ownership of the file we use #chgrp <user> <file/directory name>.
Access Control Lists:
Access Control Lists (ACLs) are an additional layer of permissions that can be used in addition to the standard file permissions. ACLs allow you to set more granular permissions for users and groups on a file or directory.
For example, you can use ACLs to give a specific user read and write access to a file, even if they are not the owner or a member of the group that owns the file. ACLs are useful when you need to set permissions for multiple users or groups on the same file or directory.
getfacl: To check all permission of the file/directory, we are using #getfacl <file /directory name> command.
Here the gurudath_1 directort has following permission we can see by using getfacl command.
setfacl: is additional permissions for specific users or groups to access a file or directory. For example, you can grant read access to a specific user who is not the owner of the file.
here Rani is user she is not belong to any of the group, by using setfacl command we can give the permission.
sudo setfacl -m <user>:rw- <filename>
*****************************************************************************
Thank you for reading my blog i hope you found helpfull, let me know any correction.