Vishal Ranmale's Blog
Linux - File Permissions and Access Control Lists

Linux - File Permissions and Access Control Lists

Vishal Ranmale's photo
Vishal Ranmale
·

3 min read

Table of contents

Every file and directory on your Linux system is assigned 3 types of owner, given below.

File Permission

Permission Groups

  • owner – The Owner permissions apply only to the owner of the file or directory, they will not impact the actions of other users.

  • group – The Group permissions apply only to the group that has been assigned to the file or directory, they will not affect the actions of other users.

  • Other – The All Users permissions apply to all other users on the system, this is the permission group that you want to watch the most.

Permission Types

Each file or directory has three basic permission types:

  • read – The Read permission refers to a user’s capability to read the contents of the file.

  • write – The Write permissions refer to a user’s capability to write or modify a file or directory.

  • execute – The Execute permission affects a user’s capability to execute a file or view the contents of a directory.

Access Control Lists

  • Access control lists are used on Linux filesystems to set custom and more personalized permissions on files and folders.

  • ACLs allow file owners or privileged users to grant rights to specific users or to specific groups.

  • ACLs are used to make a flexible permission mechanism in Linux.

getfacl

  • Reading acls can be done with /usr/bin/getfacl

  • Filename, owner and group: the information about user and group ownership is shown at the top

  • User permissions: first, you would find regular user permissions, also called the owning user, followed by any user-specific ACL entries (called named users)

  • Group permissions: owning groups are presented followed by group-specific ACL entries, also called named groups

  • Mask: that restricts the permissions given to ACL entries, the mask is going to be detailed in the next section;

  • Other permissions: those permissions are always active and this is the last category explored when no other permissions match with the current user or group.

setfacl

  • Writing or changing acls can be done with /usr/bin/setfacl.

  • The setfacl command is used on Linux to create, modify and remove access control lists on a file or directory

setfacl {-m, -x} {u, g}::[r, w, x] <file, directory>

  • -m : To modify one or several ACL entries on the file or directory.

  • -x : To remove one or several ACL entries on a file or directory.

  • {u, g} : To modify the ACL for a user or for a group.

  • name : To set the ACL entries for every user or for every group on your host.

  • [r, w, x] : in order to set read, write or execute permissions on the file or directory.

Example1:

  • set specific write permissions for a user on a file/directory

Example2:

  • set execute permissions for all users on your host

Example3:

  • set full permissions for a specific group on your host

Happy Learning :)

Thanks For the reading.

Hope this article is useful for everyone.

Vishal Ranmale

https://www.linkedin.com/in/vishal-ranmale-907307114/

DevopsLinuxDeveloper Toolslinux for beginners