File Permissions & Access Control

File Permissions are used to control access to the files and directories/folders. There are 3 types of permissions: read; write; & execute.

Let's have a look at a sample file (sample.txt) I created in Linux and view its file permissions before and after the permissions are changed. I have used the "ls -ltr" command to view the details.

ls: list file & directory contents
l: displays permissions, ownership, size & modification time
t: sorts output by time modified, latest modified at end of the list
r: reverses the order of the sorting (oldest file at top)

ubuntu@ip-172-31-61-13:~/test$ ls -ltr
total 12
-rw-rw-r-- 1 ubuntu ubuntu 41 Mar 26 07:43 fruits.txt
-rw-rw-r-- 1 ubuntu ubuntu 34 Mar 26 08:20 class1.txt
-rw-rw-r-- 1 ubuntu ubuntu 35 Mar 26 08:39 class2.txt
-rw-rw-r-- 1 ubuntu ubuntu  0 Apr  4 22:55 sample.txt
ubuntu@ip-172-31-61-13:~/test$

Let's understand the last line after returning the "ls -ltr" command for "sample file". -rw-rw-r-- 1 ubuntu ubuntu 0 Apr 4 22:55 sample.txt

Breakdown	Description
-rw-rw-r--	File Permissions
1	represents the # of hard links to the file - hard link is a reference to the file by another name in the system - in this case, it indicates that there is only 1 hard link to the file "sample.txt"
ubuntu	ubuntu is the user who has ownership "rw-"
ubuntu	second ubuntu is the group as well who has ownership "rw-"
0	it indicates the file size in bytes - in this case, none as it is an empty file
Apr 4 22:55	month, day & time in a 24hr format - this shows that this is when it was last modified

Let's now break down the File Permissions to further understand how to read them.

Here's an example of how we can change the ownership of this "sample.txt" file from "-rw-rw-r--" to have access for all (user; group; & others). I will use the "chmod" command to perform this task. "chmod" command is used to set the file permissions for a file or directory. These file permissions specify which users or groups are allowed to read, write, or execute the file.

ubuntu@ip-172-31-61-13:~/test$ chmod 777 sample.txt
-rw-rw-r-- 1 ubuntu ubuntu 41 Mar 26 07:43 fruits.txt
-rw-rw-r-- 1 ubuntu ubuntu 34 Mar 26 08:20 class1.txt
-rw-rw-r-- 1 ubuntu ubuntu 35 Mar 26 08:39 class2.txt
-rwxrwxrwx 1 ubuntu ubuntu  0 Apr  4 22:55 sample.txt
ubuntu@ip-172-31-61-13:~/test$

ACL - Access Control Lists

ACL allows access to be granted to specific users or groups without changing the permissions of the file or directory for everyone else. It comes in handy when different users or groups need different levels of access to a file or directory.

To use or work with ACL, 2 commands are used:

"getfacl" - this command displays the ACL entries for a file or directory.
"setfacl" - this command is used to modify the ACL entries.

Here is a scenario, where the "user - kobe" has been granted access as a user to "rwx" the "sample.txt" file and a group "lakers" have been given access.

ubuntu@ip-172-31-61-13:~/test$ getfacl sample.txt
# file: sample.txt
# owner: ubuntu
# group: ubuntu
user::rwx
group::rwx
other::rwx

ubuntu@ip-172-31-61-13:~/test$ setfacl -m u:kobe:rwx sample.txt
ubuntu@ip-172-31-61-13:~/test$ getfacl sample.txt
# file: sample.txt
# owner: ubuntu
# group: ubuntu
user::rwx
user:kobe:rwx
group::rwx
mask::rwx
other::rwx

ubuntu@ip-172-31-61-13:~/test$ setfacl -m g:lakers:rwx sample.txt
ubuntu@ip-172-31-61-13:~/test$ getfacl sample.txt
# file: sample.txt
# owner: ubuntu
# group: ubuntu
user::rwx
user:kobe:rwx
group::rwx
group:lakers:rwx
mask::rwx
other::rwx

ubuntu@ip-172-31-61-13:~/test$

I appreciate your busy time reading this short blog. As I continue with my journey to learn and acquire the skill set of a DevOps Engineer, I will share what I learn. Thank you.

Happy Learning!