Day6: Devops Journey
File Permissions and Access Control Lists in Linux.
Introduction:
Linux is a multi-user operating system, so it has security to prevent people from accessing each other’s confidential files. When you execute a “ls” command, you are not given any information about the security of the files, because by default “ls” only lists the names of files. You can get more information by using an “option” with the “ls” command.
Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource.
File System Hierarchy:
In the Filesystem Hierarchy Standard (FHS), all files and directories appear under the root directory /, even if they are stored on different physical or virtual devices.
Some of these directories only exist on a particular system if certain subsystems, such as the X Window System, are installed.
Most of these directories exist in all UNIX operating systems and are generally used in much the same way; however, the descriptions here are those used specifically for the FHS and are not considered authoritative for platforms other than Linux.
The root directory is "/" (forward slash) and it is the base directory.
Understanding the Directories:
Types of files in Linux Systems:
General Files – It is also called ordinary files. It may be an image, video, program, or simple text file. These types of files can be in ASCII or Binary format. It is the most commonly used file in the Linux system.
Directory Files – These types of files are a warehouse for other file types. It may be a directory file within a directory (subdirectory).
Device Files – In a Windows-like operating system, devices like CD-ROM, and hard drives are represented as drive letters like F: G: H whereas in the Linux system devices are represented as files. As for example, /dev/sda1, /dev/sda2, and so on.
These are the common top-level directories associated with the root directory:
| /bin | binary or executable programs. |
| /etc | system configuration files. |
| /home | home directory. It is the default current directory. |
| /opt | optional or third-party software. |
| /tmp | temporary space, typically cleared on reboot. |
| /usr | User related programs. |
| /var | log files. |
Some other directories in the Linux system:
| /boot | It contains all the boot-related information files and folders such as conf, grub, etc. |
| /dev | It is the location of the device files such as dev/sda1, dev/sda2, etc. |
| /lib | It contains kernel modules and a shared library. |
| /lost+found | It is used to find recovered bits of corrupted files. |
| /media | It contains subdirectories where removal media devices are inserted. |
| /mnt | It contains temporary mount directories for mounting the file system. |
| /proc | It is a virtual and pseudo-file system to contains info about the running processes with a specific process ID or PID. |
| /run | It stores volatile runtime data. |
| /sbin | binary executable programs for an administrator. |
| /srv | It contains server-specific and server-related files. |
| /sys | It is a virtual file system for modern Linux distributions to store and allows modification of the devices connected to the system. |
Some more basic symbols
| S:NO | Symbol | Explanation | Examples |
| 1 | / | The forward slash (/) represents the "root" of the filesystem. (Every directory/file in the Linux filesystem is nested under the root / directory.) / also use for directoty separation and path separation | / is a root directory/home/user/samle/test.txt |
| 2 | ~ | is equal to the current user's home directlry. E.g: /home/someone/ | cd ~ |
| ls ~ | |||
| 3 | * | A symbol which stands for "everything". Let's say you want to remove all the .jpg files from your Downloads folder which have their name starting with the "E" character, then you can use this symbol to represent all the other letters except E. See the example. | rm ~/Downloads/E*.jpg |
| ls /etc/*c | |||
| nano /var/log/nginx/* | |||
| 4 | & | Run a command in the background. It will return the PID of the newly running process to you and won't show you the output. | sudo apt update & |
| 5 | && | These symbols written together stand for "and". So if you want to run 2 commands together, you can use it. | sudo apt update && sudo apt upgrade |
| 6 | \ | Allows you to continue writing commands/Bash syntax in new line. | |
| 7 | .. | In many cases, especially in navigation, the two dots stand for the parent folder. | cd .. |
| 8 | . | In navigation or referring to files/folders, the dot stands for the current folder. | ls . |
| 9 | # | Everything after this symbol in the same line is considered to be a comment, so it won't be processed by the shell. | cd # This commands moves you somewhere. |
File Permissions:
#ls -l
There’s a lot of information in those lines.
The first character = ‘-‘, which means it’s a file ‘d’, which means it’s a directory.
The next nine characters = (rwxrwxr) show the security
The next column shows the owner of the file. (Here it is
ubuntu)The next column shows the group owner of the file. (Here it is
ubuntuwhich has special access to these files)The next column shows the size of the file in bytes.
The next column shows the date and time the file was last modified.
Last Column = File_name or Directory_name. (For example, here are: createdirectory.sh , merikahani.sh )
File type:
The file type is determined by the first character of the permission sequence. These are the symbols and their meaning
| Symbol | Meaning |
| - | Regular file |
| d | Directory |
| c | Character Device |
| b | Block Device |
| s | Local Socket file |
| p | Named Pipe |
| l | Symbolic link |
File Permission:
The Read, Write and execute have been assigned some certain values. These values can be used to to set permissions for a file.
Read (r) - 4
Write (w)- 2
Execute (x) - 1
Above values are used to give permissions to files. we have one file createdirectory.sh and need to give all read , write & execute to users, groups and others. we will sum up the values i.e. 4+2+1 = 7. So the Value 7 resembles all the permissions are granted.
We will use chmod (changemode) command here
chmod 777 filename
#chmod 777 createdirectory.sh
We can add/remove permissions anytime. Lets say here i'll remove write and execute permission permission for groups and other.
user - rwx , group- r , others- r i.e- user= 4+2+1 , group - 4 , others - 4
Same way, we can modify permissions
basic commands:
chown - change ownership - #chown file.txt
chgrp - change group. #chgrp file.txt
chmod - change mod. #chmod 777 file.txt
ACL (Access Control List):
Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource.
setfacl and getfacl are used for setting up ACL and showing ACL respectively.
setfacl: #setfacl -m u:username:rw file.txt
-m option in setfacl stands for "modify," and it is used to modify the ACL of a file or directory by adding or changing ACL entries.
rw: Read and Write Permission
u: To specify the username
- "setfacl" : This is used to set ACLs. For e.g. to grant read and write access to a file for a specific user:
#setfacl -m u:username:rw test.sh
-m option in setfacl stands for "modify," and it is used to modify the ACL of a file or directory by adding or changing ACL entries.
rw: Read and Write Permission
u: To specify the username.
"gefacl" : This command is used to view access control lists of a file or directory.
# getfacl test.sh
Removing ACLs:
To remove ACLs from a file or directory, you can use the
setfaclcommand with the-boption:#setfacl -b test.sh
Task1:
- Create a simple file and do
ls -ltrto see the details of the files refer to Notes
- Create a simple file and do
Each of the three permissions are assigned to three defined categories of users. The categories are:
owner — The owner of the file or application.
"chown" is used to change the ownership permission of a file or directory.
group — The group that owns the file or application.
"chgrp" is used to change the group permission of a file or directory.
others — All users with access to the system. (outised the users are in a group)
"chmod" is used to change the other users permissions of a file or directory.
As a task, change the user permissions of the file and note the changes after
ls -ltr
Task done!!
Task2: Write an article about File Permissions based on your understanding from the notes.
Done in above paragraph.
Task3:Read about ACL and try out the commands getfacl and setfacl.
Done in above paragraph.
Thank you for reading my blog:)