[ Day-6 ]: File Permissions and Access Control Lists

Mastering File Permissions and Ownership in Linux 🗝️📂

Introduction 📚

Welcome to Day 6 of the #90DaysOfDevOps challenge! Today's focus is on one of the fundamental concepts every Linux enthusiast or developer should master – File Permissions & Ownership. If you've ever been puzzled by strings like "rw-r--r--", or wonder why certain files are inaccessible to you, this post is designed to clarify those mysteries!

File Permissions Overview 📂

In the vast world of the Linux OS, file permissions are the guards at the gates of your data. They ensure that only authorized eyes view, modify, or execute specific files and directories, thus serving as the bedrock of system security.

Users Categories and Their Roles:
- Owner (user) 👤: The prime entity, usually the creator or designated owner of the file.
- Group 👥: A cluster of users with shared access permissions for that file. Think of it as a special club where members get the same privileges!
- Others 👤👥: The vast world outside of the owner and group. Essentially every other user on the system.
Types of Permissions:
- Read (r) 🔍: Think of this as having a 'view-only' access to a document. You can see, but you can't touch.
- Write (w) ✏️: This lets you make your mark! Modify or remove files and directories at will.
- Execute (x) 🏃‍♂️: The golden ticket for files you want to run as programs or scripts.

Decoding the Permission String 🔢

Permissions are expressed in a sequence of characters, like "rw-r--r--". But what does that mean?

Well, break it down into three sets:

The first set for the owner (e.g., 'rw-')
The next for the group (e.g., 'r--')
And the last for others (e.g., 'r--')

In our example, the owner can read and write, but the group and others can only read the file.

Managing Permissions 👀

Want to see the permissions of files and directories in your current location? Use the magic of:

ls -l

To become a true Linux wizard, you need the power to change permissions! With the "chmod" command, you can grant or revoke access in a snap.

chmod [permissions code] filename

For example, if a manager asks us to add execute permission for the user, add write permission for the group, and remove read permission for others, and to verify whether permission is changed or not use the following command:

The Absolute Method for File Permissions in Linux 🧮

The absolute method is a numerical way to set permissions for files and directories. Instead of juggling between 'r', 'w', and 'x', we simply use numbers. This is especially handy when you want to set permissions quickly without typing out the full permission string.

Numeric Mapping of Permissions:

4 stands for Read 📖: This permission allows you to open and view the contents of the file.
2 stands for Write ✍️: With this permission, you can modify the content of the file.
1 stands for Execute 🏃‍♂️: This allows the file to be run as a program/script.

To assign permissions using this method, you combine these numbers:

For each category (Owner, Group, Others), sum up the numbers based on the permissions you want.

For instance:

rwx becomes 4 + 2 + 1 = 7
rw- becomes 4 + 2 = 6
r-- becomes 4 = 4

Practical Example:

Given your scenario:

Owner (rwx): 7
Group (rw-): 6
Others (r--): 4

To set the permissions to read, write, and execute for the owner, read and write for the group, and only read for others, you'd use:

chmod 764 filename

Replace filename with the actual name of your file or directory.

This approach allows for rapid adjustments, making it a favorite among many Linux users for its simplicity and efficiency.

🔑 Task 2: Change the Ownership of a File/Directory in Linux

Ownership is a fundamental concept in the Linux file system, allowing the system to identify who can perform certain operations on a file or directory. Every file has an owner, and occasionally, you might find the need to transfer this ownership to another user. That's where the chown command comes into play.

The chown Command:

chown, as the name suggests, stands for "change owner". It provides you with the capability to modify the user and/or group ownership of a given file or directory. However, a point to note is that only the root user or the superuser has the privilege to change the owner of a file.

Changing File Ownership:

To change the owner of a specific file or directory, you would use the following syntax:

chown [new-owner] [target-file/directory]

In the context of our example:

chown ubuntu file.txt

This command will set the user ubuntu as the new owner of file.txt.

Bonus Tip: If you wish to change both the user and the group of a file simultaneously, you can use a colon : to separate the user and group. For instance:

chown ubuntu:developers file.txt

The above command sets the owner of file.txt to ubuntu and its group to developers.

👥 Task 3: Change the Group Ownership of a File/Directory in Linux

In the Linux filesystem, apart from file permissions and user ownership, group ownership also plays a significant role in dictating file access levels. A file can belong to a particular group, and all members of that group share the same access rights to that file. If there comes a time where you need to reassign a file or directory to a new group, Linux provides a straightforward command for this: chgrp.

Understanding the chgrp Command:

chgrp stands for "change group". Like chown which changes user ownership, chgrp allows you to modify the group ownership of files and directories. However, it's worth noting that only the root user or the superuser (or the owner of the file in certain configurations) is authorized to change the group of a file.

Modifying Group Ownership:

The basic syntax for using the chgrp command is:

chgrp [new-group] [target-file/directory]

As an illustrative example:

chgrp developers file.txt

By executing this command, you would be changing the group ownership of file.txt to the developers group. All users who are members of the developers group will now have the group permissions for this file.

💻 Access Control Lists (ACL) in Linux: A Deep Dive 🔐

Modern-day file systems come with a variety of options for managing permissions and access to files and directories. One such advanced permission management system is Access Control Lists (ACL). Think of ACL as the next step of file permissions, enabling fine-tuned access control beyond the basic owner, group, and others permissions.

Why ACL?

Traditional Linux permissions are broad and generalized. What if you wanted to give access to a specific user without making them a part of the group associated with a file? Or if you had to grant different permissions to multiple users for the same file? That's where ACL comes in.

The Power of ACL 💡:

ACL allows for:

Detailed Permissions: Assign distinct permissions to specific users or groups for a single file/directory.
Overriding Basic Permissions: Provide permissions that can override the default ones.
More than Three Permission Categories: Instead of just owner, group, and others, you can have multiple individual users and groups with unique permissions.

Managing ACLs:

Viewing ACL Entries (🔍):

To retrieve the ACL for a particular file or directory, use the getfacl command:
```
  getfacl file.txt
```
This command displays both the default Linux permissions and the additional ACL entries.
Setting ACL Entries (🛠️):

The setfacl command allows you to modify ACLs. For instance, if you wish to grant read and write permissions to a user named 'john' for file.txt:
```
  setfacl -m u:john:rw file.txt
```
The -m flag indicates that you're modifying the ACL, and u:john:rw specifies the user and the permissions you're granting.

Installation Reminder:

If you're using a Debian-based system and don't have ACL installed, you can get it with:

sudo apt install acl

In Conclusion 🌟: ACLs are a magnificent addition to the Linux filesystem, especially for admins and power users who need nuanced control over file and directory access. Whenever you're in a situation where basic permissions fall short, remember that ACL might just be the magic wand you need! Happy tinkering! 🐧🔧🎉