Rahul Sharma's Blog
File Permission & Access Control List

File Permission & Access Control List

Rahul Sharma's photo
Rahul Sharma
·

4 min read

Table of contents

File Permission

In Linux, file permissions control access to files and directories by specifying what actions users can perform on them. These actions include reading, writing, and executing files. File permissions are represented by a set of three characters for the owner, group, and others.

Here is a diagram that illustrates the different types of file permissions in Linux:

The first column shows the permissions for the owner of the file or directory, the second column shows the permissions for the group, and the third column shows the permissions for all other users. Each column contains three characters, representing the read, write, and execute permissions respectively.

The first character, "d," indicates that the file is a directory. If it was a regular file, this character would be "-".

The next three characters, "rwx," represent the read, write, and execute permissions for the owner of the file. In this case, the owner has read, write, and execute permissions, which are represented by the numeric value 7 (4+2+1).

  • Read: Indicated by an r in the first position

  • Write: Indicated by a w in the second position

  • Execute: Indicated by an x in the third position. In some special cases, there may be a different character here

Here is an example screenshot of ls -l output, with labels of each column of output:

Read

For a normal file, read permission allows a user to view the contents of the file.

For a directory, read permission allows a user to view the names of the file in the directory.

Write

For a normal file, write permission allows a user to modify and delete the file.

For a directory, write permission allows a user to delete the directory, modify its contents (create, delete, and rename files in it), and modify the contents of files that the user has write permissions to.

Execute

For a normal file, execute permission allows a user to execute (run) a file — the user must also have read permission. Execute permissions must be set for executable programs and shell scripts before a user can run them.

For a directory, execute permission allows a user to access, or traverse into (i.e. cd) and access metadata about files in the directory (the information that is listed in an ls -l).

Now that know how to read the mode of a file, and understand the meaning of each permission, you will see a few examples of common modes, with brief explanations, to bring the concepts together.

  • -rw-------: A file that is only accessible by its owner

  • -rwxr-xr-x: A file that is executable by every user on the system. A “world-executable” file

  • -rw-rw-rw-: A file that is open to modification by every user on the system. A “world-writable” file

  • drwxr-xr-x: A directory that every user on the system can read and access

  • drwxrwx---: A directory that is modifiable (including its contents) by its owner and group

  • drwxr-x---: A directory that is accessible by its group

Access Control List

Access control list (ACL) is a Linux feature that provides more granular file permissions by allowing users to set permissions for specific users or groups. It extends the traditional UNIX file permission system by enabling users to set multiple access rules for a file or directory.

Here is a diagram that shows how ACL works in Linux:

In the diagram above, the file/directory permissions indicate that the owner of the file/directory has read, write, and execute permissions, the group has read and execute permissions, and all other users have read permissions.

The ACL then adds additional access rules to the file/directory. User1 has read and write permissions, User2 has read permission, and Group1 has read and write permissions.

This means that even if a user does not belong to the group that owns the file/directory, they can still be granted specific permissions to access the file/directory.

To view or modify the ACL for a file/directory, you can use the getfacl and setfacl commands in Linux.

In this below we have 3 users jethalal, tappu and ubuntu.

We gave access to tappu and ubuntu of file1.txt with the help of setfacl -m and checked the same by the help of getfacl.

Although when we removed the permissions of both tappu and ubuntu we used setfacl -x

DevopsLinuxTrainWithShubhamAWS