File Permissions and Access Control Lists

🔹Creating a Simple File and Viewing File Details:

To create a simple file, you can use the touch command. For example:

touch myfile.txt

To view the details of the file, you can use the ls -ltr command, which displays the file details in long format with the most recent files at the bottom:

ls -ltr

🔹Understanding File Permissions and Ownership:

File permissions are represented by three sets of characters, each consisting of three characters (r, w, and x), which indicate read, write, and execute permissions, respectively. The three categories of users that have specific permissions are:

  1. Owner: The user who owns the file or directory. Permissions can be modified using the chown command:
chown new_owner myfile.txt

Group: The group that owns the file or directory. Permissions can be modified using the chgrp command:

chgrp new_group myfile.txt

🔹Changing User Permissions and Observing the Changes:

To set the desired permissions on the file "myfile.txt" you can use the chmod command with numeric mode or symbolic mode. Here's how you can give the user read, write, and execute permissions, the group read-only permissions, and others read-only permissions:

Using Numeric Mode:

In numeric mode, permissions are represented by three digits: the first digit for the user, the second for the group, and the third for others. Each permission is assigned a numeric value:

  • Read (r) = 4

  • Write (w) = 2

  • Execute (x) = 1

To give the user read (4), write (2), and execute (1) permissions, and the group (4) and others (4) read-only permissions, you can use the following command:

chmod 744 myfile.txt

Here's how the permission "744" breaks down:

  • User: 7 (4+2+1) = Read + Write + Execute

  • Group: 4 (Read only)

  • Others: 4 (Read only)

Using Symbolic Mode:

In symbolic mode, you can directly specify the permissions you want to add or remove. To achieve the same permissions as above, you can use:

chmod u=rwx,g=r,o=r myfile.txt

Here's what each part of the command represents:

  • u=rwx: Give the user (owner) read, write, and execute permissions.

  • g=r: Give the group read, write permissions.

  • o=r: Give others read-only permissions.

Both the numeric and symbolic mode commands will set the permissions on "myfile.txt" as desired, with the user having read, write, and execute permissions, the group having read-only permissions, and others having read-only permissions.

🔹Reading about ACL and Using getfacl and setfacl Commands:

ACL (Access Control List) provides a more fine-grained control over file permissions. It allows defining permissions for multiple users and groups beyond the standard owner, group, and others.

To read about ACL, you can use various online resources or man pages. To use getfacl and setfacl commands to view and set ACLs on files and directories, respectively:

getfacl myfile.txt
setfacl -m u:username:rwx myfile.txt

The getfacl command shows the ACLs for a file, while setfacl command allows you to set specific permissions for a user or group.

Explanation of ACL Entries:

  • user::rwx: This ACL entry denotes the permissions for the file's owner (root), which are read (r), write (w), and execute (x).

  • user:gopal:rwx: This entry denotes the permissions for the user "gopal" (the one you added using setfacl). The user "gopal" has read (r), write (w), and execute (x) permissions on the file.

  • group::rw-: This entry represents the permissions for the file's group (root group). The group has read (r) and write (w) permissions, but no execute permission (represented by a hyphen "-").

  • mask::rwx: The mask entry reflects the maximum permissions allowed by the combination of ACL entries. It ensures that no additional permissions are granted beyond the defined ACL entries. In this case, the mask is set to read (r), write (w), and execute (x) permissions.

  • other::r--: The "other" entry represents all users not part of the file's owner or group (outside users). They have only read (r) permissions on the file.

Overall Permissions:

When you observe the final permissions for "myfile.txt" in the ls -ltr output:

-rwxrwxr--+ 1 root root 0 Jul 21 18:24 myfile.txt

The permissions are as follows:

  • Owner (root): read (r), write (w), and execute (x).

  • Group (root): read (r) and write (w).

  • Others: read (r).

The + sign at the end indicates that extended ACL permissions are present.

In summary, you successfully set ACL permissions for the user "gopal" on "myfile.txt," and the getfacl command displayed the detailed ACL entries for the file. The overall file permissions reflect the combination of standard UNIX permissions and extended ACL permissions.