As part of Day 6 in the #90DaysOfDevOps challenge, we dive deep into understanding Linux file permissions and Access Control Lists (ACLs). This is a core aspect of ensuring security, managing users, and efficiently controlling access to files within a Linux system.
What Are Linux File Permissions?
Linux file permissions determine who can read, write, or execute a file.
These permissions are categorized for three types of users:
Owner: The creator or owner of the file.
Group: Users belonging to a group that owns the file.
Others: All other users who are not the owner or part of the group.
Quick Tip:
To view file permissions, use the command:
_ls -ltr
Changing Ownership and Permissions
chown: This command allows you to change the owner of a file:
sudo chown new_owner file_name
chgrp: To change the group ownership of a file:
sudo chgrp new_group file_name
chmod: Adjust file permissions using this command:
chmod 755 file_name
_These are fundamental tasks for maintaining a secure and organized system. File permissions are crucial, especially in multi-user environments where different users and groups need various access levels.
Access Control Lists (ACLs)
ACLs are an advanced way of managing file permissions. They allow fine-tuned control, where you can set permissions for specific users or groups beyond the traditional owner-group-other model.
Commands to Know:
getfacl: Displays ACL permissions.
getfacl file_name
setfacl: Sets ACL permissions for users or groups.
setfacl -m u:username:rw file_name
Task: Create a directory and set ACL permissions for different users. Verify the permissions with getfacl. This level of control is vital for DevOps engineers when managing complex infrastructure.
Sticky Bit, SUID, and SGID
These three concepts are often misunderstood but are crucial for specific use cases.
Sticky Bit: Prevents users from deleting files they don’t own in a shared directory.
SUID (Set User ID): Allows a file to be executed with the permissions of the file owner.
SGID (Set Group ID): Ensures that files in a directory inherit the group ownership of that directory.
Backup and Restore Permissions
Backups are essential. Today’s task involves creating a script that backs up file permissions. Use a similar script to restore them, which is useful in disaster recovery scenarios.
_#!/bin/bash
Backup permissions
getfacl /directory > permissions_backup.acl_
By mastering file permissions, ACLs, and backup techniques, you can ensure robust security in your Linux environment.
Top comments (0)