DEV Community

Cover image for Day 6: File Permissions and Access Control Lists
Udoh Deborah
Udoh Deborah

Posted on

Day 6: File Permissions and Access Control Lists

On day 6, we are exploring file permissions and access control lists.

What Are File Permissions in Linux?
In Linux, file permissions determine who can access a file and what they can do with it. This ensures security and proper user control over system resources.

Objective:

Understand how Linux file permissions work and how to modify them using chown, chgrp, and chmod.

Step 1: Create a File

touch testfile.txt
Enter fullscreen mode Exit fullscreen mode

Step 2: View File Details

ls -ltr testfile.txt
Enter fullscreen mode Exit fullscreen mode
  • This shows the file’s current permissions, owner, and group.

Step 3: Change Ownership (User)

sudo chown newuser testfile.txt
Enter fullscreen mode Exit fullscreen mode
  • Replace newuser with the name of an existing user.
  • Use ls -ltr again to see the updated owner.

Step 4: Change Group

sudo chgrp newgroup testfile.txt
Enter fullscreen mode Exit fullscreen mode
  • Replace newgroup with the name of an existing group.
  • Check updated group ownership with ls -ltr.

Step 5: Change Permissions

chmod 740 testfile.txt
Enter fullscreen mode Exit fullscreen mode
  • 7 → Owner: read, write, execute
  • 4 → Group: read
  • 0 → Others: no access
  • Run ls -ltr to view the updated permissions.

🔍 Understanding ls -ltr Output Example:

-rwxr----- 1 newuser newgroup 0 Jul 25 12:00 testfile.txt
Enter fullscreen mode Exit fullscreen mode
  • rwx → owner permissions
  • r-- → group permissions
  • --- → others have no permissions
  • newuser → owner
  • newgroup → group
  1. Understanding File Permissions in Linux In a multi-user environment like Linux, file permissions are essential for maintaining the security and integrity of your system. They determine who can access a file and what actions they can perform on it such as reading, editing, or executing it. Whether you're a system administrator, DevOps engineer, or an aspiring Linux user, mastering file permissions is a key step in managing your system effectively.

Category of Users:
Linux permissions apply to three categories of users:

Category Description
Owner The user who owns the file.
Group Users who belong to the file’s group.
Others Everyone else on the system.

Each category can be granted (or denied) the following permissions:

Read (r): View contents of the file or list a directory.

Write (w): Modify the contents or add/delete files in a directory.

Execute (x): Run the file as a program or script.

Numeric Representation of Permissions
Permissions can also be represented numerically using chmod:

Number Meaning Permissions
7 Full rwx
6 Read/Write rw-
5 Read/Execute r-x
4 Read only r--
0 None ---

For example, if you want:

Owner: full access (rwx)

Group: read and execute (r-x)

Others: read only (r--)

chmod 754 filename

Enter fullscreen mode Exit fullscreen mode

Managing File Ownership and Groups
Change file owner:

bash
sudo chown newuser filename
Enter fullscreen mode Exit fullscreen mode

Change group ownership:

bash
sudo chgrp newgroup filename
Enter fullscreen mode Exit fullscreen mode

View file details (owner, group, permissions):

bash
ls -ltr filename

Enter fullscreen mode Exit fullscreen mode

Why File Permissions Matter
Security: Prevent unauthorized users from accessing or modifying sensitive data.

Stability: Ensure critical system files aren’t accidentally altered.

Collaboration: Assign the right access levels to users working in shared environments.

Automation: Many scripts and scheduled tasks rely on correct execution permissions.

3. *What is ACL (Access Control List)? *

In Linux, ACL provides a more flexible permission mechanism than the traditional file permissions. While standard permissions only allow you to set access rights for the file owner, group, and others, ACL lets you define permissions for multiple users and groups individually.

This is very useful in shared environments where different users need different levels of access to the same file or directory.

📂 Task Breakdown

🔧 Step 1: Create a Directory

mkdir project-data
cd project-data
Enter fullscreen mode Exit fullscreen mode

👤 Step 2: Create a Sample File (Optional)

touch report.txt
Enter fullscreen mode Exit fullscreen mode

👥 Step 3: Add Users (if not already existing)

sudo useradd user1
sudo useradd user2
Enter fullscreen mode Exit fullscreen mode

Set passwords if needed:

sudo passwd user1
sudo passwd user2
Enter fullscreen mode Exit fullscreen mode

🔐 Step 4: Set ACL Permissions

Give user1 read-only access to report.txt:

setfacl -m u:user1:r-- report.txt
Enter fullscreen mode Exit fullscreen mode

Give user2 read and write access to the same file:

setfacl -m u:user2:rw- report.txt
Enter fullscreen mode Exit fullscreen mode

You can also give permissions to a group:

setfacl -m g:devteam:rw- report.txt
Enter fullscreen mode Exit fullscreen mode

If the group doesn't exist, create one:

sudo groupadd devteam
sudo usermod -aG devteam user1
Enter fullscreen mode Exit fullscreen mode

🔍 Step 5: Verify ACLs

getfacl report.txt
Enter fullscreen mode Exit fullscreen mode

You’ll see output like:

# file: report.txt
# owner: yourusername
# group: yourgroup
user::rw-
user:user1:r--
user:user2:rw-
group::r--
mask::rw-
other::r--
Enter fullscreen mode Exit fullscreen mode

🧽 To Remove an ACL Entry

setfacl -x u:user1 report.txt
Enter fullscreen mode Exit fullscreen mode

To remove all ACLs:

setfacl -b report.txt
Enter fullscreen mode Exit fullscreen mode

Summary

Using ACLs, you can fine-tune file access in Linux environments beyond basic permissions. This is a valuable skill in DevOps and system administration, especially when working on multi-user systems where access control matters.

  1. Understanding Sticky Bit, SUID, and SGID in Linux Linux file permissions go beyond the basic rwx model. Three special permission flags — Sticky Bit, SUID, and SGID — provide enhanced control over file and directory behavior.
Feature Purpose Use Case
Sticky Bit Prevent users from deleting others’ files in shared folders /tmp, shared public directories
SUID Temporarily grant higher privileges Changing passwords, privilege escalation
SGID Preserve group ownership or run with group privilege Collaboration folders, shared project spaces
  1. Backing up and restoring file permissions using shell scripts in Linux:

✅ Task A: Backup Permissions of Files in a Directory

Script: backup_permissions.sh

#!/bin/bash

# Check for directory argument
if [ -z "$1" ]; then
  echo "Usage: $0 /path/to/directory"
  exit 1
fi

TARGET_DIR=$1
BACKUP_FILE="permissions_backup.txt"

# Backup permissions using stat and save to a file
find "$TARGET_DIR" -type f | while read file; do
  perms=$(stat -c "%a" "$file")
  echo "$perms $file"
done > "$BACKUP_FILE"

echo "Permissions backed up to $BACKUP_FILE"
Enter fullscreen mode Exit fullscreen mode

✅ Usage:

chmod +x backup_permissions.sh
./backup_permissions.sh /path/to/your/folder
Enter fullscreen mode Exit fullscreen mode

✅ Task B: Restore Permissions from Backup

Script: restore_permissions.sh

#!/bin/bash

BACKUP_FILE="permissions_backup.txt"

if [ ! -f "$BACKUP_FILE" ]; then
  echo "Backup file $BACKUP_FILE not found!"
  exit 1
fi

while read line; do
  perms=$(echo "$line" | awk '{print $1}')
  file=$(echo "$line" | cut -d' ' -f2-)

  if [ -f "$file" ]; then
    chmod "$perms" "$file"
    echo "Restored $file to $perms"
  else
    echo "File not found: $file"
  fi
done < "$BACKUP_FILE"
Enter fullscreen mode Exit fullscreen mode

✅ Usage:

chmod +x restore_permissions.sh
./restore_permissions.sh
Enter fullscreen mode Exit fullscreen mode

📝 Notes:

  • These scripts only handle regular files, not directories or symlinks.
  • You can modify find "$TARGET_DIR" -type f to -type f -o -type d to include directories.
  • The backup file stores lines in the format: permissions /path/to/file, e.g. 644 /home/user/file.txt.

Top comments (0)