On day 6, we are exploring file permissions and access control lists.
What Are File Permissions in Linux?
In Linux, file permissions determine who can access a file and what they can do with it. This ensures security and proper user control over system resources.
Objective:
Understand how Linux file permissions work and how to modify them using chown, chgrp, and chmod.
✅ Step 1: Create a File
touch testfile.txt
✅ Step 2: View File Details
ls -ltr testfile.txt
- This shows the file’s current permissions, owner, and group.
✅ Step 3: Change Ownership (User)
sudo chown newuser testfile.txt
- Replace
newuserwith the name of an existing user. - Use
ls -ltragain to see the updated owner.
✅ Step 4: Change Group
sudo chgrp newgroup testfile.txt
- Replace
newgroupwith the name of an existing group. - Check updated group ownership with
ls -ltr.
✅ Step 5: Change Permissions
chmod 740 testfile.txt
-
7→ Owner: read, write, execute -
4→ Group: read -
0→ Others: no access - Run
ls -ltrto view the updated permissions.
🔍 Understanding ls -ltr Output Example:
-rwxr----- 1 newuser newgroup 0 Jul 25 12:00 testfile.txt
-
rwx→ owner permissions -
r--→ group permissions -
---→ others have no permissions -
newuser→ owner -
newgroup→ group
- Understanding File Permissions in Linux In a multi-user environment like Linux, file permissions are essential for maintaining the security and integrity of your system. They determine who can access a file and what actions they can perform on it such as reading, editing, or executing it. Whether you're a system administrator, DevOps engineer, or an aspiring Linux user, mastering file permissions is a key step in managing your system effectively.
Category of Users:
Linux permissions apply to three categories of users:
| Category | Description |
|---|---|
| Owner | The user who owns the file. |
| Group | Users who belong to the file’s group. |
| Others | Everyone else on the system. |
Each category can be granted (or denied) the following permissions:
Read (r): View contents of the file or list a directory.
Write (w): Modify the contents or add/delete files in a directory.
Execute (x): Run the file as a program or script.
Numeric Representation of Permissions
Permissions can also be represented numerically using chmod:
| Number | Meaning | Permissions |
|---|---|---|
| 7 | Full | rwx |
| 6 | Read/Write | rw- |
| 5 | Read/Execute | r-x |
| 4 | Read only | r-- |
| 0 | None | --- |
For example, if you want:
Owner: full access (rwx)
Group: read and execute (r-x)
Others: read only (r--)
chmod 754 filename
Managing File Ownership and Groups
Change file owner:
bash
sudo chown newuser filename
Change group ownership:
bash
sudo chgrp newgroup filename
View file details (owner, group, permissions):
bash
ls -ltr filename
Why File Permissions Matter
Security: Prevent unauthorized users from accessing or modifying sensitive data.
Stability: Ensure critical system files aren’t accidentally altered.
Collaboration: Assign the right access levels to users working in shared environments.
Automation: Many scripts and scheduled tasks rely on correct execution permissions.
3. *What is ACL (Access Control List)? *
In Linux, ACL provides a more flexible permission mechanism than the traditional file permissions. While standard permissions only allow you to set access rights for the file owner, group, and others, ACL lets you define permissions for multiple users and groups individually.
This is very useful in shared environments where different users need different levels of access to the same file or directory.
📂 Task Breakdown
🔧 Step 1: Create a Directory
mkdir project-data
cd project-data
👤 Step 2: Create a Sample File (Optional)
touch report.txt
👥 Step 3: Add Users (if not already existing)
sudo useradd user1
sudo useradd user2
Set passwords if needed:
sudo passwd user1
sudo passwd user2
🔐 Step 4: Set ACL Permissions
Give user1 read-only access to report.txt:
setfacl -m u:user1:r-- report.txt
Give user2 read and write access to the same file:
setfacl -m u:user2:rw- report.txt
You can also give permissions to a group:
setfacl -m g:devteam:rw- report.txt
If the group doesn't exist, create one:
sudo groupadd devteam
sudo usermod -aG devteam user1
🔍 Step 5: Verify ACLs
getfacl report.txt
You’ll see output like:
# file: report.txt
# owner: yourusername
# group: yourgroup
user::rw-
user:user1:r--
user:user2:rw-
group::r--
mask::rw-
other::r--
🧽 To Remove an ACL Entry
setfacl -x u:user1 report.txt
To remove all ACLs:
setfacl -b report.txt
Summary
Using ACLs, you can fine-tune file access in Linux environments beyond basic permissions. This is a valuable skill in DevOps and system administration, especially when working on multi-user systems where access control matters.
- Understanding Sticky Bit, SUID, and SGID in Linux Linux file permissions go beyond the basic rwx model. Three special permission flags — Sticky Bit, SUID, and SGID — provide enhanced control over file and directory behavior.
| Feature | Purpose | Use Case |
|---|---|---|
| Sticky Bit | Prevent users from deleting others’ files in shared folders |
/tmp, shared public directories |
| SUID | Temporarily grant higher privileges | Changing passwords, privilege escalation |
| SGID | Preserve group ownership or run with group privilege | Collaboration folders, shared project spaces |
- Backing up and restoring file permissions using shell scripts in Linux:
✅ Task A: Backup Permissions of Files in a Directory
Script: backup_permissions.sh
#!/bin/bash
# Check for directory argument
if [ -z "$1" ]; then
echo "Usage: $0 /path/to/directory"
exit 1
fi
TARGET_DIR=$1
BACKUP_FILE="permissions_backup.txt"
# Backup permissions using stat and save to a file
find "$TARGET_DIR" -type f | while read file; do
perms=$(stat -c "%a" "$file")
echo "$perms $file"
done > "$BACKUP_FILE"
echo "Permissions backed up to $BACKUP_FILE"
✅ Usage:
chmod +x backup_permissions.sh
./backup_permissions.sh /path/to/your/folder
✅ Task B: Restore Permissions from Backup
Script: restore_permissions.sh
#!/bin/bash
BACKUP_FILE="permissions_backup.txt"
if [ ! -f "$BACKUP_FILE" ]; then
echo "Backup file $BACKUP_FILE not found!"
exit 1
fi
while read line; do
perms=$(echo "$line" | awk '{print $1}')
file=$(echo "$line" | cut -d' ' -f2-)
if [ -f "$file" ]; then
chmod "$perms" "$file"
echo "Restored $file to $perms"
else
echo "File not found: $file"
fi
done < "$BACKUP_FILE"
✅ Usage:
chmod +x restore_permissions.sh
./restore_permissions.sh
📝 Notes:
- These scripts only handle regular files, not directories or symlinks.
- You can modify
find "$TARGET_DIR" -type fto-type f -o -type dto include directories. - The backup file stores lines in the format:
permissions /path/to/file, e.g.644 /home/user/file.txt.
Top comments (0)