File Permissions Overview
File permissions are an essential aspect of Unix-like operating systems, such as Linux, that control access to files and directories. They determine who can read, write, or execute a file, and they play a crucial role in maintaining the security and integrity of the system.
Three Permission Categories: Owner, Group, and Others
In Unix-like operating systems, file permissions are categorized into three main groups:
Owner:
The Owner is the user who created the file or directory.
The Owner has the highest level of control over the file or directory.
They can read the file's contents, modify the file's contents, and execute the file if it is a script or a program.
The Owner can also change the file's permissions and ownership.
Group:
On Unix systems, files can be assigned to a specific group of users.
The Group permissions apply to all users who are members of that particular group.
Group members can read the file's contents, modify the file's contents, and execute the file if it is executable.
However, they cannot change the file's permissions or ownership unless they are also the owner.
Others (User, World):
The Others category includes all users on the system who are neither the Owner nor members of the Group.
These permissions apply to everyone else who does not fall into the Owner or Group categories.
Others can read the file's contents, but they cannot modify or execute the file unless it has execute permissions for Others.
Like the Group, they cannot change the file's permissions or ownership unless they are also the owner.
File Permission Modes
File permission modes refer to the combinations of read, write, and execute permissions assigned to files and directories. Each file permission mode is represented using a three-character string, where each character represents the permission for the owner, group, and others.
In Unix-like systems, file permissions are represented by a 10-character string.
Viewing File Permissions
We can view file permissions using the ls command in combination with the -l option. The ls -l command displays detailed information about files and directories in the current directory, including their permissions, ownership, size, modification date, and more.
ls -l
Changing File Permissions
It can be done using the chmod command. chmod stands for "change mode," and it allows you to modify the read, write, and execute permissions for files and directories
You can change permissions using two methods:
Symbolic notation
Symbolic notation uses letters to represent the permissions that need to be added (+) or removed (-) from the current permissions.
chmod u+x,g+x,o-r document.txt # u represent owner user # g for group user # o for other user
Numeric notation
The numeric notation uses a three-digit number to represent the new permission settings.
Each digit corresponds to the permissions for the owner, group, and others, respectively. The values are assigned as follows: read (4), write (2), and execute (1).
chmod 755 document.txt # From the three number # 1st no. denotes user premission # 2nd no. denotes group premission # 3rd for other premission
Access Control Lists (ACL) commands getfacl and setfacl
ACL stands for Access Control List. It is a set of permissions or rules that determine the access rights for a specific user or group to a file, directory, or system resource. ACLs provide more granular control over permissions than traditional file permissions, allowing for more fine-tuned access management.
getfacl: Retrieves the ACL information for a file or directory.
setfacl: Sets or modifies the ACL of a file or directory,allowing for custom access permissions.
getfacl [filename/directory]
setfacl -m u:user:rwx,g:group:rw,o::r filename/directory