Linux (File Permissions and Access Control Lists.)

File Permissions and Access Control Lists.

1. Create a simple file and do ls -ltr to see the details of the files.

- Here you can see, in the above screenshot, I have created a simple script file and given the permissions to the specific file as “777”.

Firstly, we need to understand, how to change permissions in numeric code in Linux, so you need to use numbers instead of “r”, “w”, or “x”.

· 0 = No Permission

· 1 = Execute

· 2 = Write

· 4 = Read

Permission numbers are:

· 0 = — -

· 1 = — x

· 2 = -w-

· 3 = -wx

· 4 = r-

· 5 = r-x

· 6 = rw-

· 7 = rwx

chmod 777 stands,

7 (4+2+1) for the user, to provide read, write and execute access.

7 (4+2+1) for the owner, to provide read, write and execute access.

7 (4+2+1) for others, to provide read, write and execute access.

2. Write an article about File Permissions based on your understanding.

- As per my understanding, there are three types of permission categories in Linux, i.e

· Read (r)

· Write (w)

· Execute (x)

And these permissions can be implemented on,

· Users (u)

· Groups (g)

· Others (o)

And instead of Read, Write and Execute, we can give permissions with numeric values, as explained in 1st question.

How we can set the permissions in the numeric format:

Add alt text

3. Read about ACL(Access Control List) and try out the commands getfacl and setfacl.

What is Linux Access Control List (ACL)?

It allows you to give more specific set of permissions to a file or directory without changing the base ownership and permissions.

When permission is set on a file or directory using ACL, it displays a “+” sign when a list command is used.

For example, from the screen-shot below, a list command is used on a file that the permission has been set using ACL.

Commands: setfacl & getfacl
- getfacl

- Setfacl

set permission using ACL

remove permission using ACL

you can see in above screenshot the permission user:ubuntu:rwx has been removed after using the setfacl -x u:ubuntu command.

To remove all entries

use setfacl -b <file name>