File Permission and Access Control List

File Permission and Access Control List

File permissions are core to the security model used by Linux systems. They determine who can read, write and execute files.

How to view Linux file permissions?

To view file permissions, use the ls -ltr command.

ls -ltr

file permissions

Here’s what each part represents:

File type (- for regular file, d for directory, l for symlink, etc.)

rw: Permission for owner (read, write)

r: Permission for the group (read)

r: Permission for others (read)

User owner: Muzammil

Group owner: root


rw-r--r--

This string is actually an expression of three different sets of permissions:

  • rw-

  • r--

  • r--

The first set of permissions applies to the owner of the file. The second set of permissions applies to the user group that owns the file. The third set of permissions is generally referred to as "others."

How to modify Linux file permissions?

In symbolic mode 'u' stands for user owner, 'g' for group owner, and 'o' for others. For permissions, 'r' stands for read, 'w' for write, and 'x' for execute.

To change user permissions of a file:

chmod permission filename
  • updated file permissions

    u+x: Adds execute permission for the owner (user).

  • g+w: Adds write permission for the group.

  • o-r: Removes read permission for others.

To change the owner permission of a file:

chown owner filename

owner permission updated

To change the group ownership of a file:

chgrp group filename

group ownership updated

Access Control List

ACLs allow you to grant specific permissions to individual users or groups for a file or directory. It is useful in environments with complex permission requirements and offering more flexibility.

To view the ACLs of a file or directory:

getfacl filename

Acl of directory

Examples

  • Grant permission to a specific user:
setfacl -m u:username:r file.txt

updated permission for root user

  • Grant permission to a specific group:
setfacl -m g:groupname:x file.txt
  • Remove all ACL entries for a specific user:

setfacl -x u:username file.txt
  • removed ACL entries for root user

    To remove all ACL entries from a file or directory:

setfacl -b file.txt

removed all ACL entries