📜 Understanding File Permissions in Linux: Numeric vs. Symbolic Permissions 🐧🔒

INTRODUCTION:

In the world of DevOps and system administration, managing file permissions is an essential skill that empowers engineers to control access to sensitive data, safeguard applications, and uphold system integrity. Understanding the intricacies of file permissions is akin to wielding a powerful toolset that allows you to dictate who can read, write, or execute files and directories. In this comprehensive article, we will delve into the basics of file permissions, explore the art of changing permissions like a seasoned pro, and unlock the advanced realm of Access Control Lists (ACL).

Basics of file permissions in Linux:

In Linux, file permissions are a fundamental aspect of the operating system's security model. They define who can access a file or directory and what actions they can perform on it. File permissions are primarily governed by three categories of users:

1. The owner (user): The user who created the file or directory is known as the owner. The owner has the highest level of control over the file and can modify its permissions, read, write, and execute it.

2. Group: Each file or directory is associated with a group. Users who are members of this group inherit the group permissions for that file or directory. Group permissions are useful when multiple users need to collaborate on files.

3. Others: This category includes all users who are neither the owner nor members of the group associated with the file or directory. Others represent everyone else in the system.

For each category (owner, group, others), there are three basic permissions:

1. Read (r): Allows users to view the contents of a file or list the contents of a directory.

2. Write (w): Permits users to modify the contents of a file or create, delete, and rename files within a directory.

3. Execute (x): Grants users the right to execute a file (for programs or scripts) or access a directory (to change into it).

File permissions are represented using a combination of characters and are typically displayed in the following order: owner, group, and others. Each category's permissions are represented by a combination of 'r', 'w', and 'x' characters or dashes ('-') when permission is not granted.

For example:

• -rw-r--r--: The owner has read and write permissions, while the group and others have only read permissions on the file.

• drwxr-xr-x: This indicates a directory where the owner has read, write, and execute permissions, while the group and others can only read and execute the directory.

You can view file permissions using the ls -l command, and change them using the chmod command for numeric permissions or symbolic notation, or the chown and chgrp commands for changing ownership and group ownership, respectively.

Understanding file permissions is crucial for maintaining security and controlling access to sensitive data and system resources in Linux.

🔒 Demystifying File Permissions in Linux: Numeric vs. Symbolic Permissions 🔍

As a DevOps Engineer, understanding file permissions is crucial when managing systems and applications. File permissions control who can read, write, and execute files or directories. In Linux, there are two main ways to represent file permissions: Numeric and Symbolic. In this article, we will take a closer look at both methods and learn how to manage permissions like a pro! 🧙‍♂️

🌟 Numeric Permissions:

Numeric permissions are represented using a 3-digit octal number (0 to 7), where each digit corresponds to a specific permission set. The three digits represent the user, group, and others, respectively.

• 0: No permission

• 1: Execute

• 2: Write

• 4: Read

To calculate the numeric permission, simply add the values for the desired permissions. Let's explore this with an example:

📁 Example Directory: /var/www/project

Suppose we want to set the permissions as follows:

• Owner: Read, Write, and Execute (4 + 2 + 1 = 7)

• Group: Read and Execute (4 + 1 = 5)

• Others: No permissions (0)

So, the numeric permission for our example directory will be 750.

You can apply these permissions using the chmod command like this:

chmod 750 /var/www/project

🌟 Symbolic Permissions:

Symbolic permissions are more human-readable and allow us to modify specific permission sets without affecting others. The symbolic representation consists of three parts: 'u' for user, 'g' for group, and 'o' for others, combined with 'r' for read, 'w' for write, and 'x' for execute.

For example, using symbolic notation, we can achieve the same permissions as in the previous example like this:

chmod u=rwx,g=rx,o= /var/www/project

• u=rwx: User (Owner) has Read, Write, and Execute permissions.

• g=rx: Group has Read and Execute permissions.

• o=: Others have no permissions.

🌟 Combining Symbolic Permissions:

Symbolic permissions also allow us to use operators to add or remove permissions from the existing ones.

• +: Adds the specified permissions.

• -: Removes the specified permissions.

• =: Sets the exactly specified permissions.

Let's demonstrate this with an example:

📄 Example File: /home/user/documents/secret.txt

Suppose the file already has these permissions:

• Owner: Read and Write

• Group: Read

• Others: No permissions

Now, let's add execute permission for the owner and group and remove write permission for others:

chmod u+x,g+x,o-w /home/user/documents/secret.txt

🔒🔍 Mastering Access Control Lists (ACL) in Linux 🚀

In the exciting realm of DevOps, managing file permissions is vital for controlling access to data and applications. But what if we need even more fine-grained control? Enter Access Control Lists (ACL) – a powerful extension that adds a touch of magic to permission management! 🪄✨

🤔 What is ACL?

In simple terms, ACL is like giving special superpowers to your files and directories. It allows you to create custom access rules for individual users or groups, giving them specific permissions beyond the standard owner-group-others model. This granular control empowers you to tailor access rights for different folks on the same file, ensuring only the right people get the right access! 🎩🎉

🔍 Understanding getfacl:

To peek into the enchanting world of ACL, we can use the getfacl command. This magical command lets you view the current ACL settings for a file or directory. Just like casting a spell, run getfacl followed by the file or directory's path, and you'll witness a list of users and their special powers! 🧙‍♂️🔮

getfacl /path/to/your/file_or_directory

With the output of getfacl, you can decipher the mysterious combination of users and their corresponding permissions! 📜🔑

🧙‍♀️ Mastering setfacl:

Now, let's learn the art of bestowing magical powers to users using the setfacl command. This spellbinding command lets you set custom ACL rules to grant specific permissions. With great power comes great responsibility, so make sure to use it wisely! 🌟🧚‍♂️

The incantation for setfacl is straightforward. Just specify the user or group you want to grant permissions to, followed by the desired permissions, and the path to the file or directory. Voilà! You have granted special privileges to the chosen ones. 🪄✨

setfacl -m u:username:permissions /path/to/your/file_or_directory

Here, u represents the user, username is the target user, and permissions can be r for read, w for write, and x for execute, just like the traditional permissions! 📝🖊️

📜✍️Task Assigned:

In this step-by-step guide, we will explore how to create a file using the touch command and then use chown, chgrp, and chmod to modify file ownership, group and permissions. We will use a Linux-based environment for these examples. Let's dive in!

Step 1: Creating a File with Touch First, let's create a file using the touch command. Open your terminal and execute the following command:

touch test2.txt

This command will create a new file named test2.txt in the current directory.

Step 2: Verifying File Creation and current permission by using the ls -ltr command to list the contents of the directory:

ls -ltr test2.txt

The output will display file information, including its ownership and permissions. At this point, the file should have default ownership (probably your user) and default permissions.

Step 3: Changing File Ownership (chown) Now, let's change the ownership of the file to a specified user. Use the chown command with the following syntax:

sudo chown new_owner_username test2.txt

Replace new_owner_username with the desired username of the new owner. Note that changing ownership might require superuser (root) privileges, so we use sudo.

Example:

sudo chown john test2.txt

Step 4: Verifying Ownership Change To ensure the ownership change, list the file information again using ls -ltr. The owner of test2.txt should now reflect the new owner (in this case, user 'john').

Step 5: Changing Group Ownership (chgrp) Next, let's change the group ownership of the file. Use the chgrp command with the following syntax:

sudo chgrp new_group_name test2.txt

Replace new_group_name with the desired group name you want to assign to the file.

Example:

sudo chgrp john test2.txt

Step 6: Verifying Group Ownership Change List the file information again using ls -ltr, and you should see that the group ownership of test2.txt has been updated to the new group (in this case, group 'john').

Step 7: Changing File Permissions (chmod) Finally, let's modify the permissions of the file using the chmod command. You can use either the numeric representation or the symbolic notation, as described in the article. For numeric permissions:

sudo chmod permissions test2.txt

Replace permissions with the desired numeric value representing the new permissions.

Example (Numeric):

sudo chmod 777 test2.txt

Alternatively, you can use symbolic permissions:

sudo chmod who=permissions example_file.txt

Replace who with 'u' for user, 'g' for group, or 'o' for others, and permissions with the desired symbols ('r', 'w', 'x').

Example (Symbolic):

sudo chmod u=rwx,g=rwx,o=rwx test2.txt

Step 8: Verifying Permission Change List the file information one last time using ls -ltr, and you should observe that the permissions of test2.txt have been modified according to your command.

Giving all these three permission using Shell Script:

Step 1: Make a shell file and open it in text editor vim, using command vim <file_name.sh>

In this text editor we write our script using variables like this:

And then save the changes using esc+:+wq, & you will come out of text editor and after that we have to give permission and then execute the script file with root user or super user command.

like this:

then we will get outputs

output 1: change of user.

output 2: changing of group.

output 3: Assigning permission to other user.

🌟 Conclusion:

Understanding file permissions is a crucial skill for any DevOps engineer. Numeric permissions offer a concise representation, while symbolic permissions provide greater flexibility and readability. You can choose the method that best suits your needs and modify permissions as required. Remember to be careful with permissions, as granting too many permissions may pose security risks! and with the mystical power of Access Control Lists (ACL) in your hands, you have taken your permission management skills to the next level! Embrace this magic to grant custom access to files and directories, catering to your system's unique requirements. Remember, with great power comes great responsibility, so wield this ability wisely! ✨🔑🚀

So, next time you navigate through your Linux system, don't forget to check and manage those file permissions! 🚀

Now you're all set to unleash your magical powers of file permission management! 🎉 Happy DevOps-ing! 😄

Thank you for taking the time to read this blog. I hope you found the information helpful and insightful. So please keep yourself updated with my latest insights and articles on DevOpsJourney 🚀 by following me on : LinkedIn & Hasnode.

#devopsjourney #trainwithshubham #devopscommunity #linux #shellscripting

#90daysofdevops