DevOps, Day - 6

DevOps, Day - 6

File permissions and Access Control Lists

A part of File Permissions was previously covered in my blog, please have a look here --> file_permissions

Now we will continue the remaining part of it.

Here, we will be working on Linux permissions and ownership and will do tasks on both of them. Let us start with the Permissions.

  1. Create a simple file and do ls -ltr to see the details of the files

    Here, ls is used to list all the contents within a directory.

    • ls -l is used to list the contents of a directory in a detailed or long format. When you run the ls -l command, it displays the file or directory name, permissions, owner, group, size, and creation/modification date for the contents.

    • ls -lt is used to list files and directories in the current working directory in a long format sorted by modification time, with the most recently modified file or directory appearing at the top of the list.

    • ls -ltr is used to list files and directories in a directory in a long format, sorted by modification time with the latest modification time at the bottom of the list.

Change owner_ship
chown is used to change the ownership permission of a file or directory.

use sudo chown another_user_name file/folder_name command.

Here, in the below example my,
another_user_name is (cronuser)
file/folder_name is (d2)

Before changing ownership.

After changing ownership.

Change Group
chgrp is used to change the group permission of a file or directory.

use sudo chgrp group_name file/folder_name command.

Here, in the below example my,
group_name is (cronuser)
file/folder_name is (d2)

After using the above command

Change permissions
use chmod a-r file/folder_name command to remove read access to it.

Here, is the final changes that occurred on the directory (d2)

BEFORE

AFTER

  1. Check here about--> File Permissions

  2. Read about ACL and try out the commands getfacl and setfacl

    What is ACL?
    It allows you to give more specific set of permission to a file or directory without changing the basic ownership and permissions.

setfacl

  • setfacl enables you to grant or deny specific permissions to users or groups beyond the traditional read, write, and execute permissions available in Linux file systems.

  • setfacl can be used to set default permissions that apply to all new files and directories created within a particular directory.

  • setfacl is useful in multi-user environments where multiple users need to access the same files or directories, but with different levels of permission. ACLs can be set up to allow or deny access on a per-user or per-group basis.

getfacl

  • Retrieves ACLs: The primary purpose of "getfacl" is to retrieve the access control lists (ACLs) for files and directories. This allows you to see which users and groups have been granted specific permissions, such as read, write, or execute.

  • Provides detailed information: When you use "getfacl", it provides you with a detailed list of the current ACLs for a particular file or directory. This includes information such as the user or group associated with each ACL, the type of permission granted, and any special options that have been set.

    Commands of ACL
    setfacl and getfacl

    Commands used for setfacl are:

    setfacl -m u:user:rwx targetfile For adding the permission for the user
    setfacl -m g:group:rwx targetfile For adding permission to the group

    setfacl -x u:user:rwx targetfile To remove a specific entry
    setfacl -b targetfile To remove all entries

    The command used for getfacl is:
    getfacl file/folder_name

    DEMO:
    First, create a user and type getfacl filename

    Now, set permission for useracl using setfacl command as shown below.

    Here, we can see that useracl is given only read & write permission.
    Now just type ls -l acl.txt

    we can see a + sign, which means ACL is used here. And the other user useracl can read & write in the file.

  • Thank you so much for reading.

    Follow me at LinkedIn to see interesting posts like this : )

Linkedin

Β