#90Days of DevOps challenge
#day6 task of the #90daysdevops challenge.
TABLE OF CONTENTS
File Ownership
File/ Directory owners come in this basic three categories:
user — The owner of the file or application.
A user is the owner of the file. By default, the person who created a file becomes its owner. Hence, a user is also sometimes called an owner.
group — The group that owns the file or application.
A user- group can contain multiple users. Members or users can share certain permissions of the group if it allows.
others — All users with access to the system.
Any user that is not an owner of the file or doesn’t belong to the group can be categorized as others.
Linux File Permissions
File permissions can be categorized into these three categories:-
write(w): It is the permission by which the user gets access to modify it.
read(r):- It is the permission by which the user can view the content of the file.
execute(x):- It is the permission by which the user can run the file.
Create a simple file and do ls -ltr
to see the details of the files
We have created a new file 'file.txt' and new directory 'data' and view its permissions by using the command
ls -ltr or ls -l
In this output, '-' represents the file and 'd' represents a directory
Suppose we split the output like in a file, we get this
rw-: file owner permission
r--: file group permission
r--: other user permission
Change file permissions
For modification of these permissions, we use the following commands
"chown"
is used to change the ownership permission of a file or directory."chgrp"
is used to change the group permission of a file or directory."chmod"
is used to change the other user's permissions of a file or directory.
Let's create one user named Shawn and one group say DevOps like
sudo useradd Shawn
sudo groupadd DevOps
Now try to change the ownership of the above files and directory by using chown
and chgrp
commands.
sudo chown Shawn file.txt
sudo chown Shawn:DevOps data
sudo chgrp DevOps data
we get the current owner of the directory by using ls -ltr command
drwxr-xr-x 1 Shawn DevOps 4096 Jan 7 10:34 data
We can also change this permission by using chmod
command.
There are two modes of chmod command that we can use:-
Symbolic Method
Numeric Method
Symbolic Method:
In this, owners can be represented as
u : user/owner
g : group
o : other
a : all
and operators are used here
Adds a permission to a file or directory
– : Removes the permission
= : Sets the permission and overrides the permissions set earlier.
Some examples of this method:
chmod u+x file.txt
chmod o-w file.txt
Numeric method:
It is also referred to as an Absolute method. In this mode, file permissions are not represented as characters but as a three-digit octal number.
4=> Read
; 2=> Write
; 1=> Execute
Table showing numbers of all permissions:
Number Permission Type Symbol
0 No Permission —
1 Execute –x
2 Write -w-
3 Execute + Write -wx
4 Read r–
5 Read + Execute r-x
6 Read +Write rw-
7 Read + Write +Execute rwx
Some examples of this method:
chmod 750 file.txt
chmod 777 data
Read about ACL and try out the commands getfacl
and setfacl
Access Control List (ACL)
ACL is used to assign specific permission to a user(other user) or a group (other group)
What is setfacl? It is used to set ACL to user, group.
And getfacl? It gives output of setfacl.
Syntax :
setfacl -m u:<user>:<permission> <file/dir>
& setfacl -m g:<group>:<permission> <file/dir>
where m is for modify mode of permission
setfacl -x u:<user> <file/dir>
& setfacl -x g:<group> <file/dir>
where x is for extract/remove permission
setfacl -b <file/dir>
where b is for base permission
getfacl <file/user>
Some example:
setfacl -m u:Shawn:rwx data
getfacl data