πŸ”‘ Expert Guide to File Permissions & Access Control in Linux (Day 6)

SRITESH SURANJAN's photo
SRITESH SURANJAN
Β·

5 min read

πŸ”‘ Expert Guide to File Permissions & Access Control in Linux (Day 6)

Table of contents

πŸ›… Mastering File Permissions & ACLs in Linux

Linux provides a powerful permission model to control who can access, modify, and execute files on a system. Proper permission management is crucial for security, stability, and efficient user management. Today, we will dive deep into file permissions, ownership, and Access Control Lists (ACLs) with real-world examples. πŸš€

πŸ— Understanding Linux File Permissions

Every file in Linux has three types of user classifications:

1️⃣ Owner (User) β†’ The creator of the file (e.g., a developer working on a script).
2️⃣ Group β†’ A set of users who share permissions (e.g., DevOps engineers in a team).
3️⃣ Others β†’ Any other user on the system (e.g., external users accessing a shared server).

Each classification has three permission types:

  • πŸ” Read (r) β†’ Can view the file's contents.

  • ✍️ Write (w) β†’ Can edit or delete the file.

  • πŸš€ Execute (x) β†’ Can run the file if it's a script or program.

πŸ’» Checking File Permissions

To check a file’s permissions, run:

ls -l myfile.txt

Example Output:

-rwxr--r--  1 devops team  1024 Feb 22 10:00 deploy.sh

Breaking Down the Permissions:

  • rwxr--r-- β†’ Represents who can do what (user, group, others).

  • devops β†’ The owner of the file.

  • team β†’ The group assigned to the file.

  • 1024 β†’ File size in bytes.

  • Feb 22 10:00 β†’ Last modified date.

  • deploy.sh β†’ File name.

πŸ“Œ Decoding the Permission Code

PositionSymbolMeaning
-File type (- for file, d for directory)
rwxOwner can read, write, and execute
r--Group can only read
r--Others can only read

πŸ”§ Modifying File Permissions Using chmod

πŸ”Ή Symbolic Mode (User-Based)

Change permissions for User (u), Group (g), and Others (o):

Example 1: Grant execute permission to the owner:

chmod u+x deploy.sh

βœ… Now, the owner can execute the script.

Example 2: Remove write access from the group:

chmod g-w deploy.sh

βœ… The group can no longer modify the file.

πŸ”’ Octal Mode (Numeric Representation)

Permissions are represented as:

  • r (Read) = 4, w (Write) = 2, x (Execute) = 1
PermissionOctal Value
rwx7
rw-6
r--4

Example 3: Set permissions to rw-r--r-- (Owner: Read & Write, Group & Others: Read-Only)

chmod 644 deploy.sh

βœ… Ensures only the owner can edit the file.

πŸ‘‘ Changing File Ownership with chown

Every file has an owner and an associated group. The chown command is used to change the owner or group of a file.

Example 1: Assign john as the new owner of deploy.sh:

sudo chown john deploy.sh

βœ… Now, John owns the file.

Example 2: Change both owner and group to john:developers:

sudo chown john:developers deploy.sh

βœ… Now, John and the developers group manage the file.

πŸ›‘οΈ Advanced Access Control Lists (ACLs)

Traditional permissions (chmod and chown) are sometimes too restrictive. What if you want to give a specific user extra permissions without changing the group? That’s where Access Control Lists (ACLs) come in!

πŸ“Œ Checking ACLs for a File

getfacl deploy.sh

βœ… This displays custom permissions beyond standard Linux permissions.

✍️ Adding ACLs

Example: Grant alice read and execute access to deploy.sh without modifying group settings:

setfacl -m u:alice:rx deploy.sh

βœ… Now, Alice can read & execute the file.

❌ Removing ACLs

To remove all ACLs from a file:

setfacl -b deploy.sh

βœ… Now, the file follows only traditional permissions.

🎯 Real-Life Use Cases for File Permissions & ACLs

πŸ”Ή Example 1: Securing Deployment Scripts in DevOps

Scenario: A DevOps team maintains a deploy.sh script used for server updates.

  • The script owner should have read, write, and execute permissions.

  • The DevOps team (group) should have read & execute access.

  • Other users should not have any access.

Solution:

chmod 750 deploy.sh

βœ… This ensures only authorized team members can execute the script.

πŸ”Ή Example 2: Shared Project Folder for Developers

Scenario: A development team is working on a project.

  • The Project Lead should have full access.

  • Developers should have read and write access.

  • Interns should have only read access.

Solution Using ACLs:

setfacl -m u:lead:rwx project_folder
setfacl -m g:developers:rw project_folder
setfacl -m g:interns:r project_folder

βœ… This customizes access levels for different roles in the team.

πŸ”Ή Example 3: Preventing Accidental File Deletion

Scenario: A critical system log file should never be modified by regular users.
Solution: Apply immutable flag to prevent accidental edits:

chattr +i /var/log/syslog

βœ… Now, even root cannot delete it without removing the flag.

πŸš€ Key Takeaways for IT Professionals

βœ”οΈ File Permissions (chmod) control who can read, write, and execute files.
βœ”οΈ Ownership (chown) defines who manages a file.
βœ”οΈ ACLs (setfacl) allow fine-grained access control beyond traditional permissions.
βœ”οΈ Immutable files (chattr) can protect critical files from accidental deletion.

🎯 Next Steps

πŸ’‘ Practice Task:
1️⃣ Create a test file and experiment with chmod, chown, and ACLs.
2️⃣ Try setting different access levels for different users in a group.
3️⃣ Learn about special permissions (SUID, SGID, Sticky Bit) for advanced security.

πŸ“Œ Coming Next: Day 7 – Linux Process Management! βš™οΈ Stay tuned!

LinuxDevops#90daysofdevopsDevOps Journeyshell script
Β