Skip to main content
HashnodeUntitled Publication

Command Palette

Search for a command to run...

File Permissions and Access Control lists

90daysofdevops day 6

Updated
2 min read
A
Asad Rafique
Part of series90DayToDevOps Challenge

Task 1: Create a Simple file and do ls -ltr to see the details of the file.

# Created a folder
mkdir file-permission

#Created a file
touch file-permission.txt

# command to view the specific file on the system
ls -ltr | grep -E file-permission

Output

Task 2: An article about File Permissions based on your understanding from the notes.

Wrote the article separately, and the following link has the full article.

Mastering Linux File Permissions

Task 3: About ACL and try out the commands getfacl and setfacl

Access Control Lists (ACLs) are an advanced file permission mechanism used in Linux to provide more granular control over file and directory access.

While traditional Unix file permissions only allow for three categories of users (owner, group, and others) with three permissions (read, write, and execute), ACLs provide a more flexible approach by allowing the creation of more user-defined groups, each with its own set of permissions.

The getfacl command can be used to retrieve the ACLs for a file or directory, while setfacl can be used to set or modify the ACLs. Here are some examples of how to use these commands:

To view the ACLs for a file, run:

getfacl file-permission.txt

#Output

# file: file-permission.txt
# owner: devbox
# group: devbox
user::rw-
group::rw-
other::r--

To view the ACLs for a directory and all of its contents, run:

getfacl -R file-permission

#Output

# file: file-permission
# owner: devbox
# group: devbox
user::rwx
group::rwx
other::r-x

To set the default ACL for a directory so that all new files and subdirectories created in it inherit the same permissions, run:

setfacl -d -m u:myuser:rwx,g:mygroup:r-x,o::rx file-permission/

#output

ls -la | grep -E file-permission
drwxrwxr-x+  2 devbox devbox  4096 Mar 26 03:44 file-permission
-rw-rw-r--   1 devbox devbox     0 Mar 26 03:48 file-permission.txt

To add a new user to an existing ACL, granting them read and write access to a file, run:

setfacl -m u:dev-newuser:rw file-permission.txt

#Output

sudo useradd dev-newuser
setfacl -m u:dev-newuser:rw file-permission.txt
getfacl -R file-permission.txt
# file: file-permission.txt
# owner: devbox
# group: devbox
user::rw-
user:dev-newuser:rw-
group::rw-
mask::rw-
other::r--

ACLs can provide a more fine-grained approach to file permissions in Linux, and the getfacl and setfacl commands are useful tools for managing them.

#90daysofdevops#90daysofdevops-chanllenge#devops
13 views

90DayToDevOps Challenge

Part 3 of 6

Join us in the DevOps community challenge that Shubham Londhe started, beginning on January 1st, 2023. This challenge is designed to provide a supportive environment for all DevOps enthusiasts.

Up next

Advanced Linux Shell Scripting for DevOps Engineers with User management

90dayofdevops day 5

More from this blog

Untitled Publication

30 posts