Photo by Muhammad Zaqy Al Fattah on Unsplash
Linux-> File Permissions
chmod | Access Control List | SUID
File Permissions are an important concept in Linux-based operating systems. Since Linux considers everything as files and directories and our files and folders must be provided sufficient access privileges based on the type of user.
chmod command is used to change the permissions according to the type of user.
There are three types of users:
a) u: stands for the user, the logged-in person who creates the file or directories. eg) developer,tester, etc.
b) g: stands for the group, multiple users that can access the file or directories. eg) dev group, test group etc.
c) o: stands for others, people who do not created file nor present in group but anyone globally.
In the following example, we created a file "example" with user "mohitk" and assign execute permission. For each permission we have a numeric value
| permission | symbol | numeric value |
| read | r | 4 |
| write | w | 2 |
| execute | x | 1 |
| Operator | Description |
| + | Adds a permission to file/dir |
| - | Removes the permission |
| \= | Sets and overrides the past permissions |
In the following example, we created file, checked it's permission using ls -l and then changed its permission using operators and again rechecked the changed permissions.
We can also use octal representation to change permission beside using symbolic representation.
In the following example we granted all permission (4+2+1=7) to user (4+1=5) to group and (4+2=5) to others.
Ever wondered how system decides the default permissions everytime it creates a new file or directory? Let's see in the next section
Here, we changed umask to 0222 from 0002 and when file test was created it had default permission 0444 instead of 0664.
Maximum possible permissions that linux can assign to file is 0666 and to directory is 0777. The default umask value for user is 0002 so when any file is created it has permission (Max - umask) ie. 0664 as evident in above image for file
Similarly, readers can explore umask for directory and find out default permission when file/directory is created.
SUID (Set User ID) vs FACL (File Access Control List)
SUID is used rarely, is a permission set on executable file so that it is run in accordance with permission reated to file/dir owner and not considering permission of user invoking the command.
ACL on the other hand is used very often, similar to chmod , is used to assign permission for multiple indiviual users,groups. We will discuss this command in detail.
Here, using getfacl <filename> we checked our ACL (details of user/group who have access to file/dir). We wanted ajay to write something in our file so we grant him permission to write in file using setfacl command
References