In the Linux system, we can assign different permissions to different files and directories using the chmod command and change the ownership of a file using the chown command while ACL was created so that regular users could share their files and directories with certain specific users and groups.
chmod
, which stands for "change mode," is a command used to modify file permissions in Linux. File permissions determine who can read, write, or execute a file or directory. The basic syntax of chmod
is as follows:
chmod permissions filename
There are different permissions like read(r), write(w) and execute(x). The permission can be represented in octal numbers or in symbolic representation. Here Read is assigned 4, 2 for write, and 1 for execute. For example, for a file full permission can be represented with 777 value or rwxrwxrwx value. It shows that the owner, group, and other users have full permission i.e. read, write, and execute the particular file. Let's understand from the practical.
Let's create a directory and a text file named "demo" and see the default permission in the file.
We can see in the above screenshot permission for demo directory is drwxrwxr-x i.e. 775 and for the demo text file is -rw-rw-r-- i.e. 644
Let's change the permission on each and see the changes.
We changed the permission for the demo directory to "644" which means the owner has read+write permission, group and others have only read permission. In another command, we changed the permission of the demo.txt file, in addition to previous permissions, the owner(o) has added execute(x) permission, no change for the group though we gave g+r it is already available previously and other has added write and execute permission. In this way, we can symbolically assign permission to any file.
chown
The chown
command, short for "change owner," is used to change the ownership of files and directories in Linux. Ownership includes the user and group associated with a file or directory. The basic syntax for chown
is:
chown owner:group filename
Let's change the ownership of demo.txt practically.
Previously the owner and group assigned for demo.txt were subash: subash. But now the owner and group assigned are user1 and user1. Here you can see a regular user can't change that ownership, only the root user has permission.
Access Control with ACL
While chmod
and chown
provide robust basic file permission and ownership control, there are situations where you need more fine-grained access control. This is where Access Control Lists (ACLs) come into play. ACLs allow you to set permissions for multiple users and groups on a single file or directory.
To add an ACL to a file or directory, you can use the setfacl
command:
setfacl -m u:user:permissions,g:group:permissions,o:other:permissions filename
Using getfacl, we can view all the details of a file i.e. owner, group, and permissions. Using setfacl we assigned the different permissions and the differences can be viewed in the above output file.
Practical Use Cases
Now that we understand the basics of chmod
, chown
, and ACL, let's explore some practical use cases where these commands shine:
Securing Sensitive Files: We can use
chmod
and ACL to restrict access to sensitive data files.Collaborative Development: When working on group projects,
chown
and ACL helps manage file ownership and permissions among team members.Multi-User Systems: On multi-user systems,
chmod
,chown
, and ACL plays a vital role in maintaining data privacy and security.Managing Web Servers: When running web servers like Apache or Nginx, you can use these commands to control file permissions for web applications.
Happy Learning!!