Permissions and Ownership:

  • Control who can read, write or execute files and directories.
  • Manage user and group ownership to restric or grant access to resources.
  • More importantly, secure sensitive data and maintain system integrity.

Change Mode (chmod)

chmod is used to modify the read, write and execute permissions of files and directories for the owner, group and others.

chmod [options] [mode] [file/directory]

There are two modes to pass the permissions:

  • Numeric: chmod 755 file
  • Symbolic: chmod u+x file

Note: read=4, write=2, & execute=1; We can enter numbers in octal format for changing permissions.

Change Owner (chown)

chown is used to change the owner and/or group of a file or directory.

chown [options] [owner][:group] [file/directory]

Note: We can change the group and owner by using chmod ownerName:groupName and can change just the group by using chmod :groupName.

Change Group (chgrp)

chgrp is used to change the group ownership of a file or directory.

sudo chgrp [options] [group] [file/directory]

We don’t actually need this command in most cases, we easily do the same thing by using chown.

Subcommands/Flags For chmod, chown & chgrp

  • -R: Recursively change permissions for directories and their contents.
  • -v: Verbose output.
  • -c: Like verbose, but only shows files that were changes.
  • -f: Suppress most error messages.
  • --reference=RFILE: Set permissions to match those of a reference file.

Access Control List

An Access Control List (ACL) is a list of permissions or rules that specify which user or systems are granted or denied access to a particular object or system resource, such as files, directories, or network traffic.

ACLs are fundamental for security and access management in operating systems, allowing administrators to control who can read, write and execute or delete resources.

Essential Command

For filesystems, the command to view or

getfacl

To set ACL is:

setfacl

Subcommand (Options/Flags)

  • getfacl
    • -a or --access: Display the file access control list.
    • -d or --default: Diplay the default ACL for directories
    • -R or --recursive: Apply recursively to all files and directories.
  • setfacl
    • -m or --modify: Modify an existing ACL.
    • -x or --remove: Remove an ACL entry.
    • -b or --remove-all: Remove all extended ACL entries.
    • -k or --remove-default: Remove the default ACL.
    • -R or --recursive: Apply recursively.

Example

  1. Viewing ACLs on a File
getfacl file.ext
  1. Setting an ACL on File
setfacl -m u:<username>:rwx file.ext #-m modify
  1. Setting a default ACL on a Directory
setfacl -d -m u:<username>:rwx file.ext
  1. Removing an ACL Entry
setfacl -x u:username /path/to/file

Special Permission (Must Know!!)

Each permission is assigned a numberical value; read(4), write(2), execute(1). So, when you enter the command ls -l and see the output beside the files/directories.

You will see something like this value, drwxrw-r--. This means, 761 in octal. d means directory. If it’s a file, it shows - hyphen instead.

  1. Sticky Bit:

When set on a directory, only the owner of a file (or root) can delete or rename files within that directory, even if others have write permission.

  1. Set Group ID (setgid):

For directories, files/directories created within the directory will inherit the group ownership of the parent directory. For executable files, they run with the group permissions of the file’s group.

  1. Set User ID (setuid):

For executable files, they run with the permissions of the file’s owner(often root).

Symbolic Notation of Special Permissions

Sticky Bit:

chmod +t directory

Set Group ID (setgid):

chmod g+s dir/file

Set User ID (setuid):

chmod u+s dir/file

Octal Notation of Special Permissions

  • Sticky Bit: 1 (chmod 1777 directory)
  • setgid: 2 (chmod 2777 directory)
  • setuid: 4 (chmod 4777 directory)

Summary Table

PermissionSymbolic NotationOctal Notation
Sticky Bitchmod +tchmod 1777
setgidchmod g+schmod 2777
setuidchmod u+schmod 4777