Understanding ACL And chmod in Linux: Key Commands Explained

Understanding ACL And chmod in Linux: Key Commands Explained

Day 6 : How to Use ACL and chmod in Linux

What is ACL ?

  • Access control list (ACL) provides an additional, more flexible permission mechanism for file systems.

  • It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource.

  • Access Control Lists (ACLs) provide a more detailed and flexible permission system than the standard Unix permissions (i.e., user, group, and others).

  • They allow fine-grained control over file and directory permissions, enabling you to specify permissions for individual users or groups beyond the traditional three categories.

Use of ACL :

  • Think of a scenario in which a particular user is not a member of group created by you but still you want to give some read or write access, how can you do it without making user a member of group, here comes in picture Access Control Lists, ACL helps us to do this trick.

  • Basically, ACLs are used to make a flexible permission mechanism in Linux.

  • From Linux man pages, ACLs are used to define more fine-grained discretionary access rights for files and directories.

  • setfacl and getfacl are used for setting up ACL and showing ACL respectively.

Key Concepts of ACLs:

  1. User (u): The owner of the file.

  2. Group (g): The group associated with the file.

  3. Others (o): All other users.

  4. Mask: Defines the maximum effective permissions for users other than the file owner.

  5. ACL Entry: A specific permission entry for a user or group.

ACL Types:

  • Access ACL: Applies to files and directories for defining access rights.

  • Default ACL: Used with directories to define default permissions for new files created inside the directory.

Basic ACL Commands

  • Viewing ACLs for a File or Directory:

    • Use the getfacl command to view ACLs:

        getfacl file_or_directory
      
  • Setting ACL for a User:

    • To give a user specific permissions on a file:

        setfacl -m u:username:rwx file_or_directory
      
    • -m modifies the ACL, u is for user, and rwx sets read, write, and execute permissions.

  • Setting ACL for a Group:

    • To give a group specific permissions:

        setfacl -m g:groupname:rw file_or_directory
      
  • Removing ACL for a User:

    • To remove a specific ACL entry for a user:

        setfacl -x u:username file_or_directory
      
  • Setting Default ACL on Directories:

    • When you want all new files or subdirectories created in a directory to inherit certain ACLs:

        setfacl -m d:u:username:rwx directory_name
      
  • Removing All ACLs:

    • To remove all ACL entries for a file:

        setfacl -b file_or_directory
      

What is The chmod ?

  • The chmod short for "change mode".

  • command is used to change the permissions of files and directories.

These permissions apply to three categories of users:

  1. Owner: The user who owns the file or directory.

  2. Group: Users who are part of the file’s group.

  3. Others: All other users on the system.

Permission Types:

  • Read (r): Permission to read the contents of a file or list the contents of a directory.

  • Write (w): Permission to modify the contents of a file or add/remove files in a directory.

  • Execute (x): Permission to execute a file (e.g., a script or program) or traverse a directory.

Basic chmod Commands :

1. chmod

– To change the access permission of a file.

  • Explanation: chmod is the command used to change or modify the access permissions of files or directories.

  • Syntax: chmod [permissions] [filename]

  • It allows you to specify which users can read, write, or execute a file/directory.

2. chmod o+w filename

– Adds write permission for others.

  • Explanation: This command adds write permission for the “others” category (everyone who is not the file owner or a member of the group).

  • Symbol Breakdown:

    • o: Represents "others."

    • +w: Adds the write permission.

3. chmod o+r filename

– Adds read permission for others.

  • Explanation: This command adds read permission for "others."

  • Symbol Breakdown:

    • o: Represents "others."

    • +r: Adds the read permission.

4. chmod o+rwx filename

– Adds read, write, and execute permissions for others.

  • Explanation: This command gives the "others" category full access to the file (read, write, and execute permissions).

  • Symbol Breakdown:

    • o: Represents "others."

    • +rwx: Adds read (r), write (w), and execute (x) permissions.

5. chmod o-x filename

– Removes execute permission for others.

  • Explanation: This command removes the execute permission for "others."

  • Symbol Breakdown:

    • o: Represents "others."

    • -x: Removes the execute permission.

6. chmod u+rwx filename

– Adds read, write, and execute permissions for the user (owner).

  • Explanation: This command gives the user (file owner) full permissions on the file.

  • Symbol Breakdown:

    • u: Represents the user (owner of the file).

    • +rwx: Adds read (r), write (w), and execute (x) permissions.

7. chmod g+rwx filename :

– Adds read, write, and execute permissions for the group.

  • Explanation: This command gives the group full permissions on the file.

  • Symbol Breakdown:

    • g: Represents the group.

    • +rwx: Adds read (r), write (w), and execute (x) permissions.

comparison between ACL and chmod :

FeaturechmodACL (Access Control List)
Basic FunctionalityManages permissions for Owner, Group, OthersProvides fine-grained control for multiple users and groups
Permission Categories3 categories: Owner, Group, OthersUnlimited users and groups can be specified
Permission GranularitySimple: Read, Write, Execute for Owner, Group, OthersFlexible: Specific permissions for individual users and groups
SyntaxSimple, uses symbolic or numeric modesMore complex, managed via setfacl and getfacl
Examplechmod 755 file.txtsetfacl -m u:username:rwx file.txt
ComplexityEasy to use for basic permission managementMore complex but allows detailed control
Default BehaviorPermissions apply immediately, recursive option availableDefault ACLs can be set on directories for inheritance
Use CasesBest for simple permission setupsIdeal for complex environments with multiple user access requirements
Backward CompatibilitySupported by all Unix-like systemsNot supported by all file systems without configuration
Viewing PermissionsUse ls -l to view basic permissionsUse getfacl to view ACLs
Command for Modificationchmod u=rwx,g=rx,o=r file.txtsetfacl -m u:john:rw file.txt
Recursion SupportSupported with -R optionSupported with default ACLs
LimitationsCannot provide different permissions to multiple users/groupsNo such limitation; allows custom access per user/group

Conclusion :

chmod and Access Control Lists (ACL) play a vital role in Linux file and directory permission management. While chmod provides a simple and efficient way to manage basic file permissions, ACLs offer finer-grained control, allowing specific users or groups to have more complex access configurations. Understanding the use cases and commands for both tools is essential for system administrators to effectively manage user permissions and secure the system.