Amitabh soni's Blog
Day 06: Mastering File Permissions, ACLs, and More in Linux!

Day 06: Mastering File Permissions, ACLs, and More in Linux!

Amitabh soni's photo
Amitabh soni
·

4 min read

Table of contents

Welcome to Day 06 of my #90DaysOfDevOps challenge! Today, I explored one of the most essential aspects of Linux: file permissions, Access Control Lists (ACLs), and special bits like Sticky Bit, SUID, and SGID. I also implemented scripts for automation and wrote about the significance of permissions in system administration. Here's a comprehensive look at what I achieved today.

Understanding File Permissions

Linux assigns permissions to files and directories to ensure security and controlled access. These permissions are divided into three categories:

  1. Owner

    • The user who owns the file.

    • Use the chown command to change ownership of files or directories.

  2. Group

    • The group assigned to the file.

    • Use chgrp to modify the group ownership.

  3. Others

    • All users outside the owner and group.

    • Use chmod to update permissions for others.

After updating permissions, the results can be verified using ls -ltr.

- Task: Change the user permissions of the file and note the changes after running ls -ltr.

Access Control Lists (ACLs)

ACLs provide fine-grained permissions for users and groups beyond the traditional file permissions.

Commands:

  • getfacl: View ACLs on a file or directory.

  • setfacl: Modify ACLs for a file or directory.

I referred to this guide to deepen my understanding.

Practical Task:

  • Created a directory and assigned specific ACL permissions to users and groups.

  • Verified the permissions using getfacl.

Automation with Scripts

1. Changing Permissions for Multiple Files

I wrote a script to change permissions for all .txt files in a given directory based on user input.

Script:

#!/bin/bash

<<Info
Author      : Amitabh Soni
Date        : 28/11/24
Description : This script changes the permissions of all .txt files in a directory based on user input.
Info

read -p "Enter the directory name: " dir_name
read -p "Enter permission value (numeric, e.g., 755): " num_value_per

if [[ ! -d "$dir_name" ]]; then
  echo "Error: Directory '$dir_name' does not exist."
  exit 1
fi

txt_files=("$dir_name"/*.txt)
if [[ ! -e "${txt_files[0]}" ]]; then
  echo "Error: No .txt files found in directory '$dir_name'."
  exit 1
fi

sudo chmod "$num_value_per" "$dir_name"/*.txt
if [[ $? -eq 0 ]]; then
  echo "Permissions changed successfully for all .txt files in '$dir_name'."
else
  echo "Failed to change permissions for .txt files in '$dir_name'."
fi

Output:
Successfully updated permissions for .txt files.

2. Setting ACL Permissions via Script

This script sets ACL permissions for a user on a specified file.

Script:

#!/bin/bash

<<Info
Author      : Amitabh Soni
Date        : 28/11/24
Description : This script sets ACL permissions for a user on a given file, based on user input.
Info

read -p "Enter username: " user
read -p "Enter a file path: " file_path
read -p "Enter the permission for user (e.g., rwx): " per

if [[ ! -e "$file_path" ]]; then
   echo "Error: File '$file_path' does not exist."
   exit 1
fi

setfacl -m u:$user:$per "$file_path"
if [[ $? -eq 0 ]]; then
   echo "ACL permissions set successfully for user '$user' on file '$file_path'."
else
   echo "Failed to set ACL permissions for user '$user' on file '$file_path'."
fi

Output:
ACL permissions set successfully.

Special Permissions: Sticky Bit, SUID, SGID

  1. Sticky Bit
    Prevents users from deleting files they do not own in shared directories.

  2. SUID (Set User ID)
    Runs executables with the permissions of the file owner.

  1. SGID (Set Group ID)
    Runs executables with the permissions of the group owner.

Backing Up and Restoring Permissions

Backup Permissions

This script saves the current ACLs of a directory to a file.

Script:

#!/bin/bash

<<Info
Author      : Amitabh Soni
Date        : 28/11/24
Description : Creating a script that backs up the current permissions of files in a directory to a file.
Info

read -p "Enter the directory path to backup permissions: " dir_path

if [[ ! -d "$dir_path" ]]; then
   echo "Error: The directory '$dir_path' does not exist."
   exit 1
fi

getfacl -R "$dir_path" > permission_backup.txt
if [[ $? -eq 0 ]]; then
   echo "Permissions backed up successfully to permission_backup.txt"
else
   echo "Failed to backup permissions."
fi

Output:
Permissions backed up successfully.

Restore Permissions

This script restores permissions from a backup file.

Script:

#!/bin/bash

<<Info
Author      : Amitabh Soni
Date        : 28/11/24
Description : Script to restore file permissions from a backup file.
Info

read -p "Enter the backup file path: " backup_file

if [[ ! -f "$backup_file" ]]; then
   echo "Error: The backup file '$backup_file' does not exist."
   exit 1
fi

setfacl --restore="$backup_file"
if [[ $? -eq 0 ]]; then
   echo "Permissions restored successfully from $backup_file"
else
   echo "Failed to restore permissions."
fi

Output:
Permissions restored successfully.

Conclusion

Today’s tasks were an insightful journey into Linux file permissions and ACLs. The practical knowledge gained will be invaluable for managing secure environments in real-world DevOps scenarios.

Let me know your thoughts, suggestions, or queries in the comments! 🚀

DevopsLinuxAWSacl#90daysofdevops