Linux File Permissions: Comprehensive Guide

Day 6 :- TASK

• Understanding File Permissions:

- Create a simple file and run ls -ltr to see the details of the files. Refer to Notes
  - Each of the three permissions are assigned to three defined categories of users. The categories are:
    - Owner: The owner of the file or application.
      - Use chown to change the ownership permission of a file or directory.
    - Group: The group that owns the file or application.
      - Use chgrp to change the group permission of a file or directory.
    - Others: All users with access to the system (outside the users in a group).
      - Use chmod to change the other users' permissions of a file or directory.
  - Task: Change the user permissions of the file and note the changes after running ls -ltr.
    
    • What is file permissions ?
    
    file permissions determine who can read, write, or execute a file. These permissions are represented by a combination of letters and symbols and are divided into three categories: owner user, group, and others users.
    1. Owner user: The user who owns the file.
    2. Group: The group that owns the file.
    3. Others users: All other users.

Each category has three types of permissions:

Read (r): Permission to read the file.
Write (w): Permission to modify the file.
Execute (x): Permission to execute the file (if it is a script or a program).

The permissions are displayed using the ls -l command, which shows a string of 10 characters. For example:

You can see in this image drwxrwxr -> in there d stand for directory and if there is (-) means it is a file

Truth table for permission:-

1 means ture and 0 means false

how to change file permission

How to change owner
```
  chown #username #filename
```

How to change group

chgrp #groupname #file name

How to change file permissiom

chmod #value #filename

• Access Control Lists (ACL):

- Read about ACL and try out the commands getfacl and setfacl.
  - Task: Create a directory and set specific ACL permissions for different users and groups. Verify the permissions using getfacl.

Access Control Lists (ACL) provide a more flexible permission mechanism for file systems by allowing you to set permissions for individual users or groups beyond the standard owner, group, and others.

Steps to Use ACL:

Create a Directory:

 mkdir acl  #first install acl usign sudo apt install acl

Set ACL Permissions: Use the setfacl command to set specific ACL permissions. For example, to give read and write permissions to user user1 and read permissions to group group1:
```
 setfacl -m u:user1:rw my_directory
 setfacl -m g:group1:r my_directory
```
Verify ACL Permissions: Use the getfacl command to verify the ACL permissions set on the directory:
```
 getfacl my_directory
```
• Additional Tasks:

Task: Create a script that changes the permissions of multiple files in a directory based on user input.
Task: Write a script that sets ACL permissions for a user on a given file, based on user input.

#!/bin/bash

read -p "Enter path:" path
read -p "Enter permission:" permission

#!/bin/bash


read -p "Enter file path:" path
read -p "Enter username:" user
read -p "Enter permission(Ex:-rw,r,w):" permission

sudo setfacl -m u:$username:$permission $path

• Understanding Sticky Bit, SUID, and SGID:

Read about sticky bit, SUID, and SGID.
Task: Create examples demonstrating the use of sticky bit, SUID, and SGID, and explain their significance.

Sticky Bit, SUID, and SGID are special types of file permissions in Unix-like operating systems that provide additional security and functionality.

Sticky Bit:

Purpose: The sticky bit is used on directories to restrict file deletion. When the sticky bit is set on a directory, only the file's owner, the directory's owner, or the root user can delete or rename the files within that directory.
Usage Example: Commonly used on directories like /tmp to prevent users from deleting each other's files.
Command to Set:chmod +t directory_name
Example:
```
  mkdir /tmp/testdir
  chmod +t /tmp/testdir
  ls -ld /tmp/testdir
```
The output will show a t at the end of the permissions string, indicating the sticky bit is set.

SUID (Set User ID):

Purpose: When the SUID bit is set on an executable file, it allows the file to be executed with the permissions of the file owner, rather than the user running the file. This is often used to allow users to execute programs with elevated privileges.(if there s in permission then any user can execute file cause that assume as root,if anyone will execute file this will say that rot user did it)
Usage Example: Commonly used on programs like passwd to allow users to change their passwords.
Command to Set:chmod u+s file_name
Example:
```
  chmod u+s /path/to/executable
  ls -l /path/to/executable
```
The output will show an s in the owner's execute position, indicating the SUID bit is set.

SGID (Set Group ID):

Purpose: When the SGID bit is set on a directory, new files and subdirectories created within inherit the group ID of the directory, rather than the primary group of the user who created the file. When set on an executable, it allows the file to be executed with the permissions of the group owner.
Usage Example: Useful for collaborative directories where files need to be accessible by a specific group.
Command to Set:chmod g+s directory_name or chmod g+s file_name
Example:
```
  mkdir /shared
  chgrp somegroup /shared
  chmod g+s /shared
  ls -ld /shared
```
The output will show an s in the group's execute position, indicating the SGID bit is set.

• Backup and Restore Permissions:

Task: Create a script that backs up the current permissions of files in a directory to a file.
Task: Create another script that restores the permissions from the backup file.

#!/bin/bash


read -p "Enter path of directory" dir

getfacl -R $dir >> file.txt
echo "permisson backup successfully"

#!/bin/bash

echo "Enter file of path:"
read backup

setfacl --restore=$backup
echo "Permission restored successfully"

Thank you for reading!

Day 6 Task :- 🔐 Understanding and Managing File Permissions in Linux: A Comprehensive Guide 📁

Table of contents