Devoperation

Controlling Access in Linux!

A Comprehensive Guide for Linux Users.

Rohit Gupta's photo
Rohit Gupta
·

2 min read

Controlling Access in Linux!

Table of contents

What are File Permissions?

File permissions are core to the security model used by Linux systems. They determine who can access files and directories on a system and how. When the system is looking at a file's permissions to determine what information to provide you when you interact with a file, it runs through a series of checks:

  • It first checks to see whether you are the user that owns the file. If so, then you are granted the user owner's permissions, and no further checks will be completed.

  • If you are not the user that owns the file, next your group membership is validated to see whether you belong to the group that matches the group owner of the file. If so, then you're covered under the group owner field of permissions, and no further checks will be made.

  • "Others" permissions are applied when the account interacting with the file is neither the user owner nor the group that owns the files. Or, to put it another way, the three fields are mutually exclusive: You can not be covered under more than one of the fields of permission settings on a file.

Each of the three permissions is assigned to three defined categories of users. The categories are:

Owner - The owner of the file or application "chown" is used to change the ownership permission of a file or directory.

Group - The group that owns the file or application "chgrp" is used to change the group permission of a file or directory.

Others - All users with access to the system. (outside the user are in a group) "chmod" is used to change the other users permissions of a file or directory.

What are Access Control Lists (ACLs)?

Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource. Think of a scenario in which a particular user is not a member of a group created by you but still, wants to give some read or write access, how can you do it without making the user a member of the group, here comes in picture Access Control Lists, ACL helps us to do this trick.

ACLs are used to make a flexible permission mechanism in Linux. From Linux man pages, ACLs are used to define more fine-grained discretionary access rights for files and directories.

Linuxlinux for beginnerslinux-basicslinux-commandslinux kernel