Task: Understanding File Permissions and Access Control Lists (ACLs)
Today’s focus is on learning and implementing Linux file permissions and ownership. Linux permissions play a crucial role in determining who can access or modify files and directories, which is a core concept for anyone working with Linux systems. Let’s break down today’s tasks and dive into the practical aspects of managing file permissions and ACLs.
Task 1: Understanding File Permissions
The Linux file system assigns permissions to three categories of users: the Owner, Group, and Others. Each of these categories has different levels of access to a file or directory.
Owner: The creator or owner of the file. They have the most control.
You can change the ownership of a file using the
chowncommand. For example:sudo chown username filename
Group: A group of users that can share access to the file.
You can change the group that owns the file using
chgrp:sudo chgrp groupname filename
Others: This refers to all users on the system who aren’t the owner or part of the group. Their access can be restricted or opened using the
chmodcommand.You can change the permissions of others like this:
chmod o+r filename # Grants read permission to others
Task:
Create a simple file using a text editor or the
touchcommand:touch samplefile.txtUse
ls -ltrto display the details of the file and examine the current permissions.Modify the user permissions using
chmod,chown, orchgrpand note the changes by runningls -ltragain.
Task 2: Access Control Lists (ACL)
Access Control Lists (ACLs) provide more fine-grained control over file permissions, allowing you to assign specific permissions to individual users or groups. While the default Linux permissions only allow for one owner, one group, and others, ACLs allow more flexibility.
You can view the current ACL of a file using the
getfaclcommand:getfacl filenameTo set ACLs, use the
setfaclcommand:setfacl -m u:username:rwx filename # Grants rwx permissions to a specific user
Task 3: Scripting Permissions Management
Automating permission changes can be handy when you need to update multiple files at once or manage ACLs for different users.
Task 1: Write a script that prompts the user for input and changes the permissions of all files in a directory. You can use a loop to apply
chmodorchowncommands to multiple files.Task 2: Write a script that sets ACL permissions for a specific user on a given file based on user input. For example, the script could ask which file and what permissions to assign, then use
setfaclto update the file’s ACL.
Certainly! Below are two Bash scripts that fulfill the tasks you mentioned:
Task 1: Change Permissions of All Files in a Directory
This script prompts the user for a directory path and the desired permissions, then applies the chmod command to all files in that directory.
#!/bin/bash
# Task 1: Change permissions of all files in a directory
# Prompt user for directory and permissions
read -p "Enter the directory path: " dir
read -p "Enter the permissions to set (e.g., 755): " permissions
# Check if the directory exists
if [[ -d "$dir" ]]; then
# Loop through all files in the directory
for file in "$dir"/*; do
# Check if it's a file and not a directory
if [[ -f "$file" ]]; then
chmod "$permissions" "$file"
echo "Changed permissions of $file to $permissions"
fi
done
else
echo "Directory does not exist."
fi
How to Run Task 1 Script:
Save the Script: Save this script as
change_permissions.sh.Make It Executable: Run
chmod +x change_permissions.sh.Execute the Script: Run
./change_permissions.shand follow the prompts.
Task 2: Set ACL Permissions for a Specific User on a Given File
This script prompts the user for a file, a username, and the permissions to assign, then uses the setfacl command to update the file's ACL.
#!/bin/bash
# Task 2: Set ACL permissions for a specific user on a given file
# Prompt user for file, user, and permissions
read -p "Enter the file path: " file
read -p "Enter the username to set ACL for: " user
read -p "Enter the permissions to assign (e.g., rwx): " permissions
# Check if the file exists
if [[ -f "$file" ]]; then
# Set the ACL for the specified user
setfacl -m u:"$user":"$permissions" "$file"
echo "Set ACL for user $user on $file with permissions $permissions"
else
echo "File does not exist."
fi
How to Run Task 2 Script:
Save the Script: Save this script as
set_acl_permissions.sh.Make It Executable: Run
chmod +x set_acl_permissions.sh.Execute the Script: Run
./set_acl_permissions.shand follow the prompts.
Task 4: Understanding Sticky Bit, SUID, and SGID
Sticky Bit, SUID, and SGID are advanced file permission settings in Linux:
Sticky Bit: Primarily used in shared directories (like
/tmp) to prevent users from deleting files they don’t own.Example:
chmod +t directoryname
SUID (Set User ID): When set on an executable, this allows the program to run with the file owner’s privileges, not the user’s.
Example:
chmod u+s executablefile
SGID (Set Group ID): Ensures that files created in a directory inherit the group of the directory, rather than the user’s primary group.
Example:
chmod g+s directoryname
Task 5: Backup and Restore File Permissions
Managing file permissions manually can be tedious, especially if you need to restore previous settings.
Task 1: Write a script that backs up the current permissions of all files in a directory to a file (using commands like
getfaclorstatto capture the information).Task 2: Write another script that reads the backup file and restores the saved permissions.
Certainly! Below are two Bash scripts that accomplish the tasks of backing up and restoring file permissions.
Task 1: Backup Current Permissions
This script backs up the current permissions of all files in a specified directory into a backup file using the getfacl command.
#!/bin/bash
# Task 1: Backup current permissions of all files in a directory
# Prompt user for the directory and the backup file name
read -p "Enter the directory path to back up: " dir
read -p "Enter the name of the backup file: " backup_file
# Check if the directory exists
if [[ -d "$dir" ]]; then
# Create or clear the backup file
> "$backup_file"
# Loop through all files in the directory
for file in "$dir"/*; do
# Check if it's a file and not a directory
if [[ -f "$file" ]]; then
# Get the ACL for the file and append to the backup file
getfacl "$file" >> "$backup_file"
echo "Backed up permissions for $file"
fi
done
echo "Backup complete. Permissions saved to $backup_file."
else
echo "Directory does not exist."
fi
How to Run Task 1 Script:
Save the Script: Save this script as
backup_permissions.sh.Make It Executable: Run
chmod +x backup_permissions.sh.Execute the Script: Run
./backup_permissions.shand follow the prompts.
Task 2: Restore File Permissions
This script reads the backup file created in Task 1 and restores the permissions for each file.
#!/bin/bash
# Task 2: Restore file permissions from backup
# Prompt user for the backup file name
read -p "Enter the name of the backup file to restore from: " backup_file
# Check if the backup file exists
if [[ -f "$backup_file" ]]; then
# Read the backup file line by line
while IFS= read -r line; do
# Extract the filename from the line
filename=$(echo "$line" | awk '{print $3}')
# Check if the file exists
if [[ -f "$filename" ]]; then
# Restore the permissions using setfacl
setfacl --restore=<(echo "$line")
echo "Restored permissions for $filename"
fi
done < "$backup_file"
echo "Restoration complete."
else
echo "Backup file does not exist."
fi
How to Run Task 2 Script:
Save the Script: Save this script as
restore_permissions.sh.Make It Executable: Run
chmod +x restore_permissions.sh.Execute the Script: Run
./restore_permissions.shand follow the prompts.