Creating Users and Groups and changing their permission
ls -ltr
This command is used to check the permission of directory and files inside the current folder
remember the sequence:
rwx:421
r=read
w=write
x=execute
for folder/directory d is written in front of the syntax drwx-rwx-rwx
There are 3 sections in the above syntax:
first section of rwx is for user/creator
the numerical equivalence of rwx is 4+2+1=7
so if we want to give the user/owner the read write and execute permission we need to allot the numerical equivalence to 7
Second Section represent set of users in a single group
all those users in that group which are the part of creater users will have the access rights according to the numerical values.
Imagine the user/creator of file is ubuntu in this case and the ubuntu user is in common group with the other user named test_user and group name is test_group
now if we want to give read write access to the test_group of which the creator itself is a part of then we have to allot no 7
Let's go through the snippets below now to check this
Creating user1 using useradd command
Checking the user created in /etc/passwd file using the below command
Setting Password for the group using sudo passwd test_user1
Switching to test_user1
Check if the user has changed by typing the following commands
now lets try to access the directory of ubuntu user being test_user1
We will get this error while trying to access the redis_image directory
Adding test_user1 to group test_group
What is ACL ?
Access control list (ACL) provides an additional, more flexible permission mechanism for file systems. It is designed to assist with UNIX file permissions. ACL allows you to give permissions for any user or group to any disc resource.
Use of ACL :
Think of a scenario in which a particular user is not a member of group created by you but still you want to give some read or write access, how can you do it without making user a member of group, here comes in picture Access Control Lists, ACL helps us to do this trick.
Basically, ACLs are used to make a flexible permission mechanism in Linux.
setfacl and getfacl are used for setting up ACL and showing ACL respectively.
getfacl test/declarations.h
1) To add permission for user
setfacl -m "u:user:permissions" /path/to/file
2) To add permissions for a group
setfacl -m "g:group:permissions" /path/to/file
Example:
lets's add test_user1 permission for the file Docker inside my redis_image