Linux - Lab 7: File and Directory permissions

Lab 7: File and Directory permissions

In Lab 7: File and Directory Permissions, participants typically focus on understanding and managing access control in a Linux environment. This lab involves working with commands such as chmod to modify file and directory permissions, chown to change ownership, and chgrp to modify group ownership. Participants may explore the concepts of read, write, and execute permissions for users, groups, and others. The lab aims to provide hands-on experience in manipulating and securing file permissions to control access and protect sensitive data. Successful completion of Lab 7 equips participants with the essential skills to configure precise access controls, ensuring the confidentiality and integrity of files and directories in a Linux system.


Some useful commands:

#To change user ownership of directory
chown john /home/john     

#To change permission level of directory
chmod 700 /home/john    

#To change permission level of directory and subdirectories recursively 
chmod –R (permission level)     

#Show current umask

#Change umask                
umask 077  

Example of changing permissions using alphabetical method:

#Assign write permission to others and deny read permission to group category
chmod o+w,g-r /data 

Sticky-bit commands:

#Apply sticky-bit to /data directory
chmod 1777 /data      

#Apply sticky-bit to /data directory 
chmod  +t /data             

#Remove sticky-bit from /data directory 
chmod -t /data  

Change ownership of file/directory

chown ajay /abc.txt

Change group ownership of file/directory

chgrp accounts /data

Change both user ownership and group ownership of file/directory

chown ajay.accounts /data

Change ownership of directories recursively

chown -R ajay.accounts /data

Change permissions of a directory recursively

chmod 770 /data -R

File Access Lists

#To set FACL for a user on a file/directory
setfacl –m u:jane:rwx /fileordirectory

#To set FACL for a user on a file/directory
setfacl –m g:sales:rwx /fileordirectory

#To check FACL for a file/directory
getfacl /fileordirectory

#To remove a particular FACL policy
setfacl –x u:jane /fileordirectory

#To remove entire FACL from file/directory
setfacl  -b /fileordirectory