Day 6
File Permissions and Access Control Lists

Day 6 File Permissions and Access Control Lists

On Day 6, of #90 Days of DevOps challenge. Let's Deep dive into File Permissions and ACLs.


Create a simple file and do ls -ltr to see the details of the files.

File Permissions :

File permissions are core to the security model used by Linux systems. They determine who can access files and directories on a system and how

To create a simple file and view the File Permissions:

Let's create a simple file "file1.txt" and check out its details using the "ls -ltr" command. This will help us understand more about File Permissions.

cat > file1.txt
this is simple text file

The ls command along with its -l (for long listing) option will show you metadata about your Linux files, including the permissions set on the file.

[root@ip-172-31-6-64 ~]# ls -ltr
total 9056
-rw-r--r--  1 root root 9258617 Jun 26 11:09 apache-maven-3.9.3-bin.tar.gz
drwxr-xr-x  7 root root     252 Jul 11 06:39 django-notes-app
drwxr-xr-x 77 root root    4096 Aug  3 17:26 newD
-rw-r--r--  1 root root      25 Aug  8 18:54 test1
-rw-r--r--  1 root root      20 Aug  8 19:20 file1.txt

File permissions are represented using a three-character string, where each character corresponds to the access rights for the owner, group, and others, respectively. The three characters are arranged in the order: of owner-group-others. Each character can take one of the following values:

As shown in the below example file1.txt, permission of owner are rw- which means owner has only read and modify permission but not execute permission of a file. permission of group is r-- only read and no modify and execute permission. Similarly, others also have read permission.

-rw-r--r--  1 root root      20 Aug  8 19:20 file1.txt
  • 'r': Read permission (4)

  • 'w': Write permission (2)

  • 'x': Execute permission (1)

'-': No permission (0)

Changing Permissions

To change the file or the directory permissions, you use the chmod (change mode) command. There are two ways to use chmod — Symbolic mode and Absolute mode.

Symbolic mode:

Here the example for symbolic mode, we are adding write and execute permissions for the group to the file1.txt.






Adds the designated permission(s) to a file or directory.



Removes the designated permission(s) from a file or directory.



Sets the designated permission(s).

chmod g+wx file1.txt
ls -l file1.txt
-rw-rwxr--  1 root root      20 Aug  8 19:20 file1.txt
chmod u-w file.txt
ls -l file1.txt
-r--rwxr--  1 root root      20 Aug  8 19:20 file1.txt

Using chmod with Absolute Permissions

The second way to modify permissions with the chmod command is to use a number to specify each set of permissions for the file.


Octal Permission



No permission



Execute permission



Write permission



Execute and write permission: 1 (execute) + 2 (write) = 3



Read permission



Read and execute permission: 4 (read) + 1 (execute) = 5



Read and write permission: 4 (read) + 2 (write) = 6



All permissions: 4 (read) + 2 (write) + 1 (execute) = 7


Here is the example using octal permission and can see result using ls-l.

chmod 756 file1.txt
#ls -l file1.txt
-rwxr-xrw-  1 root root      20 Aug  8 19:20 file1.txt

Changing Ownership and Permissions:

To change the file owner and group, we use the chown command in the Linux operating system. Linux is a multiuser operating system so every file or directory belongs to an owner and group.

chown owner_name file_name

To change the group of the file:

In this example, the group1 group is assigned as the group of file1.txt


chown :group1 file_name


Access Control Lists (ACLs) provide access control to directories and files. ACLs can set read, write, and execute permissions for the owner, group, and all other system users.

An ACL consists of a set of rules that specify how a specific user or group can access ACL-enabled files and directories. A regular ACL entry specifies access information for a single file or directory. A default ACL entry is set on directories only and specifies the default access information for any file within the directory that does not have an access ACL.

Viewing the ACL

ACLs allow us to apply a more specific set of permissions to a file or directory without (necessarily) changing the base ownership and permissions. They let us "tack on" access for other users or groups.

We can view the current ACL using the getfacl command:

getfacl  filename

Setting an ACL

The syntax for setting an ACL is setfacl command:

setfacl [option] [specification] filename

The 'action' would be -m (modify) or -x (remove), and the specification would be the user or group followed by the permissions we want to set. In this case, we would use the option -d (defaults). So, to set the default ACL for this directory, we would execute:

[root] # setfacl -d -m siri :rwx /directo1

Thank you.