File Permissions

 chmod — Change file permissions.

 chown — Change file owner and group.

 chgrp — Change group ownership of a file.

 setfacl — Set Access Control Lists (ACLs).

 getfacl — Display Access Control Lists (ACLs).

 umask — Set default permissions for new files.

Command: chmod
Definition:
The chmod command in Linux is used to change the permissions of a file or directory. It allows users to
define who can read, write, or execute a file. Permissions can be set for the file owner, group, and
others.

Pattern to Use:
chmod [options] mode file

Options:

1. -R — Recursively change permissions for directories and their contents.

2. -v — Verbose mode, show the changes made.

3. -c — Only change permissions if they are different.

4. --reference=RFILE — Use the permissions of RFILE as the reference for the change.

5. -f — Suppress most error messages.

6. --help — Display help information about the chmod command.

Mode:
Permissions are set using either symbolic mode or numeric (octal) mode.

 Symbolic Mode:

o r — Read permission.

o w — Write permission.

o x — Execute permission.
 o + — Add permission.

o - — Remove permission.

o = — Set exact permissions.

o Permissions can be assigned to:

 u — User (owner).

 g — Group.

 o — Others.

 a — All (user, group, others).

 Numeric (Octal) Mode:

o 0 — No permission.

o 1 — Execute permission.

o 2 — Write permission.

o 3 — Write and execute permissions.

o 4 — Read permission.

o 5 — Read and execute permissions.

o 6 — Read and write permissions.

o 7 — Read, write, and execute permissions.

Examples:

1. Add execute permission for the user: Command: chmod u+x file.txt
This adds the execute permission for the file owner (user).

2. Remove write permission for others: Command: chmod o-w file.txt

This removes the write permission for others (everyone else but the owner and group).

3. Set read, write, and execute permissions for the owner, and read and execute permissions for
the group and others (numeric mode): Command: chmod 755 file.txt
This sets the permissions as rwxr-xr-x.

4. Make a file executable for the user: Command: chmod +x script.sh

This adds execute permission for the user on script.sh.

5. Set read and write permissions for the owner and the group, and only read for others:
Command: chmod 664 file.txt
This gives rw-rw-r-- permissions.
 6. Apply changes recursively to directories and their contents: Command: chmod -R 755
/path/to/dir
This applies rwxr-xr-x permissions to all files and directories inside /path/to/dir.

7. Show the changes made: Command: chmod -v u+x file.txt

This shows a verbose output indicating that execute permission has been added to the file.

8. Use a reference file to change permissions: Command: chmod --reference=file1.txt file2.txt

This sets the permissions of file2.txt to match those of file1.txt.

9. Suppress error messages: Command: chmod -f u+w file.txt

This adds write permission for the user without showing any error messages.

10. Remove all permissions for others: Command: chmod o= file.txt

This removes all permissions for others on file.txt.

Command: chown
Definition:
The chown command in Linux is used to change the ownership of a file or directory. You can specify a
new owner and/or group for the file, allowing you to manage file permissions more effectively.

Pattern to Use:
chown [options] owner[:group] file

Options:

1. -R — Recursively change ownership of files and directories within a directory.

2. -v — Verbose mode, show the changes made.

3. -c — Only change ownership if it is different.

4. -f — Suppress error messages.

5. --reference=RFILE — Use the ownership of RFILE as the reference for the change.

6. --help — Display help information about the chown command.

Syntax for specifying owner and group:

 owner — New owner of the file (can be a user name or user ID).

 group — New group of the file (can be a group name or group ID).

o If no group is specified, only the owner is changed.

o If only the group is to be changed, the owner can be left empty (:group).
Examples:

1. Change the owner of a file: Command: chown user1 file.txt

This changes the ownership of file.txt to user1.

2. Change both owner and group of a file: Command: chown user1:group1 file.txt
This changes the ownership of file.txt to user1 and the group to group1.

3. Change ownership recursively for all files in a directory: Command: chown -R user1:group1
/path/to/dir
This changes the ownership of dir and all its contents to user1 and group1.

4. Verbose mode to show changes: Command: chown -v user1 file.txt

This will show the changes being made, confirming the new owner of the file.

5. Only change the group of a file: Command: chown :group1 file.txt

This changes the group of file.txt to group1 while keeping the current owner.

6. Suppress error messages: Command: chown -f user1 file.txt

This changes the owner of file.txt to user1 and suppresses any error messages if the file doesn't
exist or isn't accessible.

7. Use a reference file to change ownership: Command: chown --reference=file1.txt file2.txt

This changes the ownership of file2.txt to match the ownership of file1.txt.

8. Change the owner and group of all files in a directory: Command: chown -R user1:group1
/home/user/*
This recursively changes the owner and group for all files in /home/user.

9. Change owner and group of a file to the current user and group: Command: chown $USER:
$USER file.txt
This changes the owner and group of file.txt to the current user and group.

10. Change ownership of a directory without affecting files inside: Command: chown
user1:group1 /path/to/dir/
This changes only the ownership of the directory itself, not the files inside.

Command: setfacl
Definition:
The setfacl command in Linux is used to set Access Control Lists (ACLs) on files and directories. ACLs
provide a more flexible permission mechanism than the traditional owner-group-other model, allowing
you to grant or deny specific permissions to individual users or groups.
Pattern to Use:
setfacl [options] acl_specification file

Options:

1. -m — Modify ACL entries.

2. -x — Remove ACL entries.

3. -b — Remove all ACL entries (reset to default permissions).

4. -k — Remove only the default ACLs.

5. -R — Apply ACL changes recursively to directories and their contents.

6. -d — Set default ACLs for directories (applied to newly created files/directories inside).

7. --test — Test the command without making any changes.

8. --help — Display help information about the setfacl command.

Examples:

1. Grant read and write permissions to a user:

Command: setfacl -m u:username:rw file.txt
Grants read and write permissions to the user username for file.txt.

2. Grant execute permission to a group:

Command: setfacl -m g:groupname:x script.sh
Grants execute permission to the group groupname for script.sh.

3. Remove a user’s specific ACL entry:

Command: setfacl -x u:username file.txt
Removes the ACL entry for the user username on file.txt.

4. Set default ACLs on a directory:

Command: setfacl -d -m u:username:rw /path/to/directory
Ensures that all new files and subdirectories created in /path/to/directory will have read and
write permissions for the user username.

5. Set ACLs recursively on a directory and its contents:

Command: setfacl -R -m u:username:rw /path/to/directory
Grants read and write permissions to the user username for all files and subdirectories inside
/path/to/directory.

6. Remove all ACL entries from a file:

Command: setfacl -b file.txt
Resets file.txt to its default permissions, removing all ACLs.

7. Grant read and execute permissions to others:

Command: setfacl -m o:rx file.txt
Allows others to read and execute the file file.txt.
 8. Grant specific permissions using a mask:
Command: setfacl -m m:rw file.txt
Defines the maximum allowed permissions (read and write) for all ACL entries on file.txt.

9. View changes without applying them (test mode):

Command: setfacl --test -m u:username:r file.txt
Simulates granting read permission to username for file.txt without applying the change.

10. Remove only default ACLs from a directory:

Command: setfacl -k /path/to/directory
Clears the default ACL entries for /path/to/directory.

Command: getfacl
Definition:
The getfacl command in Linux is used to display the Access Control List (ACL) of files and directories. It
shows both the standard permissions and the additional ACL entries for a file or directory.

Pattern to Use:
getfacl [options] file

Options:

1. -a — Display access ACLs (default behavior).

2. -d — Display only default ACLs.

3. -c — Suppress comments in the output.

4. --omit-header — Do not show the header in the output.

5. -R — Recursively display ACLs for all files in a directory.

6. --help — Display help information for the getfacl command.

Examples:

1. Display ACLs for a file:

Command: getfacl file.txt
Displays the ACLs for the file file.txt, including both traditional permissions and extended ACL
entries.

2. Display ACLs for a directory:

Command: getfacl /path/to/directory
Shows the ACLs for /path/to/directory, including permissions for all specified users and groups.
 3. View only default ACLs of a directory:
Command: getfacl -d /path/to/directory
Displays the default ACLs for /path/to/directory.

4. Suppress comments in the output:

Command: getfacl -c file.txt
Outputs the ACL entries for file.txt without any comments in the result.

5. Display ACLs for all files in a directory recursively:

Command: getfacl -R /path/to/directory
Recursively shows ACLs for all files and subdirectories within /path/to/directory.

6. Exclude the header from the output:

Command: getfacl --omit-header file.txt
Displays the ACLs for file.txt without the descriptive header in the result.

7. Combine options to customize the output:

Command: getfacl -c --omit-header /path/to/file
Displays ACLs for /path/to/file without comments or headers.

8. Check default and access ACLs together:

Command: getfacl -d /path/to/directory && getfacl /path/to/directory
Displays both default and access ACLs for /path/to/directory.

Command: umask
Definition:
The umask command in Linux is used to set or display the default file permission mask for newly created
files and directories. It determines which permission bits will be disabled by default when files or
directories are created.

Pattern to Use:
umask [options] [mask]

Options:

1. No arguments — Displays the current umask value in octal.

2. -S — Displays the current umask value in symbolic notation (e.g., u=rwx,g=rx,o=rx).

3. Mask value (octal) — Specifies the new umask value to be applied (e.g., umask 022).

Examples:

1. Display the current umask value (octal):

Command: umask
Shows the current permission mask as a three-digit octal number.
2. Display the current umask value (symbolic):
Command: umask -S
Displays the umask in symbolic format, such as u=rwx,g=rx,o=rx.

3. Set a new umask value (octal):

Command: umask 027
Sets the default umask to 027, which disables write permissions for group and all permissions for
others.

4. Set a new umask value (symbolic):

Command: umask u=rwx,g=rx,o=
Configures the umask to allow full permissions for the owner, read and execute permissions for
the group, and no permissions for others.

5. Create a file to see the effect of umask:

Command: umask 022 && touch testfile && ls -l testfile
After setting umask to 022, creating a file results in permissions rw-r--r--.

6. Create a directory to see the effect of umask:

Command: umask 002 && mkdir testdir && ls -ld testdir
After setting umask to 002, creating a directory results in permissions rwxrwxr-x.

7. Revert to default umask:

Command: umask 0022
Resets the default umask to its system default value of 022.