Managing File permissions and ownerships

chmod

linux-file-permissions_featured-image

What we’ll cover in this article is how to identify permissions for files & directories and how to change them, as well as changing ownerships, groups, etc. Depending on what you want to do, you’ll want to make sure you have the appropriate permissions (obviously), so let’s find out how to change them.

Let’s start by making a file we can use.

I issued the “touch” command to make a file creatively named testfile.

Touch will just create an empty file but has all the same attributes as an actual file. You can see this by using “ls –l.”

Commands:
touch test file
mkdir workfolder

Linux File Permissions 1

The permisions are broken into 4 sections.

Linux File Permissions 2

chmod – adds and removes permissions

If you wanted to add or remove permissions to the user, use the command “chmod” with a “+” or “–“, along with the r (read), w (write), x (execute) attribute followed by the name of the directory or file.

chmod +rwx “name of the file”
chmod –rwx “name of the directory”

Linux File Permissions 3

chmod +x testfile – this would allow me to execute
chmod –wx testfile – this would take out write and executable permissions

You’ll notice that this only changes the permissions for the owner of the file, in this case roman.

Changing Permissions for the Group Owners & Others

The command is similar to what we did before, but this time you add a “g” for group or “o” for users.

chmod g+w testfile
chmod g-wx testfile

Linux File Permissions 4

chmod o+w testfile
chmod o-rwx workfolder

Linux File Permissions 5

Lastly you can change it for everyone: “u” for users, “g” for group, & “o” for others; uog or a (for all).

chmod ugo+rwx workfolder – will give read, write, execute to everyone
chmod a=r workfolder – will give only read perission for everyone

chgrp – changing groups of files & directories

Another useful option is to change file permission to the group owning the file. Perhaps you create the files, but people on the db2 team can write/execute as well. We use chgrp for this purpose.

Linux File Permissions 6

You can see above that testfile and the work folder belong to the users group.

Linux File Permissions 7

By issuing the command – chgrp “name of the group” “name of the file” – you can change this.

chgrp sales testfile
chgrp sales workfolder

This give sales control of the file & then I can take away permissions for everyone else.

Note: The group must exit before you try to assign groups to files and directories.

chown – changing ownership

Another helpful command is changing ownerships of files and directories. The command is “chwon” along with “name of new owner” & “name of file.”

Linux File Permissions 8

The files belonged to roman. To give ownership to tom, issue the command:

chown tom testfile
chown tom workfolder

We can also combine the group and ownership command by:

Linux File Permissions 9

chown -R tom:sales /home/roman/tsfiles

The above command gives tom the ownership of the directory tsfiles, and all files and subfolders. The -R stands for recursive which is why all sub folders and files belong to tom as well.

As opposed to: chown tom workfolder

This command will give ownership to tom but all sub files and directories still belong to the original owner. The -R will transfer ownership of all sub directories to the new owner.

As you can see, you have several options when it comes to permissions. You have the capability to dictate who can do what & the flexibility to limit usability among users. It may be easier to just give all permission to everyone but this may end up biting you in the end, so choose wisely.

Permission in numeric mode

The above way of changing permissions will work fine but you may also need to know how to change permissions in numeric mode. chmod is used in much the same way, but instead of r, w, or x you will use numbers instead.

What are the numbers?
0 = No Permission
1 = Execute
2 = Write
4 = Read

You basically add up the numbers depending on the level of permission you want to give.

Linux File Permissions 10

Examples:
chmod 777 workfolder
Will give read, write, and execute permissions for everyone.

Linux File Permissions 11

chmod 700 workfolder
Will give read, write, and execute permission for the user, but nothing to everyone else.

Linux File Permissions 12

chmod 327 workfolder
Will give write and execute (3) permission for the user, w (2) for the group, and read, write, and execute for other users.
Permission numbers
0 = —
1 = –x
2 = -w-
3 = -wx
4 = r—
5 = r-x
6 = rw-
7 = rwx

Either variation of changing permissions will work, just remember how to use the numeric values.

12 Linux Chown Command Examples to Change Owner and Group

The concept of owner and groups for files is fundamental to Linux. Every file is associated with an owner and a group. You can use chown and chgrp commands to change the owner or the group of a particular file or directory.

In this article, we will discuss the ‘chown’ command as it covers most part of the ‘chgrp’ command also.

Even if you already know this command, probably one of the examples mentioned below might be new to you.

1. Change the owner of a file

# ls -lart tmpfile
-rw-r--r-- 1 himanshu family 0 2012-05-22 20:03 tmpfile

# chown root tmpfile

# ls -l tmpfile
-rw-r--r-- 1 root family 0 2012-05-22 20:03 tmpfile

So we see that the owner of the file was changed from ‘himanshu’ to ‘root’.

2. Change the group of a file

Through the chown command, the group (that a file belongs to) can also be changed.

# ls -l tmpfile
-rw-r--r-- 1 himanshu family 0 2012-05-22 20:03 tmpfile

# chown :friends tmpfile

# ls -l tmpfile
-rw-r--r-- 1 himanshu friends 0 2012-05-22 20:03 tmpfile

If you observe closely, the group of the file changed from ‘family’ to ‘friends’. So we see that by just adding a ‘:’ followed by the new group name, the group of the file can be changed.

3. Change both owner and the group

# ls -l tmpfile
-rw-r--r-- 1 root family 0 2012-05-22 20:03 tmpfile

# chown himanshu:friends tmpfile

# ls -l tmpfile
-rw-r--r-- 1 himanshu friends 0 2012-05-22 20:03 tmpfile

So we see that using the syntax ‘<newOwner>:<newGroup>’, the owner as well as group can be changed in one go.

4. Using chown command on symbolic link file

Here is a symbolic link :

# ls -l tmpfile_symlnk
lrwxrwxrwx 1 himanshu family 7 2012-05-22 20:03 tmpfile_symlnk -> tmpfile

So we see that the symbolic link ‘tmpfile_symlink’ links to the file ‘tmpfile’.

Lets see what happens if chown command is issued on a symbolic link:

# chown root:friends tmpfile_symlnk

# ls -l tmpfile_symlnk
lrwxrwxrwx 1 himanshu family 7 2012-05-22 20:03 tmpfile_symlnk -> tmpfile

# ls -l tmpfile
-rw-r--r-- 1 root friends 0 2012-05-22 20:03 tmpfile

When the chown command was issued on symbolic link to change the owner as well as the group then its the referent of the symbolic link ie ‘tmpfile’ whose owner and group got changed. This is the default behavior of the chown command. Also, there exists a flag ‘–dereference’ for the same.

5. Using chown command to forcefully change the owner/group of symbolic file.

Using flag ‘-h’, you can forcefully change the owner or group of a symbolic link as shown below.

# ls -l tmpfile_symlnk
lrwxrwxrwx 1 himanshu family 7 2012-05-22 20:03 tmpfile_symlnk -> tmpfile

# chown -h root:friends tmpfile_symlnk

# ls -l tmpfile_symlnk
lrwxrwxrwx 1 root friends 7 2012-05-22 20:03 tmpfile_symlnk -> tmpfile

6. Change owner only if a file is owned by a particular user

Using chown “–from” flag, you can change the owner of a file, only if that file is already owned by a particular owner.

# ls -l tmpfile
-rw-r--r-- 1 root friends 0 2012-05-22 20:03 tmpfile

# chown --from=guest himanshu tmpfile

# ls -l tmpfile
-rw-r--r-- 1 root friends 0 2012-05-22 20:03 tmpfile

# chown --from=root himanshu tmpfile

# ls -l tmpfile
-rw-r--r-- 1 himanshu friends 0 2012-05-22 20:03 tmpfile
  • In the example above, we verified that the original owner/group of the file ‘tmpfile’ was root/friends.
  • Next we used the ‘–from’ flag to change the owner to ‘himanshu’ but only if the existing owner is ‘guest’.
  • Now, as the existing owner was not ‘guest’. So, the command failed to change the owner of the file.
  • Next we tried to change the owner if the existing owner is ‘root’ (which was true) and this time command was successful and the owner was changed to ‘himanshu’.

On a related note, if you want to change the permission of a file, you should usechmod command.

If you are a beginner, you should start by reading the basics of file permissions.

7. Change group only if a file already belongs to a certain group

Here also the flag ‘–from’ is used but in the following way:

# ls -l tmpfile
-rw-r--r-- 1 himanshu friends 0 2012-05-22 20:03 tmpfile

# chown --from=:friends :family tmpfile

# ls -l tmpfile
-rw-r--r-- 1 himanshu family 0 2012-05-22 20:03 tmpfile

Since the file ‘tmpfile’ actually belonged to group ‘friends’ so the condition was correct and the command was successful.

So we see that by using the flag ‘–from=:<conditional-group-name>’ we can change the group under a particular condition.

NOTE: By following the template ‘–from=<conditional-owner-name>:<conditional-group-name>’, condition on both the owner and group can be applied.

8. Copy the owner/group settings from one file to another

This is possible by using the ‘–reference’ flag.

# ls -l file
-rwxr-xr-x 1 himanshu family 8968 2012-04-09 07:10 file

# ls -l tmpfile
-rw-r--r-- 1 root friends 0 2012-05-22 20:03 tmpfile

# chown --reference=file tmpfile

# ls -l tmpfile
-rw-r--r-- 1 himanshu family 0 2012-05-22 20:03 tmpfile

In the above example, we first checked the owner/group of the reference-file ‘file’ and then checked the owner/group of the target-file ‘tmpfile’. Both were different.  Then we used the chown command with the ‘–reference’ option to apply the owner/group settings from the reference file to the target file. The command was successful and the owner/group settings of ‘tmpfile’ were made similar to the ‘file’.

9. Change the owner/group of the files by traveling the directories recursively

This is made possible by the ‘-R’ option.

# ls -l linux/linuxKernel
-rw-r--r-- 1 root friends 0 2012-05-22 21:52 linux/linuxKernel

# ls -l linux/ubuntu/ub10
-rw-r--r-- 1 root friends 0 2012-05-22 21:52 linux/ubuntu/ub10

# ls -l linux/redhat/rh7
-rw-r--r-- 1 root friends 0 2012-05-22 21:52 linux/redhat/rh7

# chown -R himanshu:family linux/

# ls -l linux/redhat/rh7
-rw-r--r-- 1 himanshu family 0 2012-05-22 21:52 linux/redhat/rh7

# ls -l linux/ubuntu/ub10
-rw-r--r-- 1 himanshu family 0 2012-05-22 21:52 linux/ubuntu/ub10

# ls -l linux/linuxKernel
-rw-r--r-- 1 himanshu family 0 2012-05-22 21:52 linux/linuxKernel

So we see that after checking the owner/group of all the files in the directory ‘linux’ and its two sub-directories ‘ubuntu’ and ‘redhat’.  We issued the chown command with the ‘-R’ option to change both the owner and group. The command was successful and owner/group of all the files was changed successfully.

10. Using chown command on a symbolic link directory

Lets see what happens if we issue the ‘chown’ command to recursively change the owner/group of files in a directory that is a symbolic link to some other directory.

Here is a symbolic link directory ‘linux_symlnk’ that links to the directory ‘linux’ (already used in example ‘9’ above) :

$ ls -l linux_symlnk
lrwxrwxrwx 1 himanshu family 6 2012-05-22 22:02 linux_symlnk -> linux/

Now, lets change the owner (from himanshu to root) of this symbolic link directory recursively :

# chown -R root:friends linux_symlnk

# ls -l linux_symlnk/
-rw-r--r-- 1 himanshu friends    0 2012-05-22 21:52 linuxKernel
drwxr-xr-x 2 himanshu friends 4096 2012-05-22 21:52 redhat
drwxr-xr-x 2 himanshu friends 4096 2012-05-22 21:52 ubuntu

In the ouput above we see that the owner of the files and directories was not changed. This is because by default the ‘chown’ command cannot traverse a symbolic link. This is the default behavior but there is also a flag ‘-P’ for this.

11. Using chown to forcefully change the owner/group of a symbolic link directory recursively

This can be achieved by using the flag -H

# chown -R -H guest:family linux_symlnk

# ls -l linux_symlnk/
total 8
-rw-r--r-- 1 guest family    0 2012-05-22 21:52 linuxKernel
drwxr-xr-x 2 guest family 4096 2012-05-22 21:52 redhat
drwxr-xr-x 2 guest family 4096 2012-05-22 21:52 ubuntu

So we see that by using the -H flag, the owner/group of all the files/folder were changed.

12. List all the changes made by the chown command

Use the verbose option -v, which will display whether the ownership of the file was changed or retained as shown below.

# chown -v -R guest:friends linux
changed ownership of `linux/redhat/rh7' to guest:friends
changed ownership of `linux/redhat' retained to guest:friends
ownership of `linux/redhat_sym' retained as guest:friends
ownership of `linux/ubuntu_sym' retained as guest:friends
changed ownership of `linux/linuxKernel' to guest:friends
changed ownership of `linux/ubuntu/ub10' to guest:friends
ownership of `linux/ubuntu' retained as guest:friends
ownership of `linux' retained as guest:friends
Advertisements

Posted on June 15, 2015, in Linux (Ubuntu/CentOS). Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: