In the previous article, we have discussed what file’s ownership and permissions are, and how they work. In this article, we are going to learn how to manage as Linux administrators the ownership and permissions of files and directories. Wish you nice reading.
Changing Ownership of a File
To change the owner and/or group of one or more files or directories, the chown command is used.
chown [OPTION]... [OWNER][:[GROUP]] FILE...
- To make the user ahmed the owner of the file /data/file1:
Now, the ls –l command should reflect the change:
- To change the ownership and group of the /oracle directory to oracle and oinstall including all sub-directories and files:
Notice the –R option which means recursively.
Now, the ownership of the /oracle directory itself should be changed:
And also any sub-directories and files:
The chgrp Command
To change only the group ownership of one or more files or directories, use the chgrp command.
chgrp [OPTION]... GROUP FILE...
Your security auditor asked you to create a group named security, and change the group ownership of the Syslog files to it.
chgrp security /var/log/secure
Change File and Directory Permissions
The chmod command is used to set/change permissions on one or more files and directories.
The general syntax of the command is:
chmod [-R] mode FILE …
Where –R means recursive.
To specify the mode, there are two methods:
- The Symbolic Method.
- The Numeric Method.
The Symbolic Method
In this method, the mode is specified using a combination of characters:
u, g, and o for user, group and other.
a for all.
+ for grant, – for deny, and = for set.
r, w, and x for read, write, and execute.
- To prevent others from listing the contents or changing to the /etc/security directory:
chmod o-rx /etc/security
- To set the permissions on the file /data/file1 as follows:
- Owner has full permissions: read, write, and execute.
- The group and others has read only permission.
chmod u+rwx,go=r /data/file1
- To grant the owner and group read and write permissions on a file, and allow others read only:
chmod ug=rw,o=r /data/file2
- To grant all users read, write, and execute (full permissions) on the /shared directory, and all its sub-files and directories:
chmod –R a+rwx /shared
The Numeric Method
Unlike the symbolic method, the numeric method couldn’t be used to grant or deny the owner only, or the group only, or others only, or a any two of them partial or complete set of permissions on a file. Instead, the numeric method sets the whole set of permissions for the user, group, and others. In other words, using the numeric method is equivalent to using either ugo=XYZ or a=XYZ forms of the symbolic method.
In this method, the mode is represented as 3 octal digits: the first for the owner, the second for the group, and the third for others’ permissions.
The symbolic r, w, and x permissions are translated to their numeric equivalent:
Add the numeric equivalents for the granted permissions for the user, group, and others to get the resulting mode:
- To make a file readable to its owner and group, and writeable only for the owner, while others have no permissions:
chmod 640 /data/file1
- To grant all users full permissions on the /shared directory and all its sub-files and sub-directories:
chmod –R 777 /shared
In this article, we have talked about Managing the ownership and permissions for files and directories.
- The chown command is used to change the owner and group for one or more files or directories.
- The chgrp command is used to change the group for one or more files or directories.
- The chmod command sets the permissions on files and directories.
- With all commands, the –R option changes ownership and permissions recursively.
In the next article, we will tackle another topic: Managing Services; A topic not to miss. See you.