Hostwinds Tutorials

Search results for:


Table of Contents


Finding Current File Ownership and Permissions
Changing File Ownership and Permissions
Changing Ownership
Changing Permissions

Changing File Ownership and Permissions in Linux

Tags: Linux,  Security 

Finding Current File Ownership and Permissions
Changing File Ownership and Permissions
Changing Ownership
Changing Permissions

As Linux was designed to support many users on a system, permissions and ownership are in place to ensure authorized access to certain files. This prevents general users from modifying system and administration level files, accessing other users' private files, or allowing some users to read a file. Still, only one or few have access to write to it. Two of these systems are Linux's file ownership and permissions policies.

Every file in Linux (including directories) has an owning user and group and read/write/execute flags to allow or deny such types of file access to the owner, owning group, and all other users, respectively.

Finding Current File Ownership and Permissions

To list a file's current ownership and permissions policies, the command ls -l can be used.

Supplying a file to the command with ls -l filename will output details about the file. These details include an indicator of the type of file it is, the read (r)/write (w)/execute (x) flags for the user, group, and other users, the number of links to the file, the size of the file, and the date the file was last modified.

Example:

ls -l filename
-rwxrw-r-- 1 foo bar 1024 Jan 1 00:00 filename

In this example, the file is owned by the user foo and the group bar. The user foo has read, write, and execute permissions, the group bar has read and write permissions, and any other users only have read access.

Simply running ls -l without supplying a filename will list the same output for all current directory contents.

If the file provided is actually a directory, the command will list the same output for all contents of that directory.

More information on the ls command can be found here, or with the commands ls –help or man ls.

Changing File Ownership and Permissions

Because only the root user can change the ownership and permissions of a file in Linux, all of the following commands must be run as root or with sudo if logged in as any other user with sudo command permissions.

Changing Ownership

In Linux, when a file is created, ownership over the file defaults to the user who created it and that user's primary group. Sometimes though. There are instances where the ownership of a file or directory must be changed. To do so, there are two useful commands in changing user or group ownership of a file: chown and chgrp.

The command chown is used to modify the ownership of a file. The command chgrp is used to modify the group ownership of a file. However, because chown also has the functionality to modify group ownership, we will only use chown in this guide. For more details and instructions for using chgrp, you can look here or use the commands chgrp –help or man chgrp.

To use chown to change file ownership, supply the user's name you want to transfer ownership to, followed by which file you wish to transfer:

chown user file.

Instead of a username, to change the group ownership, enter a: followed by the group name:

chown: group file.

To change both the user and group ownership simultaneously, enter both the username and group name, with a: separating them:

chown user: group file.

You may also need to supply the command with one of its available argument options, depending on what is being changed.

For example, if changing the ownership of an entire directory, the -R option should also be supplied to run the command recursively, changing the ownership of the directory itself and all of its contents:

chown -R user /full/path/of/file/or/directory.

It is highly suggested to utilize the full path of the file or folder when using this flag and have a solid understanding of absolute and relative paths. This could harm your file system's ownership.

Without this option, only the owner of the directory itself would be updated, while the ownership of its contents would not.

More details, and a full list of the available options, for chown can be found here, or with the commands

chown –-help 

Or

man chown

Changing Permissions

In Linux, the access permissions for a file are split between the user, group, and others. The user is the file owner, while the group is the owning group of the file, and others are simply all other users.  It is then further split into what's basically a simple yes/no for each type of access is available: read, write, and execute. Read (r) means they can read data from the file, write (w) means they can write data to the file, and execute (x) means they can run the file as a program.

To change these permissions, the command chmod is available, with which there are two primary ways to adjust the permissions.

The first way is to enable or disable specific permissions for specific roles. To do this, you would run chmod and follow it with either u for adjusting user permissions, g for group permissions, or o for other users, then either a + or – to indicate either adding or remove permissions, and finally either a r for reading, w for write, or x for execution permissions. You can also combine the options for who to change permissions for and which permissions.

Example:

chmod u+x filename
chmod ug+rw filename
chmod o-r filename

In the example above, the first command gives execution permissions to the user that owns the file. The second command gives read and writes permissions for both the user and group that own the file. And finally, the last example takes away read permissions for the file from all other users.

The second way to use chmod to change file permissions is to set all permissions at once using a number to represent all permissions. This number is a 3-digit number where the first digit represents the permissions for the user, the second digit represents the group permissions, and the last digit represents the permissions for other users.

The value for each digit is the sum of the numbers representing which permissions to enable for that role. The numbers representing each type of permission is as follows:

Read = 4

Write = 2

Execute = 1

This means that the number representing no permissions would be zero. Four would be just read. Six would be read and write. Seven would be all permissions, etc.

We then concatenate these numbers into our 3-digit number to represent all roles at once. For example, to give the user read and write access, the group only read access, and other users no access, the number to represent that would be 740.

Example:

chmod 000 filename
chmod 777 filename
chmod 600 filename
chmod 505 filename

In the example above, the first command sets all roles to have no permissions. The second command gives all roles all permissions. The third gives read and write access to only the user, and the last command gives read and executes permissions to both the user and other users.

More details and options available for chmod can be found here or with the commands

chmod –-help

Or

man chmod

Written by Hostwinds Team  /  August 29, 2018