Changing File Ownership and Permissions in Linux

As Linux was designed to support many users on a system, permissions and ownership is in place to ensure authorized access to certain files. This prevents general users from modifying system and administration level files, users from accessing other users’ private files, or to allow some users to read a file but only one or few have access to write to it. Two of these systems are Linux’s file ownership and permissions policies.

 

Every file in Linux (including directories), all have an owning user and group, and read/write/execute flags to allow or deny such types of file access to the owner, owning group, and all other users respectively.

 

Finding Current File Ownership and Permissions

To list a file’s current ownership and permissions policies, the command  ls -l can be used.

 

Supplying a file to the command with  ls -l filename will output details about the file. These details include an indicator of the type of file it is, the read (r)/write (w)/execute (x) flags for the user, group, and other users, the number of links to the file, the size of the file, and the date the file was last modified.

 

Example:

 

In this example, the file is owned by the user foo and the group bar. The user foo has read, write, and execute permissions, the group bar has read and write permissions, and any other users only have read access.

 

Simply running  ls -l without supplying a filename will list the same output for all contents of the current directory.

 

If the file provided is actually a directory, the command will list the same output for all contents of that directory.

 

More information on the  ls command can be found here, or with the use of the commands  ls --help  or  man ls.

 

Changing File Ownership and Permissions

Because only the root user can change the ownership and permissions of a file in Linux, all of the following commands must be run as root or with  sudo if logged in as any other user with  sudo  command permissions.

 

Changing Ownership

In Linux, when a file is created, ownership over the file defaults to the user who created it and that user’s primary group. Sometimes though. there are instances where the ownership of a file or directory must be changed. To do so, there are two useful commands in changing user or group ownership of a file:  chown and  chgrp.

 

The command  chown is used to modify the ownership of a file. The command  chgrp is used to modify group ownership of a file. However, because  chown also has the functionality to modify group ownership, we will only be using  chown in this guide. For more details on and instructions for using  chgrp, you can look here, or with the use of the commands  chgrp --help or  man chgrp.

 

To use  chown to change file ownership, simply supply the name of the user you want to transfer ownership to followed by which file you wish to transfer:  chown user file

 

To change the group ownership, instead of a username, enter : followed by the group name:  chown :group file

 

To change both the user and group ownership at the same time, enter both the username and group name, with : separating them:  chown user:group file

 

You may also need to supply the command with one of its available argument options, depending on what is being changed.

 

For example, if changing the ownership of an entire directory, the  -R option should also be supplied to run the command recursively, changing the ownership of the directory itself and all of its contents:  chown -R user /full/path/of/file/or/directory

 

It is highly suggested to utilize the full path of the file or folder when using this flag and having a solid understanding of absolute and relative paths as this could have an adverse affect on your file system’s ownership.

 

Without this option, only the ownership of the directory itself would be updated, while the ownership of its contents would not.

 

More details, and a full list of the available options, for  chown can be found here, or with the use of the commands  chown --help or  man chown.

 

Changing Permissions

In Linux, the access permissions for a file are split between the user, group, and others. The user is the owner of the file, while the group is the owning group of the file, and others is simply all other users.  It is then further split into what’s basically a simple yes/no for each type of access is available: read, write, and execute. Read (r) means they can read data from the file, write (w) means they can write data to the file, and execute (x) means they can run the file as a program.

 

To change these permissions, the command  chmod is available, with which there are two primary ways to adjust the permissions.

 

The first way is to enable or disable specific permissions for specific roles. To do this, you would run  chmod and follow it with either  u for adjusting user permissions,  g for group permissions, or  o for other users, then either a  + or  - to indicate either adding or remove permissions, and finally either a  r for read,  w for write, or  x for execution permissions. You can also combine the options for who to change permissions for and which permissions.

 

Example:

 

In the example above, the first command gives execution permissions to the user that owns the file. The second command gives read and write permissions for both the user and group that own the file. And finally, the last example takes away read permissions for the file from all other users.

 

The second way to use  chmod to change file permissions is to set all permissions at once using a number to represent all permissions. This number is a 3-digit number where the first digit represents the permissions for the user, the second digit represents the group permissions, and the last digit represents the permissions for other users.

 

The value for each digit is the sum of the numbers representing which permissions to enable for that role. The numbers representing each type of permission is as follows:

Read = 4

Write = 2

Execute = 1

 

This means that the number representing no permissions would be zero. Four would be just read, six would be read and write, seven would be all permissions, etc.

 

We then concatenate these numbers into our 3-digit number to represent all roles at once. For example, to give the user read and write access, the group only read access, and other users no access, the number to represent that would be  740.

 

Example:

 

In the example above, the first command sets all roles to have no permissions, the second command gives all roles all permissions, the third gives read and write access to only the user, and the last command gives read and execute permissions to both the user and other users.

 

More details and options available for  chmod can be found here, or with the use of the commands  chmod --help or  man chmod.


Share:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.