Network Administration: Linux File Ownership and Permission Commands
Essential tools in the management of file system rights in the Linux environment are the chown, chgrp and chmod commands. The details on the use and options available for these commands are presented.
You can view the ownership and permissions for a file using the ls command with the -l option.
The chown command
The chown command changes the owner of a file. Normally, the user who creates a file is the owner of the file. However, the owner can transfer the file to someone else via this command. The basic syntax of this command is
chown user file
For example, to change the owner of a file named rescue.plans to user professor, use this command:
$ chown professor rescue.plans
To change ownership of all the files in the directory named /home/island to professor, use this command:
$ chown professor /home/island
Issuing the following command would be a really bad idea:
$ chown gilligan rescue.plans
The chgrp command
Every file has not only an individual owner, but also a group owner. You can change the group ownership using the chgrp command, which has the following basic syntax:
chgrp group file
For example, to grant the castaways group ownership of the file rescue.plans, use this command:
$ chgrp castaways rescue.plans
To change group ownership of all the files in the directory named /home/island to castaways, use this command:
$ chgrp castaways /home/island
The chmod command
The chmod command lets you change the permissions for a Linux file. Before explaining the syntax of the chmod command, you need to look at the cryptic way Linux reports file permissions. Linux grants three different types of permissions — read, write, and execute — for three different scopes: owner, group, and everyone. That’s a total of nine permissions.
When you use the ls command with the -l option, the permissions are shown as a ten-character string that begins with a hyphen if the entry is for a file or a d if the entry is for a directory. Then, the next nine letters are the nine permissions, in this order:
Read, write, execute for the owner
Read, write, execute for the group
Read, write, execute for everyone
The letters r, w, or x appear if the permission has been granted. If the permission is denied, a hyphen appears.
For example, suppose the ls -l command lists these permissions:
You interpret this permission string like this:
The first hyphen indicates that this is a file, not a directory.
The next three positions are rw-. Therefore, the owner has read and write permission on this file, but not execute permission.
The next three positions are r–. That means the group owner has read permissions but not write or execute permission.
The last three positions are also r–. That means that everyone else has read permission but not write or execute permission.
The full syntax of the chmod command is pretty complex. However, you can do most of what you need to do with this form:
chmod specification file
Here, specification is in the form u=rwx, g=rwx, or o=rwx to set the permissions for the user (owner), group, and others (everyone). You don’t have to specify r, w, and x; you just list the permissions that you want to grant. For example, to grant read and write permission for the user to a file named rescue.plans, use this command:
$ chmod u=rw rescue.plans
You can also combine specifications, like this:
$ chmod u=rw,g=rw,o=r rescue.plans
To revoke all rights for the user, group, or others, don’t type anything after the equal sign. For example, this command revokes all rights for others:
$ chmod o= rescue.plans