Permission and ownership

As a user of a system, to access a file in Linux and UNIX, it is important that a user has the required permission for that specific file or directory. For example, as a regular user, perform cd into /root:

$ cd /root
bash: cd: /root/: Permission denied

We were not able to do so because of the permission denied error:

$ cd ~/

We were successfully able to do cd into the user's home directory because a user had the permission to access its own home directory.

Every file in UNIX or Linux has an owner and an associated group. It also has a set of permissions (read, write, and execute) with respect to the user, group, and others.

Viewing the ownership and permission of files

The ls command with the -l option is used to view the ownership and permission of a file:

$ touch permission_test_file.txt    #  Creating a file
$ ls -l  permission_test_file.txt    # Seeing files' attributes
-rw-rw-r-- 1 foo foo 0 Aug 24 16:59 permission_test_file.txt

Here, the first column of ls contains the permission information—that is, -rw-rw-r--.

The first character specifies a file's type, which is dash (-) in this example. A dash means that it is a regular file. It can have other characters as follows:

  • p: This means it is a named pipe file
  • d: This means it is a directory file
  • s: This means it is a socket file
  • c: This means it is a character device file
  • b: This means it is a block device file

The next three characters belong to a user's or owner's permission. It can be either rwx or dash at any of these spaces. The permission r specifies that the read permission is available, w specifies that the write permission is available, and x specifies that the execute permission is available over the given file. If a dash is present, then the corresponding permission is missing. In the above example, an owner's permission is rw-, which means the owner has read and write permission on the permission_test_file.txt file but no execute permission.

The next three characters belong to a group's permission. It can be rwx or dash at any of these places if the corresponding permission is missing. In the preceding example, the permission given to a group is rw-, which means the read and write permissions are present and the execute permission is missing.

The next three characters belong to other's permission. In the preceding example, the permission given to others is r--, which means other users can read the content of the permission_test_file.txt file but can't modify or execute it.

The next column in the ls -l output—that is, the second column specifies who the owner of file is. In our example, the second column value is foo, which means foo has the ownership of the file. By default, the ownership of a file is given to whoever has created that file.

The third column in the ls -l output that specifies the group to which a file belongs to. In our case, the group of the permission_test_file.txt file is foo.

Changing permission

To change the permission of a file, the chmod command is used. The syntax of using chmod is as follows:

chmod [option] mode[,mode] file

Or,

chmod [option] octal-mode file

An important option of chmod is -R, which means change the files and directories permission recursively.

The mode can be [ugoa][-+][rwx].

Here, u is the owner, g is the group, o is other, and a is all users—that is, ugo.

Specifying - (minus) removes the specified permission and specifying +(plus) adds the specified permission.

The letters r(read), w(write), and x(execute) specify permissions.

The octal-mode specifies the rwx permission of a user together in octal format, which can be from 0 to 7. The following table explains the octal representation of a permission to a specific user:

Octal Value

Binary representation

Meaning

0

000

No read, write, and execute permissions (---)

1

001

Only execute permission (--x)

2

010

Only write permission (-w-)

3

011

Write and execute permissions (-wx)

4

100

Only read permission (r--)

5

101

Read and execute permissions (r-x)

6

110

Read and write permissions (rw-)

7

111

Read, write, and execute permissions (rwx)

To demonstrate the changing permission on a file, we will create a file as follows:

$ touch test_file.txt
$ ls -l test_file.txt    # Checking permission of file
-rw-rw-r--. 1 foo foo 0 Aug 24 18:59 test_file.txt

The default permission given to a regular file is the Read permission to an owner, group, and other. The Write permission is given to the owner and group. No execute permission is given to anyone.

Now, we want to modify a permission in such a way that only the owner can have the write permission, and keeping the other permission as it is. We can do this in the following way:

$ chmod 644 test_file.txt
$ ls -l tst_file.txt
-rw-r--r--. 1 foo foo 0 Aug 24 19:03 test_file.txt

Now, we can see that only an owner can modify test_file. While using octal mode, we have to specify the exact permission that we want to see further. In chmod, we gave octal_mode as 644; here the first octal digit, that is, 6 signifies the read, write, and execute permissions of the owner. Similarly, the second octal digit 4 specifies the permissions for the group and the third digit specifies the permission for others.

There is another way to modify a permission, which is by using mode. Mode is specified as [ugoa][-+][rwx]. Here, we only have to specify which permission we want to add or remove.

For example, we want to remove the write permission from an owner and add the execute permission to all. We can do this as follows:

$ chmod u-w,a+x test_file.txt
$ ls -l test_file.txt
-r-xr-xr-x. 1 foo foo 0 Aug 24 19:03 test_file.txt

Changing the owner and group

We can also change the owner and group ownership of a file. This allows flexibility to further modify the group and owner of a file.

Changing a file's owner

To change the owner of a command, chown is used. This is useful for sysadmin in different cases. For example, a user is working on a project and now the user is going to discontinue working on that project. In such a case, sysadmin can modify the ownership to a new user who is responsible for continuing that project. Sysadmin can change the ownership of a file to a new user for all the related files in a project.

In our previous example, foo is the owner of the test_file.txt file. Now, we want to transfer the ownership of a file to user bar.

If the user bar doesn't exist in a system, a new user bar can be created using the useradd command. The useradd command needs the root access.

Following command will create a new user called bar:

$ sudo useradd bar  # New user bar will be created

We can change ownership of test_file.txt file to user bar by executing the following command as root or sudo:

$ sudo chown bar test_file.txt  # Changing ownership of file to user bar
$ ls -l  test_file.txt
-r-xr-xr-x. 1 bar foo 0 Aug 24 19:03 test_file.txt

We can see that the ownership of a file is changed to bar.

Changing group ownership

To modify the group ownership of a file, we can either use the chown or chgrp command. To create a new group, the groupadd command is used as sudo or root. For example, we want to create a new group called test_group:

$ sudo groupadd test_group

Now, we will change the group of the example file test_file.txt by using the chown command. This can be done by executing the following command:

$ sudo chown :test_group test_file.txt  # Modifying group ownership
$ ls -l test_file.txt
-r-xr-xr-x. 1 bar test_group 0 Aug 24 19:03 test_file.txt

We can see that the group has been modified to test_group. To change the group using the chgrp command, we can execute the following command:

$  sudo chgrp bar test_file.txt  # Changing group ownership to bar
$ ls -l test_file.txt
-r-xr-xr-x. 1 bar bar 0 Aug 24 19:03 test_file.txt

Now, we will revert back the owner and group to foo for the test_file.txt file:

$ sudo chown foo:foo test_file.txt
$ ls -l test_file.txt
-r-xr-xr-x. 1 foo foo 0 Aug 24 19:03 test_file.txt

The new owner name is provided before : (colon) and the group name after : ,while modifying the owner and group ownership using the chown command.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.58.187.240