# 5.3 Managing File Permissions and Ownership ### **5.3 Managing File Permissions and Ownership** **Weight:** 2 **Description:** Understanding and manipulating file permissions and ownership settings. **Key Knowledge Areas:** * File and directory permissions and ownership **The following is a partial list of the used files, terms and utilities:** * ls -l, ls -a * chmod, chown File permissions are core to the security model used by Linux systems. They determine who can access files and directories on a system and how. ### Viewing Ownership and Permissions The `ls` command along with its `-l` (for long listing) option will show you metadata about your Linux files, including the permissions set on the file. ``` [payam@earth Working]$ ls -l total 4 drwxr-xr-x. 2 payam payam 6 Dec 15 08:54 dir1 drwxr-xr-x. 2 payam payam 6 Dec 15 08:54 dir2 -rw-r--r--. 1 payam payam 0 Dec 15 08:54 file1 -rw-r--r--. 1 payam payam 0 Dec 15 08:54 file2 -rwxr-xr-x. 1 payam payam 30 Dec 8 11:58 myscript.sh ``` The first field of the `ls -l` output is a group of metadata that includes the permissions on each file. Here are the components:

The first character of a long listing describes the type of object. "-" for a regular file, "d" for a directory, "l" for a symbolic link(we will see them). **Directories ownership and permissions** Directories use the same permissions flags as regular files, but they are interpreted differently. * Read permission for a directory allows a user with that permission to list the contents of the directory. * Write permission means a user with that permission can create or delete files in the directory. * Execute permission allows the user to enter the directory and access any subdirectories. > Without execute permission on a directory, the filesystem objects inside the directory are not accessible. > Without read permission on a directory, the filesystem objects inside the directory are not viewable in a directory listing, but these objects can still be accessed as long as you know the full path to the object on disk. {% hint style="info" %} #### Linux Hidden files In Linux, hidden files (also known as "dotfiles") are files and directories whose names start with a period (.). This is merely a naming convention used to keep configuration files and system-related data from cluttering normal directory listings, and does not provide any special security or protection. **`ls -a`** command lists *all* files, including hidden ones and the special directory entries for the current directory (`.`) and the parent directory (`..`). **`ls -la`** combines the "all" option with the "long listing format," which provides detailed information about each file, such as permissions, ownership, size, and modification time. {% endhint %} ### chmod The command you use to change the permissions on files is called chmod , which stands for “change mode". There are to ways to tell this command what you want to do: * using short codes * using ocatl codes **1- using short codes:** That is easier way.

Syntax: ``` chmod [reference][operator][mode] file... ``` reference can be * u as user (file's owner) * g as group (users who are members of the file's grou) * o as others (users who are not the file's owner / members of the file's group) * a as all (All three of the above, same as ugo) Operator can be * \+ Adds the specified modes to the specified classes * \- Removes the specified modes from the specified classes * \= The modes specified are to be made the exact modes for the specified classes obviously modes might be * r :Permission to read the file * w :Permission to write (or delete) the file. * x : Permission to execute the file, or, in the case of a directory, search it. example: ``` [payam@earth Working]$ ls -l | grep file1 -rw-r--r--. 1 payam payam 0 Dec 15 08:54 file1 [payam@earth Working]$ chmod u+x file1 [payam@earth Working]$ ls -l | grep file1 -rwxr--r--. 1 payam payam 0 Dec 15 08:54 file1 [payam@earth Working]$ chmod o-r file1 [payam@earth Working]$ ls -l | grep file1 -rwxr-----. 1 payam payam 0 Dec 15 08:54 file1 ``` > If we want to set different permissions for user, group, or other, we can separate different expressions by commas —for example, `ug=rwx,o=rx` ``` [payam@earth Working]$ ls -l | grep file1 -rwxr-----. 1 payam payam 0 Dec 15 08:54 file1 [payam@earth Working]$ chmod u-x,g+x,o+r file1 [payam@earth Working]$ ls -l | grep file1 -rw-r-xr--. 1 payam payam 0 Dec 15 08:54 file1 ``` > using a as ugo with = operator to set exact mode easier ``` [payam@earth Working]$ ls -l | grep file1 -rw-r-xr--. 1 payam payam 0 Dec 15 08:54 file1 [payam@earth Working]$ chmod a=rw file1 [payam@earth Working]$ ls -l | grep file1 -rw-rw-rw-. 1 payam payam 0 Dec 15 08:54 file1 ``` **2- using ocatl codes :** So far we have used symbols (ugoa and rxw) to specify permissions. we can also set permissions using octal numbers instead of symbols.

For using octal codes with chmod we have to create an octal string, and that's is nothing more than a simple sum of numbers: | Symbolic | note | Octal | | -------- | ----- | ----- | | rwx | 4+2+1 | 7 | | rw- | 4+2 | 6 | | r-x | 4+1 | 5 | | r-- | 4 | 4 | | -wx | 2+1 | 3 | | -w- | 2 | 2 | | --x | 1 | 1 | | --- | 0 | 0 | ``` [payam@earth Working]$ ls -l | grep file1 -rw-rw-rw-. 1 payam payam 0 Dec 15 08:54 file1 [payam@earth Working]$ chmod 700 file1 [payam@earth Working]$ ls -l | grep file1 -rwx------. 1 payam payam 0 Dec 15 08:54 file1 [payam@earth Working]$ chmod 655 file1 [payam@earth Working]$ ls -l | grep file1 -rw-r-xr-x. 1 payam payam 0 Dec 15 08:54 file1 ``` To change permissions recursively on directories and files use `-R` option: ``` [payam@earth Working]$ chmor -R o+r dir1 ``` ### chown The chown command in Linux is used to change the ownership of files or directories to a specific user and/or group. * Changes the file owner and group simultaneously or individually. * Only the root user or file owner (with permissions) can change ownership. * Use chown user file to change only the owner. * Use chown :group file to change only the group. * Use chown -R user:group directory/ for recursive ownership changes.chmod +rwx filename – Adds read, write, and execute permissions. Basic Example of `chown` Command: ``` chown user1 sample.txt ``` Syntax: ``` chown [options] new_owner[:new_group] file(s) ``` Here's a breakdown of the components: * **`` `chown` ``**: The base command. * **`` `options` ``**: Optional flags that modify the behavior of the \``` chown` `` command. * **`` `new_owner[:new_group]` ``**: The new owner and optionally the new group. If \``` new_group` `` is omitted, only the owner is changed. * **`` `file(s)` ``**: The file or files for which ownership is to be changed. **Chown command examples:**

Command	Description
`chown owner_name file_name`	Change the owner of a file
`chown :group1 file1.txt`	change the group ownership of a file
`chown master:group1 file1.txt`	Change Owner and Group of the File
`chown :group1 file1.txt`	Change group ownership
`chown master:group1 greek1`	Change Owner as well as Group
`chown --from=master root greek1`	Change Owner from a Particular Ownership Only: This command ensures that ownership is changed from "master" to "root" only when the current owner is "master." It adds an additional layer of control to ownership modifications.
`chown --from=:group1 root greek1`	Change Group from a Particular Group: This command specifically changes the group of `greek1` from "group1" to "root." It is useful when refining group associations.
`chown --reference=greek1 greek2`	Copy Ownership of One File to Another: This command copies the ownership details from "greek1" to "greek2," ensuring consistency in ownership between the two files.
`chown master:group greek2 greek3`	Change Owner of Multiple Files

**Options available in \`chown\` command in Linux:** **`-c` :** The \`**`` -c` ``** option in the \`**`` chown` ``** command is utilized to report when a file change is made. This option is beneficial when you want to receive notifications about ownership alterations. **`-v`** : The \``` -v` `` option enhances the verbosity of the \``` chown` `` command by showing detailed information for every processed file. This is particularly useful when you want a comprehensive log of ownership changes. **`-f`** : The \``` -f` `` option in the `chown` command serves to suppress most error messages and forcefully or silently change ownership, even when not permitted. This option is handy when you want to override restrictions without being interrupted by error notifications. > the -R option will apply the change recursively that's all. . . . *** source: \ \ --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://borosan.gitbook.io/lpi-linux-essentials/5.3-managing-file-permissions-and-ownership.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.