5.3 Managing File Permissions and Ownership

5.3 Managing File Permissions and Ownership

Weight: 2

Description: Understanding and manipulating file permissions and ownership settings.

Key Knowledge Areas:

  • File and directory permissions and ownership

The following is a partial list of the used files, terms and utilities:

  • ls -l, ls -a

  • chmod, chown

File permissions are core to the security model used by Linux systems. They determine who can access files and directories on a system and how.

Viewing Ownership and Permissions

The ls command along with its -l (for long listing) option will show you metadata about your Linux files, including the permissions set on the file.

[payam@earth Working]$ ls -l
total 4
drwxr-xr-x. 2 payam payam  6 Dec 15 08:54 dir1
drwxr-xr-x. 2 payam payam  6 Dec 15 08:54 dir2
-rw-r--r--. 1 payam payam  0 Dec 15 08:54 file1
-rw-r--r--. 1 payam payam  0 Dec 15 08:54 file2
-rwxr-xr-x. 1 payam payam 30 Dec  8 11:58 myscript.sh

The first field of the ls -l output is a group of metadata that includes the permissions on each file. Here are the components:

The first character of a long listing describes the type of object. "-" for a regular file, "d" for a directory, "l" for a symbolic link(we will see them).

Directories ownership and permissions

Directories use the same permissions flags as regular files, but they are interpreted differently.

  • Read permission for a directory allows a user with that permission to list the contents of the directory.

  • Write permission means a user with that permission can create or delete files in the directory.

  • Execute permission allows the user to enter the directory and access any subdirectories.

Without execute permission on a directory, the filesystem objects inside the directory are not accessible.

Without read permission on a directory, the filesystem objects inside the directory are not viewable in a directory listing, but these objects can still be accessed as long as you know the full path to the object on disk.

Linux Hidden files

In Linux, hidden files (also known as "dotfiles") are files and directories whose names start with a period (.). This is merely a naming convention used to keep configuration files and system-related data from cluttering normal directory listings, and does not provide any special security or protection.

ls -a command lists all files, including hidden ones and the special directory entries for the current directory (.) and the parent directory (..).

ls -la combines the "all" option with the "long listing format," which provides detailed information about each file, such as permissions, ownership, size, and modification time.

chmod

The command you use to change the permissions on files is called chmod , which stands for “change mode". There are to ways to tell this command what you want to do:

  • using short codes

  • using ocatl codes

1- using short codes: That is easier way.

Syntax:

reference can be

  • u as user (file's owner)

  • g as group (users who are members of the file's grou)

  • o as others (users who are not the file's owner / members of the file's group)

  • a as all (All three of the above, same as ugo)

Operator can be

  • + Adds the specified modes to the specified classes

  • - Removes the specified modes from the specified classes

  • = The modes specified are to be made the exact modes for the specified classes

obviously modes might be

  • r :Permission to read the file

  • w :Permission to write (or delete) the file.

  • x : Permission to execute the file, or, in the case of a directory, search it.

example:

If we want to set different permissions for user, group, or other, we can separate different expressions by commas —for example, ug=rwx,o=rx

using a as ugo with = operator to set exact mode easier

2- using ocatl codes : So far we have used symbols (ugoa and rxw) to specify permissions. we can also set permissions using octal numbers instead of symbols.

For using octal codes with chmod we have to create an octal string, and that's is nothing more than a simple sum of numbers:

Symbolic
note
Octal

rwx

4+2+1

7

rw-

4+2

6

r-x

4+1

5

r--

4

4

-wx

2+1

3

-w-

2

2

--x

1

1

---

0

0

To change permissions recursively on directories and files use -R option:

chown

The chown command in Linux is used to change the ownership of files or directories to a specific user and/or group.

  • Changes the file owner and group simultaneously or individually.

  • Only the root user or file owner (with permissions) can change ownership.

  • Use chown user file to change only the owner.

  • Use chown :group file to change only the group.

  • Use chown -R user:group directory/ for recursive ownership changes.chmod +rwx filename – Adds read, write, and execute permissions.

Basic Example of chown Command:

Syntax:

Here's a breakdown of the components:

  • `chown`: The base command.

  • `options`: Optional flags that modify the behavior of the `chown` command.

  • `new_owner[:new_group]`: The new owner and optionally the new group. If `new_group` is omitted, only the owner is changed.

  • `file(s)`: The file or files for which ownership is to be changed.

Chown command examples:

Command
Description

Change the owner of a file

change the group ownership of a file

Change Owner and Group of the File

Change group ownership

Change Owner as well as Group

Change Owner from a Particular Ownership Only: This command ensures that ownership is changed from "master" to "root" only when the current owner is "master." It adds an additional layer of control to ownership modifications.

Change Group from a Particular Group: This command specifically changes the group of greek1 from "group1" to "root." It is useful when refining group associations.

Copy Ownership of One File to Another: This command copies the ownership details from "greek1" to "greek2," ensuring consistency in ownership between the two files.

Change Owner of Multiple Files

Options available in `chown` command in Linux:

-c : The `-c` option in the `chown` command is utilized to report when a file change is made. This option is beneficial when you want to receive notifications about ownership alterations.

-v : The `-v` option enhances the verbosity of the `chown` command by showing detailed information for every processed file. This is particularly useful when you want a comprehensive log of ownership changes.

-f : The `-f` option in the chown command serves to suppress most error messages and forcefully or silently change ownership, even when not permitted. This option is handy when you want to override restrictions without being interrupted by error notifications.

the -R option will apply the change recursively

that's all.

.

.

.

source:

https://devopscube.com/linux-file-permissions-tutorial-for-beginners/ https://borosan.gitbook.io/lpic1-exam-guide/1045-manage-file-permissions-and-ownership#file-ownership-and-permissions https://www.geeksforgeeks.org/linux-unix/chown-command-in-linux-with-examples/

Previous5.2 Creating Users and GroupsNext5.4 Special Directories and Files

Last updated