File Ownership
Every file is owned by a specific user (or UID) and a specific group (or GID). The chown command can be used to change just the user or the user and group of a file. Here is an example of changing the owner of file “file1” to “user” and its “user” to users. Note that the use of the ls -l command is just to show the change, and is not a necessary step in changing the file’s ownership:
# ls -l total 8 -rw-r--r--. 1 root root 30 Feb 16 04:47 file1 -rw-r--r--. 1 root root 130 Feb 16 04:47 file2
# chown user:user file1
# ls -l total 8 -rw-r--r--. 1 user user 30 Feb 16 04:47 file1 -rw-r--r--. 1 root root 130 Feb 16 04:47 file2
The basic format for the chown command is as follows:
# chown user.group filename
A colon (:) can be used in place of the period (.) separator character.
# chown user:group filename
Also, either the user or group name can be omitted. If the username is omitted (but the separator character is present), then the chown command behaves like the chgrp command, and only the group ownership is changed. If the group name is omitted (but the separator character is present, then the group will be set to the login group of the specified user. If both the group name and the separator character are omitted, then only the username is changed.
For example, to change only the owner you could run the following:
# chown user filename
An alternate command to change only the group of a file is the chgrp command. For example:
# chgrp group filename
The chgrp command is commonly used by normal users to change the group ownership of their files. The chown command is normally used only by the root user.
Default Group Ownership
Each user can be a member of many groups (listed in the /etc/group file under several groups). Only one group will be a user’s primary group (listed in the user’s entry in /etc/password). When a user creates a file, by default the file will be owned by the user’s primary group. If they want the file to be owned by one of their other groups, they must use the chgrp command to modify the group membership.
A more convenient way to accomplish this is to temporarily log-in to another group, making that group your substitute primary group. This way, any new files that you create will automatically be owned by the desired group, and you will not need to change the group membership manually. Examine the example below and note the use of the newgrp command.
$ id uid=1001(user) gid=1001(user) groups=1001(user),10(wheel)
$ touch file1 $ ls -l file1 -rw-rw-r--. 1 user user 0 Feb 16 14:17 file1
$ newgrp wheel $ touch file2 $ ls -l file2 -rw-r--r--. 1 user wheel 0 Feb 16 14:22 file2
File and Directory Permissions
Below is sample output from ls -l; you can see from the first character of each line that foo and bar are directories (indicated by the d) and that meta is a regular file (indicated by the -).
$ ls -l drwxr-xr-x 2 user user 6 Jan 7 2015 Desktop -rw-rw-r-- 1 user user 0 Feb 16 14:17 file1 -rw-r--r-- 1 user wheel 0 Feb 16 14:22 file2
The next nine characters show the file’s permissions for user, group, and others (or everyone else) as shown below, with parentheses added for clarity:
-(rw-) (r--) (r--) 1 user wheel 0 Feb 16 14:22 file2
Now the owner has read and write permissions (rw-), the group and everyone else has only read permissions (r–). This is called symbolic representation because letters such as r, w, and x, are used to indicate permissions. Permissions can also be represented numerically: r = 4; w = 2; x = 1
Add each section so that the permissions of the file meta (from the example above) would be 664. Here is another way to look at how we come to that number:
-(rw-) (rw-) (r--) -(42-) (42-) (4--) 6 6 4
Adding the numbers in each section results in permissions of 664.
Changing File Permissions
The chmod command is used to alter the permissions of a file. It may be used to add or remove permissions symbolically. For example, to add execute permissions for the owner of a file you would run:
$ chmod u+x file_name
Or, to add read and write permissions for the group that owns the file, you would run:
$ chmod g+rw file_name
Instead of adding permissions, the symbolic syntax of chmod can also be used to subtract or set to some absolute value as shown in these examples:
$ chmod o-w file_name
$ chmod u=rwx,g=rx,o= file_name
The chmod command can also explicitly set permissions using a numerical representation. For example, to set permissions on a file to rwxrwxr–, you would run:
$ chmod 774 file_name