File Permissions and the chmod/chgrp/chown commands

The chmod/chgrp/chown commands are used to change the permissions/ownership of files and/or directories. Linux is often used as a multi-user system and it is not desirable that all users have access to all files and directories.

For eg. : On a multi-user environment in a corporate office using a central server running linux , it might be required the accounts documents be shared between employees of the acccounts department . At the same time, it might be undesirable and indeed dangerous if anyone having access to the server is able to read/edit them. It is for such situations that Linux has a 3X3 permission system.

There are 3 levels of security for a file :

• Read Permission : Permission to read a file (r)

• Write Permission : Permission to edit a file (w)

• Execute Permission : Permission to execute a file if it is executable(x)

and 3 different levels for a directory :

• Enter Permission : Permission to Enter into the Directory

• Show Entry : Permission to see the contents of the Directory

• Write Entry : Permission to make a new file or subdirectory in

the Directory

For granting the above permissions, users are divided into 3 different sets

• User : The owner of the file/directory - mostly the person who created the file/directory

• Group : Linux users can be divided in groups and one user can be a member of more than one group. A Group denotes all users who are members of group(s) to which the owner of a file/directory belongs

• Others : All users not in the group(s) of the owner.

For eg :

A user level r/w/x permission means only the owner can read,write and execute the file
A group level r/w/x permission means only the members of group(s) to which the owner belongs can read, write and execute the file
An other level r/w/x permission means Everyone can read/write/execute the file.

The chmod Command

The chmod command is used to change the permissions of files/directories in linux. It’s syntax is as follows :

chmod -R/c/f/v [u / g / o / a] [+ / - / =] [rwxXstugo..]

For eg.: if u want to give all users in the group of the owner just read permission to a file called foo.txt, the command is

chmod g+r /home/aarjav/foo.txt

here g stands for group

• + stands for giving permission
• (as against - for taking permission away)
• r stands for read permission.

so g+r means ?give group read permission?. All users for the owners group now have read permission to foo.txt

Now if they misbehave and u want to take their read permission away.

The command is the same as above, just substituting the + sign with a minus sign

chmod g-r /home/aarjav/foo.txt

As shown the general format of the command is

chmod -R/c/f/v [u / g / o / a] [+ / - / =] [rwxXstugo]

here

• u : user

• g: group

• o : others

• a : all

plus:      give permission
minus:   take permission away
equal:    cause the permissions given to be the only permissions of the file

• r : read permission

• w: write permission

• x : execute permission

• X: execute only if it is a directory or already has execute permission for some user

• s : set user or group ID on execution

• t : save program text on swap device

• u : the permissions that the user who owns the file has for it

• g : the permissions that the owner?s group has for a file

• o : the permissions that users not in the owner?s group have for it (X, s, t, u, g and o are not required for common tasks)

the initial options -R/c/f/v are explained as follows :

• -c : Displays names of only those files whose permissions are being changed ( –changes can also be used instead of -c )

• -f : Suppresses display of error messages when a file?s permissions cannot be changed ( –silent of –quiet can also be used instead of -f )

• -R: Recursively changes the permission of all files in all subdirectories of the directory whose permissions are being changed ( –recursive can also be used )

• -v : Displays results of all permission changes ( –verbose can also be used )

The chown command

The chown command is used to change the user and/or group which owns one or more files or directories. Its general format is :

chown [-Rcfv] [username][:.][groupname] foo.txt

The flags used above are same as those used in the chmod command . The following are the different ways in which this command can be used :

• The username followed by a dot or colon followed by a groupname changes both the user and group ownerships to those specified.

• The username followed by a dot or colon and no groupname changes the user ownership as specified and changes the group ownership to the specified user’s login group.

• If the colon or dot and groupname are specified without a username, then only the groupownership is changed. This is effectively the same as The chgrp command. If the username is not followed by a dot or a colon, then only the user ownership is changed.

The chgrp command

The chgrp command is used to change the group ownership of one or more files or directories. Its general syntax is :

chgrp [-Rcfv] groupname foo.txt

The flags used here are also the same as those in the chmod command. The changes in ownership are applied to the groupname and the filename specified.

http://www.freeos.com/articles/4440?page=3