6.4. File Ownership and Permissions
Changing File Ownership and Permissions
For security reasons, most Unix flavors only allow the super user can
change ownership of a file. The owner of a file can change the group
ownership of the file, but only if they belong to the group they are
changing ownership to. The superuser is allowed to change the ownership and/or permissions
bits of any file.
Ownership or group membership can be changed using the chown or
chgrp command. The format is
chown (new owner) (file or directory name)
chgrp (new group) (file or directory name)
A file's owner can change any or all of the permissions with the
chmod (change mode) command. The chmod
command allows you to dictate the type of access permission that you
want each file to have. In the previous example the current
permissions for myfile are read for everybody, write for the
owner, and execute by no one.
The arguments supplied to chmod are a symbolic specification of
the changes required, followed by one or more filenames. The specification
consists of whose permissions are to be changed: u for user
(owner), g for group, o for others, or some combination
thereof (a (all) has the same effect as ugo), how
they are to be changed (+ adds a permission, - removes a permission, and
= sets the specified permissions, removing the other ones) and which
permission to add or remove (r for read, w for write, and
x for execute). For example, to remove all the permissions from
myfile:
chmod a-rwx myfile
ls -l myfile
---------- 1 owner team Jul 15 14:41 myfile
To allow read and write permissions for all users:
chmod ugo+rw myfile
ls -l myfile
-rw-rw-rw- 1 owner team Jul 15 14:42 myfile
To remove write permission for your groups and other users:
chmod go-w myfile
ls -l myfile
-rw-r--r-- 1 owner team Jul 15 14:42 myfile
Finally, to allow only read permission to all users:
chmod a=r myfile
ls -l myfile
-r--r--r-- 1 owner team Jul 15 14:43 myfile
Now the file is protected by allowing only read access; it cannot be written
to or executed by anyone, including you. Protecting a file against
writing by its owner is a safeguard against accidental overwriting, although
not against accidental deletion.
Symbolic to Octal Conversion
chmod will also accept a permission setting expressed as a 3-digit
octal number. To determine this octal number, you first write a 1 if the
permission is to be set and a 0 otherwise. This produces a binary number
which can be converted into octal by grouping the digits in threes and
replacing each group by the corresponding octal digit according to the
table below.
TABLE 2. Symbolic to Octal Conversions
| SYMBOL | BINARY | OCTAL
|
| --- | 000 | 0
|
| --x | 001 | 1
|
| -w- | 010 | 2
|
| -wx | 011 | 3
|
| r-- | 100 | 4
|
| r-x | 101 | 5
|
| rw- | 110 | 6
|
| rwx | 111 | 7
|
Thus, if the setting you want is rw-r--r--, determine the octal number
with the following method:
This shows that the octal equivalent of rw-r--r-- is 644. The following
example illustrates that the permissions for myfile have been reset
to the values with which we began.
chmod 644 myfile
ls -l myfile
-rw-r--r-- 1 owner 588 Jul 15 14:44 myfile
To change the permissions back to read only, you can execute chmod
as follows:
chmod 444 myfile
ls -l myfile
-r--r--r-- 1 owner 588 Jul 15 14:45 myfile
Directories
As with files, directories may also have permissions assigned. When
listing directories, you may use the -d option to keep from descending
into the directories you list. Otherwise, the contents of the directories
will be displayed as well as their names. Below is an example of
permissions assigned to a directory:
ls -lgd home
drwxrwxr-x 1 owner masc223 588 Jul 15 9:45
home
The directory home and the files and directories under it may be
read and executed by anyone, but written to only by the owner and users
in the masc223 group. Assuming you are the owner of this directory, you
may decide to change the permission to allow only yourself and the
masc223 group to read and execute files in the home directory.
You would set the permissions accordingly:
chmod o-rx home
ls -lgd home
drwxrwx--- 1 owner masc223 588Jul 15 9:46
home
You may decide that only you should be able to alter the contents of
the directory. You must remove the write permission for the group.
chmod 750 home
ls -lgd home
drwxr-x--- 1 owner masc223 588 Jul 15 9:48
home