Module – 7.2 Linux User & Group Administration (chmod & chown)

In Part01, we learned about how to create users/groups & in Part02, we learn about Changing Ownership & Permission of any given file & directory:

chmod : (change mode)

File, directory and device permissions can be set to allow or deny access to members of their own group or all others. Modification of file, directory and device access is achieved with the chmod command.

The permissions can be assigned in octal notation or in the more easily recognized character format where the command form is:

chmod [ugoa][+-=][rwxXst] fileORdirectoryName

u User access
g Group access
o Other system user’s access
a Equivilent to “ugo”
+ Add access
Remove access
= Access explicitly assigned
r Permission to read a file
Permission to read a directory (also requires “x”)
w Permission to delete or modify a file
Permission to delete or modify files in a directory
x Permission to execute a file/script
Permission to read a directory (also requires “r”)
s Set user or group ID on execution.
u Permissions granted to the user who owns the file
t Set “sticky bit. Execute file/script as user root for regular user

Examples:

  • Grant read access (r) to a file to all members of your group (g):
    chmod g+r file-name
  • Grant read access to a directory to all members your group:
    chmod g+rx directory-name
    Note that “execute” permission is required in order to read a directory.
  • Grant read permissions to everyone on the system to a file which you own so that everyone may read it: (u)ser, (g)roup and (o)ther.
    chmod ugo+r file-name
  • Grant read permissions on a directory to everyone on the system:
    chmod ugo+rx directory-name
  • Grant modify or delete permissions to a file which you own for everyone in the group:
    chmod ugo+rw file-name
    Note: In order for modify and delete permissions to be useful, one must be able to modify the directory in which the file is located: chmod ugo+rwx ./
  • Deny read access to a file by everyone except yourself:
    chmod go-r file-name
  • Allow everyone in your group to be able to modify the file:
    chmod 660 file-name

See chmod man page for more info.

View file, directory and device permissions:

Permissions may be viewed by issuing the command: ls -l file-name

  • File can be written by youself and members of the group. Others may only view it.
    -rw-rw-r-- user group file-size date file-name
  • Directory is completely open for read/write:
    drwxrwxrwx user group file-size date directory-name
  • File can only be accessed by owner (user):
    -rwx------ user group file-size date file-name

Where the first block of “rwx” represents the permissions for the user (u), the second is for the group (g) and the third is for others (o). The “-” represents no access for that access placeholder for user, group or other.

Octal codes:

Permissions may be granted using human readable assignments “rwx” or octal codes.

Description Abreviation Octal code
Read access r 4
Write (change) permission w 2
Execute script of binary executable x 1
Read and Execute rx 5
Read and Write rw 6
Read, Write and Execute rwx 7

Use of octal assignment does not add or remove permission, but assigns the permission explicitly.
Examples:

  • Assign yourself full access to read and modify the file, allow members of the group to read it and do not allow any others access:
    chmod 640 filename
  • Assign execute status to a script with the same access as the previous example. (Without it, a script is like any other text file)
    chmod 740 filename

The below command will change the permission of all the files and directories under directory “/home/mike”

chmod -R 640 /home/mike/

-R : change files and directories recursively
Changing group ownership of files, directories, devices: chown / chgrp

chown:

This command is used by root (system superuser) only. As root, the group ownership of a file, directory or device can be changed with the “chmod” command:

  • Change the ownership of the file to the group “accounting”:
    chown :accounting filename
  • Command format:    chown user:group filename

Examples:

chwon mike:dba oracle.txt

chown -R mike:dba /home/oralce

-R : change files and directories recursively

chgrp:

This command is used by any system user who is a member of multiple groups. If the user creates a file, the default group association is the group id of user. If he wishes to change it to another group of which he is a member issue the command: chgrp new-group-id file-name

If the user is not a member of the group then a password is required.

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>