File permissions determine who has access to what, as well as how much access they have to it.
Such details are very important on a multi-user operating system such as Linux, for the sake of both security and management.
The possibilities are endless — and exciting to contemplate. Permissions can be widened so that files are able to be viewed and even edited by all users on a system (Warning: security nightmare!), or tightened so that not even the owner of a file can view it.
Making changes to ownership and permissions is very simple once you understand how they work. On that note, let’s start with some of the basics.
Interpreting File Details
Have you ever typed ls -l
(or the shortcut, ll
) into your command line?
The action will return results similar to this example:
[gwen@localhost ~]$ ll
drwxrwxr-x. 2 gwen gwen 4096 Oct 21 20:20 TestDirectory
-rw-rw-r--. 1 gwen gwen 15 Oct 21 20:14 TestFile.txt
That gibberish right there is a very simple summary of each file and directory, including details of their ownership and permissions.
Let’s decode these details so that they’re no longer gibberish.
1. The first character indicates the type of file.
– Indicates a Normal File
d Indicates a Directory
l Indicates a Link File
s Indicates a Socket File
2. The next nine characters describe the file’s permission(s).
3. The next field shows a number listing how many links point toward the file or directory in question.
4. The third field displays the owner of the file or directory.
5. The fourth field displays the group that the file or directory is a part of.
6. The fifth field displays the size of the file — in bytes.
7. The sixth field displays the date and time that the file was last modified.
8. The final field displays the name of the file.
Understanding File Ownership
When you create a file or directory, you are by default the owner of that file or directory.
As an owner, you have full control over permissions, and can determine who gets to view/edit/execute your file, and who does not.
(Don’t forget that as the superuser, root has unrestricted access to the entire system… and all of the files and directories on the system… and maybe even knows what you had for dinner last night. Which is a little too easy, really. Even I know what you had for dinner last night.)
Even as the owner of a file, you cannot change what group the file belongs to, or assign file ownership to another user. Only root can do that.
Understanding Groups
Groups are a very resourceful part of the Linux file system, and a good way to share data between multiple users.
To learn how groups work, don’t think about computers; think about people. Why do people group together? Usually you can boil the reasons down to a single factor: common interest(s). That interest may be as specific as a hobby (crafts, sports, etc.), or as abstract as the basic necessities of life (like grocery shopping). If you are now thinking along the lines of joining your local golf club, or swinging by the grocery store along with everyone else on the way home from work, then you should see my point.
Back to computers… Groups are a way to share files and directories with multiple users on each system. Usually groups are created based on projects to be done and/or resources that are available. Each user can join the groups that are relevant, necessary, and/or of interest to them.
Your user name is also a group. When you create a file or directory, you are by default the group that the file or directory is placed in.
A user can be in multiple groups at a time, but without the help of access control lists (ACLs), files and directories can only belong to one group at a time.
Only the root user can change which group a file or directory belongs to.
Using chown to Change File Ownership
Note: This function can only be performed as the root super user.
The chown
command is used to change the owner (and optionally the group) that a file or directory belongs to.
The syntax is a simple matter of typing in the command, followed by the name or ID number of the new owner, and the file/directory name to change. Example: chown ruth TestFile.txt
Use a full colon to change both the owner and the group of a file. For example, chown ruth:ruth TestFile.txt
will change both the owner and the group to ruth, and chown :ruth TestFile.txt
will change only the group to ruth.
By using the * wild card, the ownership (and/or group) of all files in a directory can be changed at the same time. Example: chown ruth /home/gwen/for_ruth/*
Using chgrp to Change a File’s Group
Note: This function can only be performed as the root super user.
The chgrp
command is used to change the group that a file or directory belongs to.
The syntax is a simple matter of typing in the command, followed by the name or ID number of the new group, and the file/directory name to change. Example: chgrp ruth TestFile.txt
Summary
Now that you understand how file ownership and groups work, and how to interpret some file details, the next step is to learn how to change them.
(By the way, I might not be root on your system, but that comment I made earlier about knowing what you had for dinner last night… you had food. See? I’m right every time.)