Managing access permissions with chmod, chgrp, chown, and umask

Changing Owners and Groups

On a Linux system, the system administrator is allowed to assign new owners and new groups to files and directories. To give a file to user petronella, simply use the chown command:

chown petronella <file>

Additionally, you can define a new group in the same command. To do so, add the name of the group after a colon:

chown petronella:audio <file>

The file now belongs to user petronella and group audio (see "Rights of Ownership").

Rights of Ownership

Although I said that chown is only available for the root user, this is not entirely true – a "normal" user may use the tool in some situations. For example, chown petronella:audio file changes the group membership of the file. The user petronella is allowed to use this command if she is a member of the group audio and owns the file.

Across the Board

All three tools – chmod, chgrp, and chown – support the -R option for recursive actions. If you want members of the video group to access a directory and the files it contains, just type:

chgrp -R video <directory>

The -R option can also save you some typing in combination with the chmod command. To remove read, write, and execute permissions from this folder for all users who are not the owner or members of the video group, you can type:

chmod -R o-rwx <directory>

Be careful when you run recursive commands that remove the execute flag. If you mistakenly type a-x instead of o-x, you will lock yourself out: chmod will remove execute permissions from the parent directory and your ability to change to the directory and modify the files (Listing 3). The use of the find command can help you avoid this kind of dilemma (Listing 4).

Listing 3

Oops … locked out!

01 $ ls -l test
02 total 0
03 -rwxr-xr-x 1 petronella petronella 0 Nov  4 12:12 bar
04 -rwxr-xr-x 1 petronella petronella 0 Nov  4 12:12 foo
05 $ chmod -R a-x test
06 chmod: cannot access `test/bar': Permission denied
07 chmod: cannot access `test/foo': Permission denied

Listing 4

Using the find command

01 $ find test -type f -exec chmod a-x \{\} +
02 $ ls -l test
03 total 0
04 -rw-r--r-- 1 petronella petronella 0 Nov  4 12:12 bar
05 -rw-r--r-- 1 petronella petronella 0 Nov  4 12:12 foo

The find command first discovers the files (-type f) in the test directory (and possible subfolders) and then runs chmod against them, ignoring the directory itself.

The chown program also supports the -R parameter. For example, imagine that you just created a new account called pooh, and you've set up a home directory for Pooh and copied configuration files from /etc/skel. The last step is to give Pooh the permissions he needs to set up shop and use his home directory and the subdirectories below it.

The following command hands over the home directory and all the files in it (including hidden configuration files) to the user pooh:

chown -R pooh /home/pooh

The -R option used here tells chown to act recursively. Being able to define a new group and owner for the data at the same time is very useful:

chown -R pooh:pooh /home/pooh

In other words, you just append the group name with a colon to separate it from the account name. (Some distributions have a default group called users, whereas others use the account name as the default group.)

Buy this article as PDF

Express-Checkout as PDF

Pages: 4

Price $2.95
(incl. VAT)

Buy Raspberry Pi Geek

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content