1) chown : change file owner and group
To check the ownership of a file or directory use ls -l
Usage: chown [-Rcfv] newowner filenames/directory. Take note only root can change the ownership.
Example:
chown linda file.txt
This will cause file.txt to now be owned by linda.
chown -R abu:sales /home/account/
This is going to make all files inside /home/account/ and its subdirectories to belong to abu and to be associated with the group sales. -R means include all subdirectories
.
2) chgrp : change group ownership
Usage : chgrp [-Rcfv] groupname foo.txt
Example:
chgrp marketing file.txt – to change the group specified to a certain document
chgrp oracle /usr/database – to change the group specified to a certain directory
chgrp -R marketing /sales/2008 – to change the group specified to a certain directory recursively
.
3) chmod : to change the permissions of a file or directory. Use ls -l to see the permission settings.
Below is how the permission is assigned.
rwx rwx rwx = 111 111 111
rw- rw- rw- = 110 110 110
rwx --- --- = 111 000 000
and so on...
rwx = 111 in binary = 7
rw- = 110 in binary = 6
r-x = 101 in binary = 5
r-- = 100 in binary = 4
For example, if we wanted to set some_file to have read and write permission for the owner, but wanted to keep the file private from others, we would:
chmod 600 some_file
Here is a table of numbers that covers all the common settings. The ones beginning with “7” are used with programs (since they enable execution) and the rest are for other kinds of files.
Value |
Meaning |
777 |
(rwxrwxrwx) No restrictions on permissions. Anybody may do anything. Generally not a desirable setting. |
755 |
(rwxr-xr-x) The file’s owner may read, write, and execute the file. All others may read and execute the file. This setting is common for programs that are used by all users. |
700 |
(rwx——) The file’s owner may read, write, and execute the file. Nobody else has any rights. This setting is useful for programs that only the owner may use and must be kept private from others. |
666 |
(rw-rw-rw-) All users may read and write the file. |
644 |
(rw-r–r–) The owner may read and write a file, while all others may only read the file. A common setting for data files that everybody may read, but only the owner may change. |
600 |
(rw——-) The owner may read and write a file. All others have no rights. A common setting for data files that the owner wants to keep private. |
Here are some useful settings for directories:
Value |
Meaning |
777 |
(rwxrwxrwx) No restrictions on permissions. Anybody may list files, create new files in the directory and delete files in the directory. Generally not a good setting. |
755 |
(rwxr-xr-x) The directory owner has full access. All others may list the directory, but cannot create files nor delete them. This setting is common for directories that you wish to share with other users. |
700 |
(rwx——) The directory owner has full access. Nobody else has any rights. This setting is useful for directories that only the owner may use and must be kept private from others. |
taken from http://www.linuxcommand.org/lts0070.php
chmod Shortcuts
Who
The “who” is a list of letters that specifies whom you’re going to be giving permissions to. These may be specified in any order.
u |
The user who owns the file (this means “you.”) |
g |
The group the file belongs to. |
o |
The other users |
a |
all of the above (an abbreviation for ugo ) |
.
Permissions
Of course, the permissions are the same letters that you see in the directory listing:
r |
Permission to read the file. |
w |
Permission to write (or delete) the file. |
x |
Permission to execute the file, or, in the case of a directory, search it. |
Let’s say we have these files:
-rwxrwxrwx joe acctg wordmatic
-r--r--r-- joe acctg calcmatic
We’d like to remove write permission for the group and others on wordmatic
, and add write and execute permission for all users on calcmatic
.
Rather than try to figure out what the new permissions are and do these commands:
chmod go=rx wordmatic
chmod a=rwx calcmatic
The chmod
command literally lets us add and subtract permissions from an existing set by using +
or -
instead of =
.
Thus, we can take away the first file’s write permission for the group and others with this command:
chmod go-w wordmatic
…and we can add write and execute permission to the second file for all users with:
chmod a+wx calcmatic
Copying Permissions
As one other shortcut, it’s possible to tell chmod
“give users of one class the same permissions that some other class has.”
Let’s say we have these files:
d------rwx joe acctg sales
-rw-r--r-- joe acctg info.dat
The other users have full permissions on the sales
directory. We’d like to say “ the user and group should be assigned (=) the permissions belonging to others.” That translates to:
chmod ug=o
Similarly, to make info.dat
readable and writable to the group, we can say:
chmod g=u info.dat
(you can read this as “the group is assigned (=) the permissions currently held by the user.”)
You may also use + and – to add and subtract the permissions that currently belong to a different class of user.
You can’t mix the standard permissions (r
, w
, and x
) with the coyping shortcuts. chmod
will protest if you give it something like this:
chmod g=wu info.dat
Taken from http://catcode.com/teachmod/chmod_cmd.html
.
4) umask = set file creation mask
The ‘UMASK‘ is the default permission setting that is applied to your files and directories when they are created. After files and directories are created, the chmod command can be used to change the permissions to allow or disallow access as before. The UMASK is set when you login to a UNIX machine.
It is, however, possible to change your UMASK and put the UMASK in your login files so that your default permissions are always set for files when you create them.
Just like chmod, a umask works on a number. However, instead of the numbers being ADDED like chmod, with a umask the numbers are SUBTRACTED from 7.
So from chmod –
Read – 4
Write – 2
Execute – 1
If a user wants all directories to be created with rwxr-xr-x, that is
Owner == Read, Write, Execute == 7 – 4 – 2 – 1 == 0
Group == Read, Execute == 7 – 4 – 1 == 2
Others == Read, Execute == 7 – 4 – 1 == 2
Then the umask would be 022
There is one important difference with the UMASK and files and directories – the execute part will be set on directories, but they have to be manually changed on files after the file has been created. The read and write parts remain the same.
You can change your default UMASK using the command ‘umask’. For example, the command:
umask 022
Will change your umask to the permissions stated above.
To make your new umask be the default for your next login, you will have to edit your .login file and place the umask command down the bottom of that file. The next time you login to your UNIX system, your default umask will be set to that which you have specified in your .login file.
For redhat, to change permanently modify .bashrc and include umask nnn in one of the lines.