Page 326
to have. The chmod command also has a command-line form as follows:
ugoa +-= rwxXstugo
This book doesn't go into all the details of this notation (you can read the chmod command's manual page for more details), but the next few examples duplicate chmod's actions using the previous examples. You can protect a file from anyone else with
# ls -l file1 -rw-rw-r-- 1 bball bball 0 Nov 23 13:50 file1 # chmod go-rwx file1 # ls -l file1 -rw------ 1 bball bball 0 Nov 23 13:50 file1
As you can see, the file is now readable and writable only by you, because you have specified that your group (g) and others (o) do not (-) have read, write, or execute (rwx) permission. Now, you can protect your directory from prying eyes as follows:
# chmod go-rwx temp
And, to mimic the last example, to enable others to read files in the directory, but not list the directory contents, you can use
# chmod o+x temp
You're now familiar with file and directory permissions, and using the chmod command. The next section shows you how you can change ownership of files or directories using the chown command.
The chown (change ownership) command, found under the /bin directory, is used to change, either permanently or temporarily, the ownership of files or directories. If you recall the previous discussion of the /etc/group file in this hour, you'll remember that your users can be assigned to different groups. Using the chown command, you can assign ownership to different users or groups.
For example, if you've created a text file, you can share it with members of your group or others with the chmod command. By using chown, you can tell Linux specifically what other users or groups can have access to your file. You can use the groups command to find out what groups you belong to, for example:
# groups bball users
This shows that the user, bball, belongs to two groups: bball and users. As the root operator, you belong to at least seven groups, for example:
Page 327
# groups root bin daemon sys adm disk wheel
To find out who belongs to a group, look at the /etc/group file, or use the name of a user, for example:
# groups cloobie cloobie : cloobie users
This shows that you and cloobie belong to at least one group, called users. To assign one of your files to the users group, and give cloobie access, you can use the chown command's syntax of user:group, for example:
# chown :users myfile # ls -l myfile -rw-rw-r-- 1 bball users 0 Nov 23 14:16 myfile
You might think that to assign specific ownership, you can use the following:
# chown cloobie:users myfile chown: myfile: Operation not permitted
What happened? This shows why Linux has groups. You can assign access of one of your files to a group, but unless you're the root operator, you cannot assign one of your files to appear to have been either created by or owned by another user. Make sure you're logged in as the root operator and use
# chown cloobie:cloobie myfile # ls -l myfile -rw-rw-r-- 1 cloobie cloobie 0 Nov 23 14:16 myfile
As you can see, even though the file myfile was created by the user bball, as the sysadmin, you can assign ownership to any users and any group. If you just want to change the group ownership of a file or directory, you can use the chgrp command; if you want to change your users or your own group, you can use the newgrp command.
The chgrp (change group) command, found under the /bin directory, is used only to change group ownerships. In this regard, it is not as flexible as the chown command, which can do both. The chgrp command accepts a group name or group id (GID), for example:
# ls -l myfile -rw-rw-r-- 1 bball bball 0 Nov 23 14:16 myfile
This shows that the file belongs to user bball and group bball. To change the group ownership and grant access to other members of the group, use
Page 328
# groups bball bball : bball users # chgrp users myfile # ls -l myfile -rw-rw-r-- 1 bball users 0 Nov 23 14:16 myfile
Now, other members of the users group can access the file. Along with the chgrp command, you'll find the newgrp command, which is found under the /usr/bin directory. Although the chgrp command will change group ownership of one of your files or directories to a group you belong to, (or if you're the root operator, any group), you can use the newgrp to shift your current group membership, for example:
# groups bball users # touch file1 # ls -l file1 -rw-rw-r-- 1 bball bball 0 Nov 23 14:53 file1 # newgrp users # groups users bball # touch file2 # ls -l file2 -rw-rw-r-- 1 bball users 0 Nov 23 14:54 file2 # newgrp bball
This shows that the user bball originally belonged to the default group bball. This was verified by creating a file showing the current user and group ownership. Next, the user bball changed to the users group, created a file, and verified that the created file has the new group's access. Finally, the user bball changed back to the original group, bball.
As you can see, Linux offers you a great deal of flexibility in assigning file ownerships and permissions. By using different combinations of directory and file ownership and permissions, you can organize your system along lines of types of work, types of users, or types of files.