Every file on a Linux system has an owner and is associated with a group. Yesterday I talked about setting file permissions on your Linux system, I will now discuss the basics of owner and group permissions. These modifications can be done using the chown command while running as the root user.
To view a file’s current owner and group you can use the ls -l command.
$ ls -l taps.sh
-rwxr-xr-x 1 erik users 1014 2010-10-28 13:30 taps.sh
In the above example, ‘erik’ is the owner and ‘users’ is the group that the file is currently within. This means that any other user that is part of the group ‘users’ will also have r-x access.
What Does chown Do?
Excerpt from the chown manual page:
chown changes the user and/or group ownership of each given file. If only an owner (a user name or numeric user ID) is given, that user is made the owner of each given file, and the files’ group is not changed. If the owner is followed by a colon and a group name (or numeric group ID), with no spaces between them, the group owner‐ship of the files is changed as well. If a colon but no group name follows the user name, that user is made the owner of the files and the group of the files is changed to that user’s login group. If the colon and group are given, but the owner is omitted, only the group of the files is changed; in this case, chown performs the same function as chgrp. If only a colon is given, or if the entire operand is empty, neither the owner nor the group is changed.
To better understand that here are a few examples:
# chown erik:cdrom taps.sh
# ls -l taps.sh
-rwxr-xr-x 1 erik cdrom 1014 2010-10-28 13:30 taps.sh
# chown erik:erik taps.sh
# ls -l taps.sh
-rwxr-xr-x 1 erik erik 1014 2010-10-28 13:30 taps.sh
As you can see I changed the group to ‘cdrom’ then changed it back to ‘erik’. In doing so, none of my file permissions changed, but I did become part of the cdrom group, which means I may have gained access to other files that were also part of the ‘cdrom’ group.
If I only specify the colon after the user setting, then the file will automatically take use the users login group as the default. For example:
# ls -l taps.sh
-rwxr-xr-x 1 erik erik 1014 2010-10-28 13:30 taps.sh
# chown erik:cdrom taps.sh
# ls -l taps.sh
-rwxr-xr-x 1 erik cdrom 1014 2010-10-28 13:30 taps.sh
# chown erik: taps.sh
# ls -l taps.sh
-rwxr-xr-x 1 erik erik 1014 2010-10-28 13:30 taps.sh
You can also set the file to a group that does not even necessarily exist.
# chown erik:1234 taps.sh
# ls -l taps.sh
-rwxr-xr-x 1 erik 1234 1014 2010-10-28 13:30 taps.sh
# chown erik: taps.sh
# ls -l taps.sh
-rwxr-xr-x 1 erik erik 1014 2010-10-28 13:30 taps.sh
As you can see the 1234 in yellow identifying my group.
Recursive Group Change
To recursively change all files within a directory you may use the -R before setting the user:group option.
# chown -R erik:1234 /home/erik/
This will change all files within my home directory to now become part of the 1234 group. Yay.
The purpose for group association permits certain users the ability to use devices or see certain files on a computer. For instance, I am currently associated with a set of groups:
$ groups
erik adm dialout cdrom plugdev lpadmin admin sambashare
Thus, I have access to certain files or devices because I am now part of that group.