Table of Contents Link to heading
File Ownership Link to heading
By default, users own the files that they create, and this ownership can only be changed with administrative privileges.
Although most commands usually show the user owner as a name, the OS is associating the user ownership with the UID for that username.
Every file also has a group owner. By default, the primary group of the user who creates the file is the group owner of any new files. Users are allowed to change the group owner of files they own to any group that they belong to. Similar to user ownership, the association of a file with a group is not done internally by the operating system by name, but by the GID of the group.
Undefined Ownership Link to heading
Since ownership is determined by the UID and GID associated with a file, changing the UID of a user (or deleting the user) has the effect of making a file that was originally owned by that user have no real user owner.
When there is no UID in the /etc/passwd file that matches the UID of the owner of the file, then the UID (the number) is displayed as the user owner of the file instead of the username (which no longer exists). The same occurs for groups.
id Command
Link to heading
useful for verifying which user account you are using and which groups you have available to use. By viewing the output of this command, you can see the user’s identity information expressed both as a number and as a name.
Read more at ๐
Changing Ownership Link to heading
newgrp Command
Link to heading
used to change the current primary group in order to create a file under a different group.
The newgrp command opens a new shell; as long as the user stays in that shell,
the primary group will not change. To switch the primary group back to the
original, the user can leave the new shell by running the exit command.
Change user’s primary group membership:
newgrp group_nameReset primary group membership to user’s default group in /etc/passwd:
newgrp
Administrative privileges are required to change the primary group of the user permanently. The root user would execute the following command:
usermod --gid groupname username
chgrp Command
Link to heading
The root user can use chgrp command to change group owner of any file. A regular user can change group owner of the file to a group they are a member of.
Change the owner group of a file/directory:
chgrp group path/to/file_or_directory[R]ecursively change the owner group of a directory and its contents:
chgrp -R group path/to/directoryChange the owner group of a symbolic link:
chgrp -h group path/to/symlinkchgrp --no-dereference group path/to/symlinkChange the owner group of a file/directory to match a reference file:
chgrp --reference=path/to/reference_file path/to/file_or_directory
chown Command
Link to heading
allows the root user to change the user ownership of files and directories.
A regular user cannot use this command to change the user owner of a file, even to give the ownership of one of their own files to another user.
However, this command also permits changing group ownership, which can be accomplished by either root or the owner of the file.
Change the owner user of a file/directory:
chown user path/to/file_or_directoryChange the group ownership of the file
chown :group path/to/file_or_directorychown .group path/to/file_or_directoryChange the owner user and group of a file/directory:
chown user:group path/to/file_or_directorychown user.group path/to/file_or_directory[R]ecursively change the owner of a directory and its contents:
chown -R user path/to/directoryChange the owner of a symbolic link:
chown -h user path/to/symlinkChange the owner of a file/directory to match a [reference] file:
chown --reference=path/to/reference_file path/to/file_or_directory
Permissions Link to heading
Read more at ๐
*rw-r--r-- 1 kali kali 45665 Nov 24 22:11 vimrc
The first character of indicates the type of file.
The next nine characters demonstrate the permissions of the file. These determine the level of access a user will have on the file.
- Characters 2-4 indicate the permissions for the user that owns the file.
- Characters 5-7 indicate permissions for the group that owns the file.
- Characters 8-10 indicate the permissions for others or what is sometimes referred to as the world’s permissions.
Permission Types Link to heading
Each group is attributed three types of permissions: read, write, and execute.
Read Link to heading
The first character of each group represents the read permission. There is an r character if the group has the read permission, or a - character if the group does not.
On a file, this allows processes to read the contents of the file, meaning the contents can be viewed and copied.
On a directory, file names in the directory can be listed, but other details are not available.
Write Link to heading
The second character of each group represents the write permission. There is a w character if the group has the write permission, or a - character if the group does not.
A file can be written to by the process, so changes to a file can be saved. Note that w permission really requires r permission on the file to work correctly.
On a directory, files can be added to or removed from the directory. Note that w permission requires x permission on the directory to work correctly.
Execute Link to heading
The third character of each group represents the execute permission. There is an x character if the group has the execute permission, or a - character if the group does not.
A file can be executed or run as a process.
On a directory, the user can use the cd command to get into the directory and use the directory in a pathname to access files and, potentially, subdirectories under this directory.
chmod Command
Link to heading
used to change permission. There are two techniques that can be used with this command: symbolic and numeric.
Symbolic: Link to heading
| Character | Permission Group |
|---|---|
| u | user owner |
| g | group owner |
| o | others |
| a | all |
| Indicator | Meaning |
|---|
| add
| remove
= | equate to
| Character | Permission Given |
|---|---|
| r | read |
| w | write |
| x | execute |
Give the [u]ser who owns a file the right to e[x]ecute it:
chmod u+x path/to/fileGive the [u]ser rights to [r]ead and [w]rite to a file/directory:
chmod u+rw path/to/file_or_directoryRemove e[x]ecutable rights from the [g]roup:
chmod g-x path/to/fileGive [a]ll users rights to [r]ead and e[x]ecute:
chmod a+rx path/to/fileGive [o]thers (not in the file owner’s group) the same rights as the [g]roup:
chmod o=g path/to/fileRemove all rights from [o]thers:
chmod o= path/to/fileChange permissions recursively giving [g]roup and [o]thers the ability to [w]rite:
chmod -R g+w,o+w path/to/directoryRecursively give [a]ll users [r]ead permissions to files and e[X]ecute permissions to subdirectories within a directory:
chmod -R a+rX path/to/directory
Numeric Method Link to heading
Based on the octal numbering system where each permission type is assigned a numeric value (4 = Read, 2 = Write, 1 = Execute).
By using a combination of numbers from 0 to 7, any possible combination of read, write, and execute permissions can be specified for a single permission group set:
| Numeric Form | Symbolic Form |
|---|---|
| 7 | rwx |
| 6 | rw- |
| 5 | r-x |
| 4 | r– |
| 3 | -wx |
| 2 | -w- |
| 1 | –x |
| 0 | — |
For example, to set the permissions of a file named abc.txt to be rwxr-xr–:
chmod 754 abc.txt
stat Command
Link to heading
displays file and filesystem information - more helpful than the
ls -lcommand.
Display properties about a specific file such as size, permissions, creation and access dates among others:
stat path/to/fileDisplay properties about a specific file such as size, permissions, creation and access dates among others without labels:
stat --terse path/to/fileDisplay information about the filesystem where a specific file is located:
stat --file-system path/to/fileShow only octal file permissions:
stat --format="%a %n" path/to/fileShow the owner and group of a specific file:
stat --format="%U %G" path/to/fileShow the size of a specific file in bytes:
stat --format="%s %n" path/to/file
umask Command
Link to heading
manages the read/write/execute permissions that are masked out (i.e. restricted) for newly created files by the user.
Masking Method Link to heading
For example, assume that the umask of a file is set to 027, it means that new files would receive 640 or rw-r—– permissions and directories files would receive 750 or rwxr-x— permissions by default.
File Default: 666 Umask: -027 Result: 640
Directory Default: 777 Umask: -027 Result: 750
Commands Link to heading
Display the current mask in octal notation:
umaskDisplay the current mask in symbolic (human-readable) mode:
umask -SChange the mask symbolically to allow read permission for all users (the rest of the mask bits are unchanged):
umask {{a+r}}Set the mask (using octal) to restrict no permissions for the file’s owner, and restrict all permissions for everyone else:
umask {{077}}
Changing umask Value
Link to heading
The new umask is only applied to file and directories created during that session. When a new shell is started, the default umask will again be in effect.
Permanently changing a user’s umask requires modifying the .bashrc file located in that user’s home directory.