Saturday, September 15, 2012

Linux 21 - Manage Fileownership and Permissions


  • chown/chgrp


  • Files & Folders
  • Chmod
  • octal
  • umask

Special permissions

  • suid
  • guid
  • sticky bit

the state or fact of being an owner.

chown - Change the owner of a file or directory.

chgrp - Change the group of files and directories.

There are several types of user account on a Linux / UNIX system ranging from Lowest to Highest in terms of access to certain OS functions:

Normal Users >  System Accounts > Root User

By default, normal users and the programs they run are given the least amount of privileges on the system. System accounts have slightly elevated privileges and are used to run system services (like a web server or FTP server). The root account has unrestricted administrative access to the entire system.

Groups are a way to simplify the management of system security. Users can be a member of one or more groups. All users are part of at least one group by default; this group is known as the user's primary group.

in order to change the options recursively you must specify the -r option

chown -r, chgrp -r

Permissions on files


There are four types of permissions that can be used to control access to a file or directory. The following table describes each permission.


In most cases, the owner of a file will always have full read/write access to that file. Execute permission is a special flag used for programs, scripts, and directories to indicate they are executable.

The chmod command sets permissions on files and directories. By default, permissions are specified in numerical (octal) format such as 664 as shown in the above example.

In octal form, three digits are used to represent owner, group, and everyone else's permissions.

The first number represents the owner's permissions, the second number is the group's permissions, and the third number is for everyone else.

The table below provides a cross reference of symbolic and octal permissions.


The sum of the octal permissions becomes what is known as the mode. The valid modes are described in the following table.


The combination of 3 modes determines the permissions for the file. A mode of 664 would create rw-rw-r-- permissions giving read/write access to the user and group, and read only to everyone else.


Set user ID

  • –if this bit is set that means that executable files will run as the owner of the file
  • –if a file is owned by root and SUID is set then anybody can run the program as root
  • –ping is a simple command but to have access to the network card only root user can have access a suid can be set in order to allow anybody access


if it's set it will run with the group's permissions

  • –set on folders
  • –any files/folders are owned by the group that matches the folder
  • –if a folder is owned by a accounting and i'm bob and I create a file even if I am not in the group the file will have the group's permission
  • –set on executables

Sticky Bit

  • –on folders
  • –commonly used in /tmp directory
  • –if set on a folder only the owner of a file or folder is allowed to delete stuff
  • –exclusive to file owner
  • –on a file
  • –the kernel will ignore it


No comments:

Post a Comment