When users cannot access files or directories that they previously could access, the permissions or ownership of the files or directories probably has changed.
Table 71-1 shows the octal values for setting file and directory permissions. You use these numbers in sets of three to set permissions for owner, group, and other (in that order). For example, the value 644 sets read/write permissions for owner, and read-only permissions for group and other.
Table 71-1 Octal Values for File Permissions
Value |
Description |
---|---|
0 |
No permissions |
1 |
Execute-only |
2 |
Write-only |
3 |
Write, execute |
4 |
Read-only |
5 |
Read, execute |
6 |
Read, write |
7 |
Read, write, execute |
Frequently, file and directory ownerships change because someone edited the files as superuser. When you create home directories for new users, be sure to make the user the owner of the dot (.) file in the home directory. When users do not own "." they cannot create files in their own home directory.
Access problems can also arise when the group ownership changes or when a group of which a user is a member is deleted from the /etc/group database.
Use the chown command to change file ownership.
# chown new-owner filename |
new-owner |
Is the specified user-name or UID of the new file owner. There must be an entry for the specified user-name in the passwd file. |
filename |
Is the specified file or directory. |
Use the chgrp command to change group ownership.
# chgrp new-owner filename |
new-owner |
Is the specified group ID or GID of the new group owner. There must be an entry for the specified group-name in the group file. |
filename |
Is the specified file or directory. |
List the file permissions.
# ls -l filename |
-l |
Displays the long listing, which includes current permissions for the file. |
filename |
Is the specified file or directory. |
# chmod nnn filename |
nnn |
Are numbers representing the permissions you are assigning to the file owner, the group owner, and all others, in that order. |
filename |
Is the specified file or directory. |
Permissions are changed using the numbers you specify.
You can change permissions on groups of files or on all files in a directory using meta characters such as (*) in place of file names or in combination with them.
Verify that the permissions have been changed by using the ls -l command.
$ ls -l filename |
The long listing shows the current permissions for the file.
This example shows changing the permissions of a public directory from 744 (read/write/execute, read-only, and read-only) to 755 (read/write/execute, read/execute, and read/execute).
$ ls -ld public_dir drwxr--r-- 1 ignatz staff 6023 Aug 5 12:06 public_dir $ chmod 755 public_dir $ ls -ld public_dir drwxr-xr-x 1 ignatz staff 6023 Aug 5 12:06 public_dir |
This example show changing the permissions of an executable shell script from read/write to read/write/execute.
$ ls -l my_script -rw------- 1 ignatz staff 6023 Aug 5 12:06 my_script $ chmod 700 my_script $ ls -l my_script -rwx------ 1 ignatz staff 6023 Aug 5 12:06 my_script |
You must own a file or directory (or have root permission) to be able to change its owner.
Become superuser.
List the file permissions.
# ls -l filename |
-l |
Displays the long listing, which includes the owner of the file, displayed in the third column. |
filename |
Is the specified file or directory. |
# chown new-owner filename |
Ownership is assigned to the new owner you specify.
Verify the file ownership change.
# ls -l filename |
# ls -l quest -rw-r--r-- 1 fred staff 6023 Aug 5 12:06 quest # chown ignatz quest # ls -l quest -rw-r--r-- 1 ignatz staff 6023 Aug 5 12:06 quest |
List the file permissions.
# ls -l filename |
Change the group that owns the file or directory.
$ chgrp GID filename |
The group ID for the file or directory you specify is changed.
Verify the file ownership change.
# ls -l filename |
$ ls -l junk -rw-r--r-- 1 kryten other 3138 Oct 31 14:49 junk $ chgrp staff junk $ ls -l junk -rw-r--r-- 1 kryten staff 3138 Oct 31 14:49 junk |
See Chapter 51, Securing Files (Tasks) for information about how to edit group accounts.