Follow Us on Google+
Follow Us on Twitter
Like us on Facebook
Subscribe to our RSS Feed

Linux Basics: How to Change File Ownership And Permissions

Linux Basics: How to Change File Ownership And Permissions
Posted by on March 24, 2008 in Tutorials. Last modified on May 17, 2013.
 

Basic web hosting administration tasks are not complicated, but keeping your web server efficient and secure requires a bit of technical savvy. Because many web servers run on Linux and most workstations run on Windows, Linux administration concepts can be, at first, confusing and difficult to master. It’s easier if you take it in small steps. In this article, we will introduce how to change ownership and permission settings on files and directories.

File & Directory Ownership

File ownership on Linux is quite different from Windows, and more simple to understand and configure. A file or directory is only owned by one user and one group. It can’t owned by more than a single user and a single group at a time.

To view current ownership settings, issue this command in a command shell to get a detailed file list:

# ls -al

Here is an example of a directory listing:

drwxrwxr-x 3 apache web2 4096 Feb 29 08:38 .
drwxr-xr-x 8 apache web2 4096 Feb 29 08:38 ..
drwxrwxr-x 2 apache web2 4096 Feb 29 08:38 error
-rw-rw-r-- 1 apache web2 1208 Feb 29 08:38 index.html

The third and fourth columns, respectively, show the user and the group owners. In the example above, we see that the “apache” user and the “web2″ user group owns the file index.html. In this case, the “apache” user is the account under which the web server process is running.

To change the ownership of a file, you must have shell access because ownership can only be changed through command lines:

# chown [user].[group] filename_or_directory

To recursively change the ownership of a directory, use this command:

# chown -R [user].[group] directory

Unfortunately, file ownership can’t be changed through FTP. However, there might be some web-based file managers that can accomplish it.

File & Directory Permissions

A file or directory can only have three different permissions: read, write, and execute. These file permissions are applied to

  • the owner user,
  • the owner group, and
  • others (everyone other than the owner user and group).

Let’s look at our previous directory listing:

drwxrwxr-x 2 apache web2 4096 Feb 29 08:38 error
-rw-rw-r-- 1 apache web2 1208 Feb 29 08:38 index.html

Starting at the first character of the first column, here’s what it means:

  • the first character indicates if this is a file (-) or a directory (d)
  • characters 2, 3, and 4 are the permissions for the user that owns the file
  • characters 5, 6, and 7 are the permissions for the group that owns the file
  • characters 8,9, and 10 are the permissions for users other than the owners

For the above listing, we know that the “error” directory has

  • read, write and execute permissions set for the user and group owners, and
  • read and execute permissions set for others.

The “index.html” file has

  • read and write permissions set for the owners, and
  • read permission set for others.

Using The Command Line To Adjust Permissions

When you have a shell access, you can set file and directory permissions using the command line by using the chmod command. There two syntaxes possible:

# chmod ugo+rwx filename

or

# chmod 777 filename

The first syntax is a bit more friendly, but you might have to issue several commands to set all of the permissions on a file or directory. Let’s see how it works:

  • ugo : This means User, Group, Others. You can specify for which entity you want to set the permissions. This could be only one value or more. For example, if you’d like to set read / write / execute permissions for user and group owners only, you could issue chmod ug+rwx filename .
  • + or - : Specifies whether you want to add or remove a permission.
  • rwx : Stands for Read, Write and eXecute. It specifies which permission you want to modify, which can one or more permission.

The second syntax is more difficult to remember, but it’s much faster. The first number is the permission for user, the second is for group and the third is for others. Here are the possible numeric values:

  • 1 – EXECUTE 
  • 2 – WRITE
  • 3 – WRITE, EXECUTE
  • 4 – READ
  • 5 – READ, EXECUTE
  • 6 – READ, WRITE
  • 7 – READ, WRITE, EXECUTE

Let’s look at a few examples that are performed both ways.

1. User and Group have full access but Others have no access:

# chmod ug+rwx filename
# chmod o-rwx filename
# chmod 770 filename

2. User have full access, Group and Others can read and execute. Setting these permissions recursively:

# chmod -R u+rwx filename
# chmod -R go+rx filename
# chmod -R 755 filename

You can see that the second syntax is faster than the first one.

Using FTP To Adjust Permissions

While you can not use FTP to set file and directory ownership, you can use an FTP client to set permissions. Most FTP applications can accomplish this. Using Filezilla, for example, you can set the permissions by right-clicking on the file or folder and selecting File Attributes.

ftp-file-attributes.jpg

The downside to using an FTP client is that you can’t set permissions recursively. Changing the permission on a folder will not affect its content whatsoever.

Keep It Secure!

Sometimes it’s too easy to give all permissions to everyone to make things work. Unfortunately, this creates a big security hole that puts your web server at risk. It’s always best to set the lowest level of permission possible.

There are some script installers that will require you to set the permissions to 777 while the application is being installed, but you must remember to set the permissions back to their original state, if possible.

 
Tags: command line, linux, shell, system administration

About Stephane Brault

Stephane is a web developer and system administrator with over 18 years of experience. Specialized in PHP programming and Linux server administration, he also provided development and consulting services to SMBs for several years before becoming an online entrepreneur.

4 responses so far ↓

avatar

1. Response by : hugo on Oct 21, 2009 at 10:01 pm

Good article, have a question here:
How do I give a specific user say “User1″ rwx permission? User1 is not the owner, nor is a member of any group.
So, I guess he comes under others category, but at the same time I dont want any other user to have access to this folder.

avatar

2. Response by : The Web Hosting Hero on Oct 24, 2009 at 7:30 am

@hugo: You have to put this user into a group and then make this group the owner of the file.

Managing ACL on Linux is not as easy as it is on Windows systems.

3. Response by : SQL database and permisions (via PHP) | Gravity Layouts on Nov 2, 2011 at 5:51 am

[...] databasing experience. I wanted to know if this is advisable. Specifically, whether its good to use Linux file permisions as database permissions. So for example, user Manderly could create group MJ12 and add users [...]

4. Response by : SQL database and permisions (via PHP) on Nov 3, 2011 at 1:25 pm

[...] databasing experience. I wanted to know if this is advisable. Specifically, whether its good to use Linux file permisions as database permissions. So for example, user Manderly could create group MJ12 and add users [...]

Leave a Comment




Bluehost
MaxCDN - Speed Up Your Website