Linux Basics: How to Change File Ownership And Permissions
Basic web hosting administration tasks are not complicated, but keeping your web server efficient and secure requires a bit of technical savvy. Because many web servers run on Linux and most workstations run on Windows, Linux administration concepts can be, at first, confusing and difficult to master. It’s easier if you take it in small steps. In this article, we will introduce how to change ownership and permission settings on files and directories.
File & Directory Ownership
File ownership on Linux is quite different from Windows, and more simple to understand and configure. A file or directory is only owned by one user and one group. It can’t owned by more than a single user and a single group at a time.
To view current ownership settings, issue this command in a command shell to get a detailed file list:
# ls -al
Here is an example of a directory listing:
drwxrwxr-x 3 apache web2 4096 Feb 29 08:38 .
drwxr-xr-x 8 apache web2 4096 Feb 29 08:38 ..
drwxrwxr-x 2 apache web2 4096 Feb 29 08:38 error
-rw-rw-r-- 1 apache web2 1208 Feb 29 08:38 index.html
The third and fourth columns, respectively, show the user and the group owners. In the example above, we see that the “apache” user and the “web2″ user group owns the file index.html. In this case, the “apache” user is the account under which the web server process is running.
To change the ownership of a file, you must have shell access because ownership can only be changed through command lines:
# chown [user].[group] filename_or_directory
To recursively change the ownership of a directory, use this command:
# chown -R [user].[group] directory
Unfortunately, file ownership can’t be changed through FTP. However, there might be some web-based file managers that can accomplish it.
File & Directory Permissions
A file or directory can only have three different permissions: read, write, and execute. These file permissions are applied to
- the owner user,
- the owner group, and
- others (everyone other than the owner user and group).
Let’s look at our previous directory listing:
drwxrwxr-x 2 apache web2 4096 Feb 29 08:38 error
-rw-rw-r-- 1 apache web2 1208 Feb 29 08:38 index.html
Starting at the first character of the first column, here’s what it means:
- the first character indicates if this is a file (-) or a directory (d)
- characters 2, 3, and 4 are the permissions for the user that owns the file
- characters 5, 6, and 7 are the permissions for the group that owns the file
- characters 8,9, and 10 are the permissions for users other than the owners
For the above listing, we know that the “error” directory has
- read, write and execute permissions set for the user and group owners, and
- read and execute permissions set for others.
The “index.html” file has
- read and write permissions set for the owners, and
- read permission set for others.
Using The Command Line To Adjust Permissions
When you have a shell access, you can set file and directory permissions using the command line by using the chmod command. There two syntaxes possible:
# chmod ugo+rwx filename
or
# chmod 777 filename
The first syntax is a bit more friendly, but you might have to issue several commands to set all of the permissions on a file or directory. Let’s see how it works:
- ugo : This means User, Group, Others. You can specify for which entity you want to set the permissions. This could be only one value or more. For example, if you’d like to set read / write / execute permissions for user and group owners only, you could issue chmod ug+rwx filename .
- + or - : Specifies whether you want to add or remove a permission.
- rwx : Stands for Read, Write and eXecute. It specifies which permission you want to modify, which can one or more permission.
The second syntax is more difficult to remember, but it’s much faster. The first number is the permission for user, the second is for group and the third is for others. Here are the possible numeric values:
- 1 – EXECUTE
- 2 – WRITE
- 3 – WRITE, EXECUTE
- 4 – READ
- 5 – READ, EXECUTE
- 6 – READ, WRITE
- 7 – READ, WRITE, EXECUTE
Let’s look at a few examples that are performed both ways.
1. User and Group have full access but Others have no access:
# chmod ug+rwx filename
# chmod o-rwx filename
# chmod 770 filename
2. User have full access, Group and Others can read and execute. Setting these permissions recursively:
# chmod -R u+rwx filename
# chmod -R go+rx filename
# chmod -R 755 filename
You can see that the second syntax is faster than the first one.
Using FTP To Adjust Permissions
While you can not use FTP to set file and directory ownership, you can use an FTP client to set permissions. Most FTP applications can accomplish this. Using Filezilla, for example, you can set the permissions by right-clicking on the file or folder and selecting File Attributes.
The downside to using an FTP client is that you can’t set permissions recursively. Changing the permission on a folder will not affect its content whatsoever.
Keep It Secure!
Sometimes it’s too easy to give all permissions to everyone to make things work. Unfortunately, this creates a big security hole that puts your web server at risk. It’s always best to set the lowest level of permission possible.
There are some script installers that will require you to set the permissions to 777 while the application is being installed, but you must remember to set the permissions back to their original state, if possible.
About Stephane Brault
Stephane is a web developer and system administrator with over 18 years of experience. Specialized in PHP programming and Linux server administration, he also provided development and consulting services to SMBs for several years before becoming an online entrepreneur.
Related Posts
Most Popular Web Hosts of 2013
- BlueHost - $3.95/mo142 Reviews • BlueHost Coupon
- JustHost - $2.25/mo13 Reviews • JustHost Coupon
- MyHosting - $3.95/mo62 Reviews • MyHosting Promo Code
- InMotion Hosting - $5.95/mo1078 Reviews • InMotion Hosting Coupon
- WebHostingHub - $3.95/mo258 Reviews • WebHostingHub Coupon
Top 10 Web Hosting Reviews
Bluehost vs GoDaddy: Which Host Is The Best? April 23, 2013
Go Daddy’s SSL Certificates Again Rank #1 July 5, 2012
How to Fix Memory Issues in WordPress August 15, 2012
Go Daddy Sees India as “Priority Market” June 21, 2012
GoDaddy Launches Campaign to Attract SMBs in India May 24, 2013
- Case Study: Wordpress, MaxCDN, CloudFlare and W3 Total Cache Integration
Hafiz: I will try using MAXCDN for my site - Just Host vs Bluehost Website Hosting Comparison
Miss.Andrea Borman.: Well I would use Blue Host or Just Host because they give 24 hour telephone... - What is the Difference Between cPanel and WHM?
Stephane Brault: @Sarah: Unlike Plesk where you need to pay for X licenses, cPanel/WHM allows you to... - What is the Difference Between cPanel and WHM?
sarah: how many domain name can i host on WHM, - 1and1 Internet Enhances MyWebsite Website Builder
Joseph Mas: DON”T USE 1and1 for anything at all. Don’t believe me? Simply Google...
Web Hosting Toolbox
Latest Web Hosting Promos
4 responses so far ↓
1. Response by : hugo on Oct 21, 2009 at 10:01 pm
Good article, have a question here:
How do I give a specific user say “User1″ rwx permission? User1 is not the owner, nor is a member of any group.
So, I guess he comes under others category, but at the same time I dont want any other user to have access to this folder.
2. Response by : The Web Hosting Hero on Oct 24, 2009 at 7:30 am
@hugo: You have to put this user into a group and then make this group the owner of the file.
Managing ACL on Linux is not as easy as it is on Windows systems.
3. Response by : SQL database and permisions (via PHP) | Gravity Layouts on Nov 2, 2011 at 5:51 am
[...] databasing experience. I wanted to know if this is advisable. Specifically, whether its good to use Linux file permisions as database permissions. So for example, user Manderly could create group MJ12 and add users [...]
4. Response by : SQL database and permisions (via PHP) on Nov 3, 2011 at 1:25 pm
[...] databasing experience. I wanted to know if this is advisable. Specifically, whether its good to use Linux file permisions as database permissions. So for example, user Manderly could create group MJ12 and add users [...]
Leave a Comment