All Linux files and directories have owners and are assigned a list of permissions. This system of ownership and permissions forms the basis for restricting and allowing users’ access to files. File permissions can also be used to specify whether a file is executable as a command and to determine who can use the file or command.
Files and directories are owned by user accounts. User accounts are defined in the /etc/passwd file. For example, you created the root (superuser) user account when you installed Red Hat Linux in Chapter 3, and the installation system created the superuser home directory, /root, plus several configuration files (for example, .bashrc). The root user owns all those files and directories. If you created a regular user account — for example, lidia — that user’s home directory and configuration files are all owned by lidia. Users can access and modify any files or directories they own.
Files and directories all have group ownership in addition to user ownership. Groups are defined by the /etc/group file and provide a secondary level of access. For example, you can assign group ownership to files you own and allow other users who belong to the group to access those files.
Files and directories are assigned permissions that permit or deny read, write, and execute access. Permissions are assigned to the owner, group, or non-owner of the file or directory. Non-owners are referred to as “other.” The owner, group, or other permissions are independent of each other.
Using the ls command with the -l option allows you to see the file’s permissions along with other relevant information, such as who owns the file, which group of people have permission to access or modify the file, the size of the file or directory, the last time the file was modified, and its name.
First, create a file and then list it:
[lidia@cancun lidia]$ touch gotowork [lidia@cancun lidia]$ ls -l gotowork -rw-rw-r-- owner group 0 Feb 3 16:00 gotowork
The -rw-rw-r-- characters are the permissions for the gotowork file: The owner is you, and the group is probably you, but may be someone or something else, depending on how your system is set up and administered.
You may be wondering how you can become an owner of a file. You’re automatically the owner of any file you create, which makes sense. As the owner, you can change the default file permissions — and even the ownership. If you change the file ownership, however, you lose ownership privileges.
To change the ownership of a file or a directory, use the chown command. (Get it? chown — change ownership.) You generally have to be root to do this.
Suppose that you have decided to settle down and lead a more contemplative life, one more in line with a new profession of haiku writing. Someone else will have to plan the weekend sprees and all-night bashes. So you give up ownership of the gotowork file:
[lidia@cancun lidia]$chown root gotowork
This command changes the ownership of gotowork to root. To change it back, you can use the chown command, but you have to do it as root.
Files and users all belong to groups. In the gotowork example, the group consists of users. Having groups enables you to give large numbers of users — but not all users — access to files. Group permissions and ownership are handy for making sure that the members of a special project or workgroup have access to files needed by the entire group.
To see which groups are available to you on your system, take a look at the /etc/group file. To do so, use the more command. You see a file that looks somewhat like this:
root::0:root bin::1:root,bin,daemon ... nobody::99: users::100: floppy:x:19: ..... your_user_name::500:your_user_name
where your_user_name is the login name you use for your account. Remember that the file doesn’t look exactly like this — just similar. The names at the beginning of the line are the group names. The names at the end of the line (such as root, bin, and daemon) are user-group names that can belong to the user-group list.
To change the group the file belongs to, log in as root and use the chgrp command. Its syntax is the same as that of the chown command. For example, to change the group that gotowork belongs to, you issue this command:
[lidia@cancun lidia]$chgrp newgroupname gotowork
TipRed Hat assigns a unique group to each user. For example, when you add the first user to your system, that user gets the user ID and group ID of 500. The next user receives the user ID and group ID of 501, and so on. This system gives you lots of control over who gets what access to your files.