File Ownership
| This brings us to our file ownership model. All UNIXes have the same kind of ownership structure: Every file and directory is owned by both a user and a group. As you will see in a moment, this does not necessarily mean that either the user or the members of the group have any particular permissions to access the file or directory. Ownership does come into play, though, in conjunction with the permissions settings that indicate what the owner user and other users can do with the file. Let's take a look at the permissions and ownership details of a set of files (see Listing 13.1). Here we use the -l option to ls to give a detailed listing, and we use the -a option to show all files, including "hidden" ones (those whose names begin with a dot). Listing 13.1. Set of Files Showing Ownership and Permissions
Seems pretty crypticbut it really isn't. In this chapter, you'll learn how to decode strings such as drwxr-x, which define the mode of a file (the parameters that define who can access it and in what manner). There are three modes of owner permissions on a file (or directory): user, group, and others. There are also three modes of access: read, write, and execute. These six pieces of information, referred to as bits, define the permissions on a file. For instance, a file's permissions configuration might tell us that the user who owns the file can read and write to it, but members of the group that own the file can only read from it, and anybody else in the system can also only read from it. (This is the default file mode.) Similarly, a file's permission mode can tell us that anybodyuser, group, or otherscan read or execute the file (running it as a program) but that only the user and group owning it can write to it. Literally any combination is possible. We'll look in more detail at the permission modes and discuss how to set them a little later in this chapter. For now, it is necessary to realize that a user can only read her own files if those files have their permissions set so that the user can read them. Similarly, the necessary permissions must be in place if members of the owner group are to read the files. Most of the time, this is indeed the case; it is important to recognize, though, that ownership and permissions are not inextricably tied together. Note A user can delete a file owned by another user, if that file is in a directory owned by the first user. The rm (remove) command will prompt for whether the user wants to override the file's ownership and permissions, and proceed, as shown here: # ls -l tempfile -rw-r--r-- 1 root wheel 0 Aug 7 21:44 tempfile # rm tempfile override rw-r--r-- root/wheel for tempfile? y Using chown to Change File OwnershipAs the super-user, you have the ability to change which users own any files on the system. Only the super-user can do this; regular users cannot "give" their files to another user or "take" them from another user. If they could, it would sort of defeat the purpose of users and file ownership. The command to change ownership is chown (change owner): # chown bob file.txtThis command changes the user ownernot the group ownerof the file file.txt to the user bob. The file used to be owned by frank, but now Bob can read and write to the file, whereas Frank can no longer write to it. You can also use chown on a directory: # chown bob /home/frankThis command, when used on a directory, operates on the "." entry you saw earlier in Listing 13.1. This special filename is a pointer that refers to the current directory, whereas the ".." entry refers to the parent directory (this behavior is the same as in MS-DOS). Looking back at the permissions on the /home/frank directory, you can see that it is writable only by its user owner (you know this by the w bit in the third position, and nowhere else, in the permissions string); therefore, bob is now the only one who can create and delete files in the directory. He can, however, modify any file that he owns in any directory. This interrelation between ownership and permissions will be made clearer in Table 13.1.
Tip There's a useful option to chown that you as an administrator will need to know: -R. This makes chown act recursively, meaning that if you run it against a directory, the function will operate on the current directory, all files within the directory, and all files in all subdirectories below it. You'll need to use chown if you have to re-create an account, for example, and need to transfer ownership of all the user's files. Here's an example: # chown -R bob /home/frankUsing chgrp to Change File Group OwnershipNow that you know how to use chown, it's a simple matter to understand the use of chgrp, a very similar command. Its purpose is to change the group owner rather than the user owner of a file or directory, and it works exactly the same way: # chgrp users contents.htmlAfter this command is issued, the permissions for contents.html will look like this: -rw-rw-r-- 1 bob users 2703 Dec 22 1998 contents.html Because both the user and group owners have write permissions (the w bit is in the third and sixth positions), you've just created a situation in which any member of the "users" group can write to the file just as bob can. FreeBSD, by default, creates a new group for every user, so there will be a bob group as well as a bob user, and Bob belongs to it as his primary group. By default, all the user's files are created with the user and group owners set to bob. Now, if another user (for instance, frank) belongs to the bob group, he can write to those files. You now have a file-sharing mechanism in which both Bob and Frank have the same level of control over the files. Tip Using chgrp is really just another way of executing chown; if you prefer, you can use the following syntax: # chown bob:users contents.htmlThis changes the ownership on contents.html to the bob user and the users group, whereas the following will change the group owner only: # chown :users contents.htmlBoth chown and chgrp support the -R option, described previously, in the same way. |
