Changing Ownership

Changing Ownership

Files have two kinds of ownersthe user owner and the group owner. Only root can change a file's user ownership. You cannot "give away" a file.

In order to change a file's group ownership, you must be both the file's user owner and a member of the new group, or you must perform the change as root. Furthermore, when a file's group ownership is changed, the setuid and setgid properties are removed unless the change was made by root. This avoids some potential security problems (see the sidebar "What the setuid and setgid Properties Do" for more on this).

Group ownership can be changed using either the chgrp ( change group ) or chown ( change owner ) command.

To change the group ownership using chgrp:

  • chgrp newgroup file

    For example,

    chgrp www index.html

    changes the group ownership of file index.html to www. You must be the file's owner and a member of the new group to perform this. Figure 8.20 shows an example of changing the group ownership of a file using chgrp . Table 8.7 shows the options for the chgrp and chown commands.

    Figure 8.20. Using chgrp to change the group ownership of a file.
     localhost:~/Sites vanilla$  groups  vanilla appserveradm appserverusr admin www localhost:~/Sites vanilla$  ls -l index.html  -rw-r--r--     1 vanilla   vanilla   5754 Jan 17 14:18 index.html localhost:~/Sites vanilla$  chgrp www index.html  localhost:~/Sites vanilla$  ls -l index.html  -rw-r--r--     1 vanilla   www       6186 Apr 30 2001 index.html  localhost:~/Sites vanilla$ 

    Table 8.7. Options for the chgrp and chown Commands

    O PTION

    M EANING

    -R

    Makes changes recursively. Used when changing permissions on a directory and everything it contains.

    The next three options only work in combination with the -R option. Only one of the following may be used. If more than one is used, the last one on the command line takes precedence.

    -H

    If the -R option is specified, symbolic links on the command line are followed. (Symbolic links encountered in the directory traversal are not followed.) See Chapter 5 for more on symbolic links.

    -L

    If the -R option is specified, all symbolic links are followed.

    -P

    If the -R option is specified, no symbolic links are followed.

    -f

    Ignore errors (force silence). This option squelches error messages resulting from inadequate permissionsfor example, if you try to change the group ownership to a group to which you do not belong.


Tip

  • It is often useful to use the -R option to change the group ownership of an entire directory. For example,

    chgrp -R www webteam

    changes the directory webteam and all it contains so that it is owned by group www.


To change the group ownership using chown:

  • chgrp : newgroup file

    For example,

    chown :web index.html

    The only difference between using this and using chgrp is the addition of the colon before the group name . The reason for this funny syntax is that the chown command is designed to change the user ownership and/or the group ownership of a file, and the first argument to chown is in the form

    user : group

    However, you can leave out the user or group portion to change only one or the other. If you leave out the user portion, you must still use the colon. See the next task for how to use chown to change the user ownership (which may be done only by root).

As we've mentioned above, a file's user ownership can be changed only by the root user. On Mac OS X the standard way to perform a command as root is to use the sudo command. The following task shows how to change a file's user ownership using sudo and chown . (See Chapter 11 for more on sudo .)

To change the user ownership using chown:

1.
sudo chown newuser file

For example,

sudo chown whitney index.html

changes the user ownership of the file index.html to whitney.

The sudo command requires that you enter your password if you haven't used it within the last five minutes.

What the setuid and setgid Properties Do

If an executable file such as a script has the setuid property turned on, and if the file is executable by users other than the owning user (group or other executable), then when the program is run by someone other than the owning user, the process has the same permission as the owning user. This means you can create a script that alters files on which only you normally have write permission, and you can allow other people to run that script. Obviously this can be both useful and dangerous, like giving out the keys to your house. A similar situation occurs with setgid permission: The process runs with the permission of the owning group.

When a user (other than root) changes the group that a file belongs to and setuid and setgid properties are removed, the properties must be reset as a security precaution. This helps avoid accidentally giving too much power to other users. If you truly want the file to have setuid or setgid permission, after changing its group you must reset the setuid and/or setgid permission.


2.
Enter your password if asked.

The command is executed after you enter your password and press .

Figure 8.21 shows before and after views of using this command line.

Figure 8.21. Using chown to change a file's user ownership.
 localhost:~/Sites  ls -l index.html  -rw-r--r--    1 vanilla     vanilla      5754 Jan 17 14:18 index.html localhost:~/Sites  sudo chown whitney index.html  Password: localhost:~/Sites  ls -l index.html  -rw-r--r--    1 whitney     vanilla      5754 Jan 17 14:18 index.html localhost:~/Sites 

To change the user and group ownership simultaneously :

1.
sudo chown newuser : newgroup file

For example,

sudo chown vanilla:www index.html

2.
Enter your password if asked.

The command is executed when you enter your password and press .

Figure 8.22 shows the before and after of this command line.

Figure 8.22. Using chown to simultaneously change the user and group ownership.
 localhost:~/Sites  ls -l index.html  -rw-r--r--    1 whitney     vanilla      5754 Jan 17 14:18 index.html localhost:~/Sites  sudo chown vanilla:www index.html  Password: localhost:~/Sites  ls -l index.html  -rw-r--r--    1 vanilla     www          5754 Jan 17 14:18 index.html localhost:~/Sites 

Tip

  • The chown command uses the same options as the chgrp command. It is often useful to change an entire directory full of files at once:

    sudo chown -R howard:www web_images

    changes the directory web_images and all it contains to be owned by the user howard and the group www.




Unix for Mac OS X 10. 4 Tiger. Visual QuickPro Guide
Unix for Mac OS X 10.4 Tiger: Visual QuickPro Guide (2nd Edition)
ISBN: 0321246683
EAN: 2147483647
Year: 2004
Pages: 161
Authors: Matisse Enzer

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net