Ubuntu – chown – Difference between user and user:user

chownpermissions

What is the difference between:

sudo chown $USER:$USER

and

sudo chown $USER

Why is it 2 times? Is the one user wrong? When I look at permissions with namei -l, I often see things like root root or proxy proxy.

Why does the owner have to be defined and listed 2 times?

Best Answer

The chown command is used to change the owner and group owner of a file or directory. Superuser privileges are required to use this command. The syntax of chown looks like this:

chown [owner][:[group]] file...

chown can change the file owner and/or the file group owner depending on the first argument of the command. Here are some examples:

chown owner file example:

chown bob file --> Changes the ownership of the file from its current owner to user bob.

chown owner:group file example:

chown bob:users file --> Changes the ownership of the file from its current owner to user bob and changes the file group owner to group users.

chown :group file example:

 chown :admins file --> Changes the group owner to the group admins. The file owner is unchanged.

chown owner: file example:

chown bob: file --> Change the file owner from the current owner to user bob and changes the group owner to the login group of user bob.

Please read this nice tutorial https://www.linode.com/docs/tools-reference/linux-users-and-groups. This show some info about user, groups ,permissions ,...

Related Solutions

Ubuntu – Do files/directories belong to a user AND a group

as mentioned above there are 3 sections to the permissions for an example which may be easier to understand here is how it is broken down

say root is the owner/user of the file say video is the group and then as mentioned there is the world/other section which covers anyone that doesn't fit in the first two.

Now if the file has permissions like

Read/Write for root

Read for the group video with user1 as a member of that group

and none for world/other

Then the root user would have full read write control over the file. Any user in the video group (user1) would have read permissions but would not have access to modify the file. Anyone else would not even be able to view the contents of the file.

as mentioned sudo chmod can be used to change the permissions of a file. Usage of chmod is too large to explain here but a simple breakdown is like this:

u is for user,
g is for group,
and o is for others.

r is for read permission,
w is for write permission,
x is for execute permission.

so if you wanted to set a file so that the user/owner of the file can have full access and you wanted the group to have read and be able to execute the file (such as a script) and you wanted everyone else only be able to execute the file the command would be:

sudo chmod u+rwx, g+rx, o+x /path/filename

to remove a permission you just use a minus instead of the plus... so if you decided that you didn't want "world/other" to be able to execute that file you would just use

sudo chmod o-x /path/filename

You will also see numbers used at times and I would actually have to look those up but basically I know that 7 is full permissions so if you did:

sudo chmod 777 /path/filename

it would set the permissions to read write execute for user (first seven) group (second 7) and world/other (third 7).

There is also a recursive code (-R note the capitalization it must be uppercase) .. if you wanted to change all the files in one directory and its sub-directories (be careful with this command because if you type the wrong path you can set permissions for files you may not want to touch) but it would look something like this:

sudo chmod -R 777 /home/user/blah

this would change the permissions for the folder blah, all the files and all its sub-directories and files to have full read/write/execute for anyone.

Hope this gives you a better understanding of chmod and permissions. If you need more you can just do a search on chmod commands and you should find the information you need

Ubuntu – Meaning of the access permissions “rws” and “root root” of /usr/bin/sudo

The s in rws stands for setuid meaning set user ID. This is a special permission bit that allows the program, when run by any user, to be run with the effective UID of the owner, in this case, root. So when you as a normal user run the sudo executable, you effectively do so as root. This permission bit is a security risk, and should only be applied where absolutely necessary.

Explanation of the setuid bit from The Linux Command Line by William E. Shotts Jr:

When applied to an executable file, it sets the effective user ID from that of the real user (the user actually running the program) to that of the program's owner. Most often this is given to a few programs owned by the superuser. When an ordinary user runs a program that is "setuid root" , the program runs with the effective privileges of the superuser. This allows the program to access files and directories that an ordinary user would normally be prohibited from accessing. Clearly, because this raises security concerns, the number of setuid programs must be held to an absolute minimum.

The second root in the listing is the group that owns the file, and yes, only the user root is in the group root:

$ getent group root
root:x:0:

Here's an example of a file that has different user and group ownership:

-rw-r----- 1 root shadow 1456 Nov 22 20:08 /etc/shadow

This means that the file can be read and written to only by root, but members of the group shadow may also read the file.

Best Answer

Related Solutions

Ubuntu – Do files/directories belong to a user AND a group

Ubuntu – Meaning of the access permissions “rws” and “root root” of /usr/bin/sudo

Related Question