as mentioned above there are 3 sections to the permissions for an example which may be easier to understand here is how it is broken down
say root is the owner/user of the file
say video is the group
and then as mentioned there is the world/other section which covers anyone that doesn't fit in the first two.
Now if the file has permissions like
Read/Write for root
Read for the group video with user1 as a member of that group
and none for world/other
Then the root user would have full read write control over the file.
Any user in the video group (user1) would have read permissions but would not have access to modify the file.
Anyone else would not even be able to view the contents of the file.
as mentioned sudo chmod can be used to change the permissions of a file. Usage of chmod is too large to explain here but a simple breakdown is like this:
u is for user,
g is for group,
and o is for others.
r is for read permission,
w is for write permission,
x is for execute permission.
so if you wanted to set a file so that the user/owner of the file can have full access and you wanted the group to have read and be able to execute the file (such as a script) and you wanted everyone else only be able to execute the file the command would be:
sudo chmod u+rwx, g+rx, o+x /path/filename
to remove a permission you just use a minus instead of the plus... so if you decided that you didn't want "world/other" to be able to execute that file you would just use
sudo chmod o-x /path/filename
You will also see numbers used at times and I would actually have to look those up but basically I know that 7 is full permissions so if you did:
sudo chmod 777 /path/filename
it would set the permissions to read write execute for user (first seven) group (second 7) and world/other (third 7).
There is also a recursive code (-R note the capitalization it must be uppercase) .. if you wanted to change all the files in one directory and its sub-directories (be careful with this command because if you type the wrong path you can set permissions for files you may not want to touch) but it would look something like this:
sudo chmod -R 777 /home/user/blah
this would change the permissions for the folder blah, all the files and all its sub-directories and files to have full read/write/execute for anyone.
Hope this gives you a better understanding of chmod and permissions. If you need more you can just do a search on chmod commands and you should find the information you need
The s
in rws
stands for setuid
meaning set user ID. This is a special permission bit that allows the program, when run by any user, to be run with the effective UID of the owner, in this case, root. So when you as a normal user run the sudo
executable, you effectively do so as root. This permission bit is a security risk, and should only be applied where absolutely necessary.
Explanation of the setuid
bit from The Linux Command Line by William E. Shotts Jr:
When applied to an executable file, it sets the effective user ID from
that of the real user (the user actually running the program) to that
of the program's owner. Most often this is given to a few programs
owned by the superuser. When an ordinary user runs a program that is
"setuid root" , the program runs with the effective privileges of the
superuser. This allows the program to access files and directories
that an ordinary user would normally be prohibited from accessing.
Clearly, because this raises security concerns, the number of setuid
programs must be held to an absolute minimum.
The second root
in the listing is the group that owns the file, and yes, only the user root is in the group root:
$ getent group root
root:x:0:
Here's an example of a file that has different user and group ownership:
-rw-r----- 1 root shadow 1456 Nov 22 20:08 /etc/shadow
This means that the file can be read and written to only by root, but members of the group shadow may also read the file.
Best Answer
The chown command is used to change the owner and group owner of a file or directory. Superuser privileges are required to use this command. The syntax of chown looks like this:
chown can change the file owner and/or the file group owner depending on the first argument of the command. Here are some examples:
chown owner file
example:chown owner:group file
example:chown :group file
example:chown owner: file
example:Please read this nice tutorial https://www.linode.com/docs/tools-reference/linux-users-and-groups. This show some info about user, groups ,permissions ,...