If I understand you correctly, you want to change the owner of all files inside some directory (or the root) that are owned by user #500 to be owned by another user, without modifying files owned by any other user. You're in that situation because you've copied a whole directory tree from another machine, where files inside that tree were owned by many different users, but you're only interested in updating those that were owned by "your" user at the moment, and not any of the files that are owned by user #501 or any other.
GNU chown
supports an option --from=500
that you can use in combination with the -R
recursive option to do this:
chown -R --from=500 yourusername /path/here
This will be the fastest option if you have GNU chown
, which on CentOS you should.
Alternatively can use find
on any system:
find /path/here -user 500 -exec chown yourusername '{}' '+'
find
will look at every file and directory recursively inside /path/here
, matching all of those owned by user #500. With all of those files, it will execute chown yourusername file1 file2...
as many times as required. After the command finishes, all files that were owned by user #500 will be owned by yourusername
. You'll need to run that command as root
to be able to change the file owners.
You can check for any stragglers by running the same find
command without a command to run:
find /path/here -user 500
It should list no files at this point.
An important caveat: if any of the files owned by user #500 are symlinks, chown
will by default change the owner of the file the symlink points at, not the link itself. If you don't trust the files you're examining, this is a security hole. Use chown -h
in that case.
Only root has the permission to change the ownership of files. Reasonably modern versions of Linux provide the CAP_CHOWN
capability; a user who has this capability may also change the ownership of arbitrary files. CAP_CHOWN
is global, once granted, it applies to any file in a local file system.
Group ownership may be changed by the file owner (and root). However, this is restricted to the groups the owner belongs to. So if user U belongs to groups A, B, and C but not to D, then U may change the group of any file that U owns to A, B, or C, but not to D. If you seek for arbitrary changes, then CAP_CHOWN
is the way to go.
CAUTION CAP_CHOWN
has severe security implications, a user with a shell that has capability CAP_CHOWN
could get root privileges. (For instance, chown
libc to yourself, patch in your Trojan Horses, chown
it back and wait for a root process to pick it up.)
Since you want to restrict the ability to change ownership to certain directories, none of the readily available tools will aid you. Instead you may write your own variant of chown
that takes care of the intended restrictions. This program needs to have capability CAP_CHOWN
e.g.
setcap cap_chown+ep /usr/local/bin/my_chown
CAUTION
Your program will probably mimic the genuine chown
, e.g. my_chown
user:group filename(s)
. Do perform your input validation very carefully. Check that each file satisfies the intended restrictions, particularly, watch out for soft links that point out of bounds.
If you want to restrict access your program to certain users, you may either create a special group, set group ownership of my_chown
to this group, set permissions to 0750, and add all users that are permitted to this group. Alternatively you may use sudo
with suitable rules (in this case you also don't need capability magic). If you need even more flexibility, then you need to code the rules you have in mind into my_chown
.
Best Answer
Use
rsync(1)
: