Permission Denied to Change GID of Owned File – Solutions

permissions

It appears I still miss some things about the way permissions work. I am on a debian 7 system btw.
just now I have this file of which I downloaded and it belongs to myuser:myuser, that is both user and group are set to me. It also resides in my $HOME directory since that is where I downloaded it to.

So far so good.
Now I want to share this file with some other users of the pc and for that I want to switch the group ownership of the file to group "users".
however that fails:

nass@quarx:~/xmas_carol$ chgrp -R users * 
chgrp: changing group of movie.mov': Operation not permitted

And the contents of the folder are:

-rwxr-xr-x 1 nass nass 2482411461 Feb  6 03:57 movie.mov

I am fuzzy about what is going on with the permissions. Can someone explain

Best Answer

Your user is probably not a member of the users group, so you don't have the right to give a file to that group. To illustrate:

$ groups
terdon sudo netdev fuse vboxsf vboxusers

$ ls -l file
-rw-r--r-- 1 terdon terdon 604 Feb  6 03:04 file
$ chgrp users file
chgrp: changing group of ‘file’: Operation not permitted
$ chgrp vboxusers file
$ ls -l file
-rw-r--r-- 1 terdon vboxusers 604 Feb  6 03:04 file

This behavior is mentioned in the POSIX specs:

Only the owner of a file or the user with appropriate privileges may change the owner or group of a file.

Some implementations restrict the use of chgrp to a user with appropriate privileges when the group specified is not the effective group ID or one of the supplementary group IDs of the calling process.

The main reason for this is that if you aren't a member of a group, you should not be able to modify what that group has access to. This answer on chown permissions is also relevant.

Traditionally, on shared systems, you have a users group to which all regular users belong and that is the primary group of each user. That way, files are created owned by the users group and all users can read them.

Anyway, since that is not the way that Debian-based distros are set up these days, the way to give a specific user access to your file would be to either

  1. Change the group ownership of the file/directory to a group that both you and the other user are members of;

  2. Just change the permissions of the file/directory accordingly:

    $ chmod 755 /home/terdon
$ ls -ld /home/terdon
drwxr-xr-x 170 terdon terdon 491520 Apr 20 13:43 /home/terdon/

    That will make the directory accessible to everybody.

Related Question