Change Ownership of File Ubuntu Allow All Read
Contents
- Understanding and Using File Permissions
- Folder/Directory Permissions
- Permissions in Action
- Irresolute Permissions
- chmod with Letters
- chmod with Numbers
- chmod with sudo
- Recursive Permission Changes
- Recursive chmod with -R and sudo
- Recursive chmod using find, pipemill, and sudo
- Warning with Recursive chmod
- Irresolute the File Possessor and Group
- Book Permissions with umask
- ACL (Admission Command List)
- Setting upwardly ACL
- Case Usage
- GUI ACL Editor
- Useful ACL Resources
- File removal
- Sticky Bit
- See also
- ToDo
Understanding and Using File Permissions
In Linux and Unix, everything is a file. Directories are files, files are files and devices are files. Devices are usually referred to every bit a node; nonetheless, they are still files. All of the files on a system have permissions that allow or prevent others from viewing, modifying or executing. If the file is of type Directory and then information technology restricts different deportment than files and device nodes. The super user "root" has the ability to access any file on the organisation. Each file has admission restrictions with permissions, user restrictions with owner/grouping clan. Permissions are referred to as bits.
To modify or edit files that are endemic by root, sudo must be used - delight see RootSudo for details.
If the owner read & execute bit are on, so the permissions are:
-r-x------
At that place are 3 types of access restrictions:
| Permission | Action | chmod option |
| read | (view) | r or 4 |
| write | (edit) | due west or 2 |
| execute | (execute) | x or 1 |
In that location are also 3 types of user restrictions:
| User | ls output |
| owner | -rwx------ |
| group | ----rwx--- |
| other | -------rwx |
Note: The brake blazon scope is non inheritable: the file owner will be unaffected by restrictions gear up for his grouping or everybody else.
Folder/Directory Permissions
Directories have directory permissions. The directory permissions restrict unlike deportment than with files or device nodes.
| Permission | Activity | chmod selection |
| read | (view contents, i.e. ls command) | r or 4 |
| write | (create or remove files from dir) | west or 2 |
| execute | (cd into directory) | x or 1 |
-
read restricts or allows viewing the directories contents, i.e. ls control
-
write restricts or allows creating new files or deleting files in the directory. (Caution: write access for a directory allows deleting of files in the directory even if the user does not have write permissions for the file!)
-
execute restricts or allows changing into the directory, i.e. cd control
Folders (directories) must have 'execute' permissions prepare (x or 1), or folders (directories) will NOT FUNCTION as folders (directories) and WILL DISAPPEAR from view in the file browser (Nautilus).
Permissions in Action
user@host:/domicile/user$ ls -l /etc/hosts -rw-r--r-- one root root 288 2005-xi-thirteen 19:24 /etc/hosts user@host:/home/user$
Using the example in a higher place we have the file "/etc/hosts" which is owned past the user root and belongs to the root group.
What are the permissions from the higher up /etc/hosts ls output?
-rw-r--r-- owner = Read & Write (rw-) grouping = Read (r--) other = Read (r--)
Changing Permissions
The command to apply when modifying permissions is chmod. In that location are two ways to modify permissions, with numbers or with letters. Using letters is easier to understand for most people. When modifying permissions be careful non to create security issues. Some files are configured to accept very restrictive permissions to prevent unauthorized admission. For example, the /etc/shadow file (file that stores all local user passwords) does non have permissions for regular users to read or otherwise access.
user@host:/home/user# ls -l /etc/shadow -rw-r----- 1 root shadow 869 2005-11-08 13:xvi /etc/shadow user@host:/home/user# Permissions: owner = Read & Write (rw-) group = Read (r--) other = None (---) Buying: possessor = root group = shadow
chmod with Letters
Usage: chmod {options} filename | Options | Definition |
| u | owner |
| g | group |
| o | other |
| a | all (aforementioned equally ugo) |
| 10 | execute |
| w | write |
| r | read |
| + | add permission |
| - | remove permission |
| = | set permission |
Here are a few examples of chmod usage with letters (try these out on your organization).
First create some empty files:
user@host:/home/user$ bear upon file1 file2 file3 file4 user@host:/abode/user$ ls -fifty total 0 -rw-r--r-- 1 user user 0 Nov nineteen 20:13 file1 -rw-r--r-- ane user user 0 Nov 19 20:13 file2 -rw-r--r-- ane user user 0 November 19 20:13 file3 -rw-r--r-- ane user user 0 Nov 19 twenty:13 file4
Add together owner execute bit:
user@host:/home/user$ chmod u+x file1 user@host:/dwelling/user$ ls -l file1 -rwxr--r-- 1 user user 0 Nov xix twenty:13 file1
Add other write & execute flake:
user@host:/dwelling house/user$ chmod o+wx file2 user@host:/home/user$ ls -50 file2 -rw-r--rwx 1 user user 0 Nov nineteen 20:13 file2
Remove group read bit:
user@host:/dwelling/user$ chmod g-r file3 user@host:/home/user$ ls -l file3 -rw----r-- ane user user 0 Nov 19 20:13 file3
Add together read, write and execute to anybody:
user@host:/dwelling/user$ chmod ugo+rwx file4 user@host:/home/user$ ls -fifty file4 -rwxrwxrwx 1 user user 0 Nov 19 20:13 file4 user@host:/habitation/user$
chmod with Numbers
Usage: chmod {options} filename | Options | Definition |
| #-- | possessor |
| -#- | group |
| --# | other |
| ane | execute |
| 2 | write |
| 4 | read |
Owner, Grouping and Other is represented by three numbers. To become the value for the options determine the type of access needed for the file so add.
For case if y'all desire a file that has -rw-rw-rwx permissions you will utilize the following:
| Owner | Grouping | Other |
| read & write | read & write | read, write & execute |
| 4+two=6 | four+2=vi | 4+two+ane=7 |
user@host:/home/user$ chmod 667 filename
Another instance if yous desire a file that has --westward-r-ten--x permissions you will use the post-obit:
| Possessor | Group | Other |
| write | read & execute | execute |
| 2 | 4+one=5 | 1 |
user@host:/dwelling house/user$ chmod 251 filename
Hither are a few examples of chmod usage with numbers (effort these out on your system).
First create some empty files:
user@host:/home/user$ touch file1 file2 file3 file4 user@host:/home/user$ ls -l full 0 -rw-r--r-- 1 user user 0 November nineteen twenty:13 file1 -rw-r--r-- 1 user user 0 Nov 19 20:13 file2 -rw-r--r-- 1 user user 0 Nov 19 twenty:thirteen file3 -rw-r--r-- 1 user user 0 Nov 19 20:13 file4
Add possessor execute bit:
user@host:/home/user$ chmod 744 file1 user@host:/home/user$ ls -l file1 -rwxr--r-- 1 user user 0 Nov xix xx:13 file1
Add other write & execute flake:
user@host:/home/user$ chmod 647 file2 user@host:/home/user$ ls -fifty file2 -rw-r--rwx 1 user user 0 Nov xix 20:xiii file2
Remove group read bit:
user@host:/home/user$ chmod 604 file3 user@host:/home/user$ ls -l file3 -rw----r-- ane user user 0 November 19 20:thirteen file3
Add read, write and execute to everyone:
user@host:/home/user$ chmod 777 file4 user@host:/home/user$ ls -fifty file4 -rwxrwxrwx ane user user 0 Nov xix 20:13 file4 user@host:/abode/user$
chmod with sudo
Changing permissions on files that you exercise not have ownership of: (Note that irresolute permissions the wrong way on the incorrect files can quickly mess up your organisation a not bad deal! Please be conscientious when using sudo!)
user@host:/home/user$ ls -50 /usr/local/bin/somefile -rw-r--r-- ane root root 550 2005-11-13 19:45 /usr/local/bin/somefile user@host:/home/user$ user@host:/home/user$ sudo chmod o+x /usr/local/bin/somefile user@host:/habitation/user$ ls -50 /usr/local/bin/somefile -rw-r--r-x 1 root root 550 2005-xi-13 19:45 /usr/local/bin/somefile user@host:/home/user$
Recursive Permission Changes
To change the permissions of multiple files and directories with one command. Please note the alarm in the chmod with sudo section and the Warning with Recursive chmod section.
Recursive chmod with -R and sudo
To change all the permissions of each file and folder under a specified directory at in one case, use sudo chmod with -R
user@host:/dwelling house/user$ sudo chmod 777 -R /path/to/someDirectory user@host:/home/user$ ls -l total 3 -rwxrwxrwx 1 user user 0 November 19 twenty:xiii file1 drwxrwxrwx 2 user user 4096 November nineteen 20:13 folder -rwxrwxrwx 1 user user 0 November 19 20:thirteen file2
Recursive chmod using find, pipemill, and sudo
To assign reasonably secure permissions to files and folders/directories, it's common to give files a permission of 644, and directories a 755 permission, since chmod -R assigns to both. Apply sudo, the find command, and a pipemill to chmod as in the following examples.
To change permission of merely files under a specified directory.
user@host:/domicile/user$ sudo find /path/to/someDirectory -type f -print0 | xargs -0 sudo chmod 644 user@host:/abode/user$ ls -l total 3 -rw-r--r-- 1 user user 0 Nov 19 20:13 file1 drwxrwxrwx two user user 4096 November 19 20:thirteen folder -rw-r--r-- 1 user user 0 Nov 19 20:13 file2
To change permission of only directories under a specified directory (including that directory):
user@host:/home/user$ sudo find /path/to/someDirectory -type d -print0 | xargs -0 sudo chmod 755 user@host:/home/user$ ls -fifty total three -rw-r--r-- one user user 0 November 19 20:thirteen file1 drwxr-xr-10 2 user user 4096 Nov 19 20:13 folder -rw-r--r-- one user user 0 Nov nineteen twenty:xiii file2
Warning with Recursive chmod
WARNING: Although it's been said, it's worth mentioning in context of a gotcha typo. Please notation, Recursively deleting or chown-ing files are extremely dangerous. You lot will non exist the first, nor the last, person to add together i likewise many spaces into the command. This case will hose your system:
user@host:/home/user$ sudo chmod -R / home/john/Desktop/tempfiles
Note the space between the first / and dwelling house.
You accept been warned.
Changing the File Owner and Group
A file's owner tin be changed using the chown command. For example, to alter the foobar file'south owner to tux:
user@host:/home/user$ sudo chown tux foobar
To alter the foobar file'due south grouping to penguins, you could apply either chgrp or chown with special syntax:
user@host:/home/user$ sudo chgrp penguins foobar
user@host:/home/user$ sudo chown :penguins foobar
Finally, to alter the foobar file's owner to tux and the group to penguins with a single command, the syntax would be:
user@host:/domicile/user$ sudo chown tux:penguins foobar
Notation that, past default, you must use sudo to modify a file's owner or grouping.
Book Permissions with umask
This section has been moved to: Fstab#Options
ACL (Access Control List)
Posix ACLs are a way of achieving a finer granularity of permissions than is possible with the standard Unix file permissions. See the full page on ACLs FilePermissionsACLs
Setting up ACL
- Install the acl package:
sudo apt-go install acl
-
Edit /etc/fstab and add option acl to partition(s) on which yous want to enable ACL. For example:
... UUID=d027a8eb-e234-1c9f-aef1-43a7dd9a2345 /abode ext4 defaults,acl 0 2 ...
- Remount partition(south) on which y'all want to enable ACL. For example:
sudo mount -o remount /domicile
-
Verify acl is enabled on the segmentation(due south):
mount | grep acl
The commands, setfacl and getfacl, set and read ACLs on files and directories.
Case Usage
This is a simple example for use with a Samba share to ensure that whatever files or sub-directories created could besides exist modified by any Samba user.
- Create a directory with full permission:
mkdir shared_dir chmod 777 shared_dir
-
Set the default ACL with '-d' and modify with '-m' the permissions for samba nobody user nogroup group which volition utilize to all newly created file/directories.
setfacl -d -yard u:nobody:rwx,one thousand:nogroup:rwx,o::r-x shared_dir
GUI ACL Editor
The Eiciel
Useful ACL Resources
-
http://brunogirin.blogspot.com/2010/03/shared-folders-in-ubuntu-with-setgid.html
-
http://wiki.kaspersandberg.com/doku.php?id=howtos:acl
-
man acl
-
man setfacl
-
man getfacl
File removal
To remove a file you cannot delete utilise
sudo rm -rf filename
where filename is the name and path of the file to delete.
Nota bene: Be very conscientious when using the command rm with the -rf pick since -r makes the file removal recursive (meaning information technology will remove files within of folders) and -f will force the removal even for files which aren't writable. To play it condom, delight consider typing in the accented path to the file
sudo rm -rf /path/to/file/filename
to prevent any mishaps that can/volition occur. It takes longer to type only you tin can't put a price on peace of listen. See the rm man folio for details.
Sticky Chip
The sticky flake applies only to directories, and is typically used on publicly-writeable directories. Within a directory upon which the pasty bit is applied, users are prevented from deleting or renaming whatever files that they practice non personally own.
To add or remove the sticky chip, employ chmod with the "t" flag:
chmod +t <directory> chmod -t <directory>
The status of the mucilaginous bit is shown in the other execute field, when viewing the long output of ls. "t" or "T" in the other execute field indicates the sticky flake is ready, anything else indicates it is not.
Making a public directory:
user@host:/home/user$ mkdir folder user@host:/home/user$ chmod 777 folder user@host:/home/user$ ls -l total 3 drwxrwxrwx ii user user 4096 Nov nineteen 20:13 folder
Adding the sticky scrap (annotation the "t" in the other execute field):
user@host:/home/user$ chmod +t binder user@host:/dwelling/user$ ls -l full 3 drwxrwxrwt ii user user 4096 Nov nineteen 20:13 folder
See as well
-
man chmod
-
human being chown
-
human being chgrp
-
FindingFiles
-
User Private Groups
ToDo
- umask (add file and directory umask section, with specific focus on security)
-
The User Individual Group scheme. In other words, this folio does the basics and bolts ok, but we need to depict what the permissions should be. The default Ubuntu gear up is non doubter: Every user has their default private group. Directories for collaboration need to take special grouping and permission gear up for correct functioning.
-
* Suggestion: I frequently utilise find instead of chmod -R, because it'due south easier to differentiate betwixt files and directories that fashion. Yes, I know virtually the 'Ten' permission, but I don't trust it.
- The sticky chip. It's needed for "other" in shared directories like /tmp. It's needed for "group" in shared directories where write permission is given to a group, like /var/world wide web
Source: https://help.ubuntu.com/community/FilePermissions
0 Response to "Change Ownership of File Ubuntu Allow All Read"
Post a Comment