Saturday, March 2, 2013

Changing permissions (ownership) of directory or file including access permissions in Ubuntu

Sometimes users may need to change the permissions of a directory or a file in order to prevent of unauthorized accesses.If sometimes you need to give access to some user on file or a directory which owns by the root, then you need to give the permission to that particular user.Let's see how this goin to work.

Changing the ownership of filename

To change the ownership of a single file, you can run following command with specifing username and user group. 

         sudo chown <username>:<groupname> <filename>

         example :

                        sudo chown harsha:harsha textfile.txt

To change the ownership of a single file with only specifying username only you can run following command.

          sudo chown <username> <filename>

          example :
                        sudo chown harsha textfile.txt

Changing the ownership of directory
To change the ownership of a directory you can following command which recursively apply the ownership changes to sub directories and files also.

         sudo chown -R <username>:<groupname> < directory >
         example :
                              sudo chown harsha:harsha textDirectory/

By only username

         sudo chown -R <username> < directory >

         example :
                        sudo chown harsha textDirectory/

Access permissions
In the above posts I have describe how to change the ownership of a directory  or file.But for a movement if you change the ownership to root and let only root can access the directory and files you may need to change the access permissions to particular directory.

If you want to get a quick understanding about the permission matrices which  show the read write and execute permissions in Linux I recommand this link will provide better understanding.Numbers coming along with "chmod" command are the way of expressiong permissions.

How To change permission of file folder so only root can access open it

Step 1
  •  Change the ownership of the directory / file to root
       sudo chown root:root <direcotry or filename>
                sudo chown root:root textDirecotry/
Step 2             

  • Change the permissions so that only the owner of the file can read/write/execute it.(There is no point of applying permission for all the directories,cause if particular user cannot access root directory,then user won't be able to access the files and directories inside the root directory)
                 sudo chmod 700 <direcotry or filename>
                              sudo chmod 700 textDirecotry/

If file is a executable file you may give "sudo chmod 700" instead of "sudo chmod 600".

Details about permission numbers

  • chmod 700 
The directory’s owner can read or write files in that directory as well as change to it.
All other users (except root) have no access.
  • chmod 771 
Same as for the owner. All other users can change to the directory, but not view or change files
in the directory. This can be useful for server hardening,where you prevent someone from listing directory contents,but allow access to a file in the directory if someone already knows it’s there.
  • chmod 777 
All permissions are wide open.
  • chmod 0000 
All permissions are closed. Good to protect a directory from errant changes.
However, backup programs that run as non-root may fail to back up the directory’s contents.
  • chmod 666 
Open read/write permissions completely on a file.
  • chmod 644 
Only the owner can change or delete the file, but all can view it.

The first 0 in the mode line can usually be dropped (so you can use 777 instead of 0777).
The -R option is a handy feature of the chmod command. With -R, you can
recursively change permissions of all files and directories starting from a
point in the file system. Here are some


$ sudo chmod -R 700 /tmp/test Open permission only to owner below /tmp/test
$ sudo chmod -R 000 /tmp/test Close all permissions below /tmp/test
$ sudo chmod -R a+rwx /tmp/test Open all permissions to all below /tmp/test

No comments:

Post a Comment