So what is the difference between *NIX's chmod and chown.
For the sake of simplicity lets create a simple file called temp and a directory call test
touch creates a file and
ls -l list all files and directories and showing the rights and owners with the date of last modification/access/creation and the weight of the file. Finally
mkdir creates a new directory. Before going through the difference between
chmod, let's have a quick look at the rights settings for the temp file and test directory.
Next to the name, a strange looking combination of letters:
-rw-r--r-- -> somefile
-rw-r--r-- -> somedirectory
These are donate to as X XXX XXX XXX
Each item is either a file or a directory and this is indicated by the first x. For the file called
somefile there is nothing there just
- however for
somedirectory this field is given the letter
d to indicate that it is a directory.
the first set of xxx indicates the rights for the owner. The second set of xxx indicates the rights of the group which the owner belongs to
the final set of xxx indicates the rights for all others.
So we have following letters to donate each of these parties:
u - Onwer (o is used for Other users)
g - Group which the onwer belongs to
o - Other Users (anyone else)
a - to indicate All users
for the rights we have three different rights
r - Read
w - Write
x - eXecute
Therefore the above gibberish letters now mean something:
is a file, that its owner can read and write (modify) but not execute, same for the group and only read for all other users. The ability of executing allow users to run shell scripts or other form of application on the linux/unix machine.
somedirectory is a directory which donated by the first x which is set to
d. However the rights on directories are bit more complicated than the rights of a file. Without going into great details the execute on a directory which sometimes called
search permission is needed when, well, searching for a directory. Also needed among other important things such as the ability to
ls -l or
ll which shows much information regarding the files within the directory. Going back, all of the users are allowed to read, write and 'execute' on the folder except others can not write. Meaning can not add new files or sub-directory within the directory nor modify any.
So Who on God's Grey Mars is the owner and the group I have been ranting about!
Looking back at the snapshot about, you'll see my name appear twice next to each line. The first one to the left indicate the owner , and the second one on the left indicates the group which I belong to and it happened to be called the same.
We'll come to those a bit later.
Literary means ‘CHANGE MODE’. This helps change the mode of a file or group of files rights to execute, read and write. In other words, changing those
*XXX* that I mentioned above to give different users different level of access.
There are different ways of doing so, either by choosing the classic method using numbers which would translate to simple binary 0 or 1 for 'ON' or 'OFF' sitting, or using the above keys to change the mode for each group or all of them.
The following table shows three important elements, the decimal number which is used to set the permission, the permission type relative to the decimal and its equitant in binary:
|7||read, write & execute||111|
|6||read & write||110|
|5||read & execute||101|
|3||write & execute||011|
Hence, let's say we want to set
somefile to be executed, read and written by only the owner:
The file rights now have changes. Each number of 700 gives different modes to different users. The first number 7 for owner, second number 0 for the group and as you guessed it the last for everyone else.
With directories you can have more option. Setting the mod of a directory and its conaints at once:
*chmod -R* allow for recursive behaviour. Which means that when applied the permissions will be applied to the directory and whatever inside.
Which is the easier way of doing things, to change a permission all what you need is decide the targets using the keys mention above and the rights you want to give them. For example:
Notice that no spaces between each group.
chown u=rwx,g=rx,o=rx somefile
As you can see, it is easier to change modes this way.
Also refer to
man chmod &
chmod --help for more information
What if you need to change the 'OWN'ership of a file or a directory? For example, when you have a public directory used from your website to load pictures or other media, you need to allow the serving application, usually Apache or Nginx, to have onwership of such folders.
Other examples; creating Unix user which is responsible for handling executing, editing applications and stopping or starting processes with certain directory using its files and contents.
This is the easy part,
sudo chown username:groupname filename
To change a file or a directory ownership or the group simply do this. Example:
in this case we kept the same owner but changed the group. note that chown requires a sudo to work
These two tools allow for greater user/file management. Deciding on user’s roles and fitting each user in the correct groups. Allow certain users to override files and change them. All these are important in daily work.
Separation of concerns and creating groups are on the list for subject that I would like to write on. Stay tuned.