I understand, Unix has 3 levels of ownership: Owner, Group, and Others. The owner is the one who creates the file and later on this Ownership can be moved using 'chown'. However, I am confused with chmod 777 to 'others' or 'groups'.
Executing the previous command on a file will also allow the users in the group/other to have the same privileges as the owner. Thus,
Is my understanding correct: A file can have multiple owners?
What is the use of chown if chmod 777 can help achieve the same task?
Can a user in 'chmod 777 group' restrict the access of the actual owner by the command chmod u=r filename?
The file can only have '1 owner', though if you wish to have mutiple 'owners' this is where groups come in. If alice and john are part of a group called 'hello' and the group 'hello' is assigned as the group owner, then alice and john are owners (as a part of the group) to the file. In the traditional sense however, no, there is only 1 owner. I often keep the root as the designated owner, and then incorporate groups as needed.
chmod is used to change the permissions of the actual file. When you execute chmod 777, you are allowing RWX (read, write, execute) access to owners, groups, and others. It would not achieve the same success as chmod does not actually change the ownership, which chown does. So chmod is in reference to defining who can do what to a file, chown is determining who owns the file.
No, they cannot change as they are not the owner of the file, but are owners as a 'member' of a group. And the command would actually be chmod u-r. '-' (minus) removes access and '+' (plus) adds.
You must not confuse: access rights and ownership.
If someone owns an object it has rights to do whatever he wants with it, including modifying access rights and ownership. Be aware that once someone resign for ownership he cannot get it back on his own. So, if you own a house you can manage it the way you want and let people enter or not.
Access rights define who can do what on a file, independently from ownership. I suppose it is frequent for you to enter a building without asking for ownership, this is the same.
Access rights just define if someone (or a group or a set of users) has the right to read the content, modify the content or execute the content (at least basically). But properties like ownership, access rights are not parts of content of the file, they are meta-data associated to, and modifying theses meta-data is possible in very special ways. Ownership and access rights for instance can only be modified by owner.
Now:
A file can have multiple owners?
Yes it is possible but not with the basic access rights and ownership as describes. In basic Unix, there can be only a single owner.
What is the use of chown if chmod 777 can help achieve the same task?
chown is ownership transfer (you sell your house). chmod is just a way to modify policy for people entering the house.
Can a user in 'chmod 777 group' restrict the access of the actual
owner by the command chmod u=r filename?
Don't know what 'chmod 777 group' is. But nobody except owner (and root but root is a very special user) can change any such metadata (ownership, access right).
Imagine you have 3 users on your system: krishnendu, mindy and wodin
krishnendu is in the following groups: krishnendu, staff, guests
mindy is in the following groups: mindy, staff
wodin is in the following groups: wodin, guests
The only member of the krishnendu group is the krishnendu user. The mindy and wodin groups are similar.
If you have a file (file1) owned by krishnendu and group krishnendu with mode 640 then only the krishnendu user has read/write access to the file.
If you chown the file without changing the mode: chown mindy file1 then it will still have group ownership of krishnendu and mode 640. This means that mindy will have read/write access, but the krishnendu user (because krishnendu is a member of the krishnendu group) will also have read-only access.
If you chmod 777 file1 after that, then it will still be owned by mindy with group ownership of krishnendu, but now all three users will have read/write/execute access to the file.
There can be only a single owner of a file. If you want to give a subset of users access while denying the other users on the system access you need to put that subset of users in a group and use chown or chgrp to change the files group owner.
e.g. if you create files file2 and file3, both with mode 640, and then do the following:
# chown root:staff file2
# chown root:guests file3
then only krishnendu and mindy will have access to file2, because they are in the staff group, but wodin is not. And only krishnendu and wodin will have access to file3 because they are in the guests group, but mindy is not.
So setting the file mode to 777 is not the same as changing the file owner.
Also, you generally don't want to use mode 777 for anything.
If a file has mode 777 it does not give any users other than root or the owner the ability to change the ownership or the mode.
Related
How to give all permissions to all the users in Linux? I know how to give permissions to single users but I don't know how to do it for all or multiple users. I'm kinda new at this.
In linux, each directory and file has 2 ownership info
user owner: who created the file
group owner: an entire group of user owning the file
And each directory and file has 3 set of permissions
user owner
group owner
other users : note: this is not 'all users' but 'other users', so if you are the user owner or member of group owner you are NOT part of other users
That said
you can give a permission to 'all others users' using last set of rwx permissions
you can give a permission to 'all users' using each set of permissions so both the owner and all members of the group owner and all other users can do what you want
| Be aware: do not use 777 (rwxrwxrwx) if is not absolutely necessary ! It opens to security concerns
I was trying to create two directories assignment and exam_papers containing assignment and question paper text files inside them respectively. After that, I created two users vipin , booma.Then added vipin to teacher group and booma to student group respectively.
Idea
The idea is I wanted to set permissions for assignment and exam_papers directory like only members of the teacher group can read write to the assignment and exam_paper directory and members of student and other users can only read the content of assignment directory
Here You can see that I removed all permissions from other users for exam_paper directory and gives only Read permission to other users for assignment directory.
Motive of this is, members of student group and other users can't access the exam_paper directory and can access assignment directory with only Read permission
Result
The result of all this is that even members of teacher group can't access both of these directories
Directories require executable access to enter/see contents. So if you wanted a group to have access privileges to a directory chmod -R 775 assignment/ should work.
I have following user who is the owner of the file:
I have another user called visitor (shown below) who do not belong to Administrators group, but he is still having write and other permission.
How do i enable file permission only to the owner and other users belonging to Administrators group in Cygwin and restrict to other users? I am assuming the setting I have provided will restrict write permission to all other users except arjunkhadka and any users that belong to Administrators group. Am I missing something??
I would like to know how to encrypt the FTP directory, because the employees that have an elevated permissions are able to see the content of the FTP although they don't need to access to this documents.
Thanks in advance
Encrypting the directory is not possible, but you could encrypt the underlying filesystem. However, anyone logged in with enough permissions to view the contents of that directory is still able to view files in it.
You're better off setting correct permissions for this directory, so that it doesn't include other employees/users rights.
So for example, if your FTP directory is in /home/ftp. Ensure it is only accessible by the ftp user (assuming 'ftpusr' is a valid user and 'ftpgrp' is a valid group)
# chown ftpusr:ftpgrp /home/ftp
# chmod 750 /home/ftp
This way only the user 'ftpusr' and all users belonging to the 'ftpgrp' group are able to view the files inside the directory.
For directory /var/www/ and its subdirectories, I wish users apache, phped, and Michael each to have r/w/x privileges on all existing files as well as future files created by each of these users. How should I do this?
You either want to put all those users in a group and set the group ownership of /var/www to that group. Then you'd want to set the group suid bit with something like chmod g+rwxs dirname to make all new files belong to the group.
Or you could use ACLs (Access Control Lists) see for example http://users.suse.com/~agruen/acl/linux-acls/online/
To make all new files belong to some certain group you can set the default ACL for the folder and all new files
[edit]
You create a new group groupadd mynewgroup and then useradd -G mynewgroup Michael and so on for all the users that should be in that group. Then you'll need to chgrp -R mynewgroup /var/www/ to set the group ownership of the directory.
create a group containing these users and assign group level permissions as per your desire.