File Ownership

Files have two owners: user and group, which are decoupled and nondependent. The file’s user-owner could actually be outside of the group that owns the very same file. Such flexibility enables full UNIX scalability to exclude certain members of the user-owner’s group and treat them as others.

Information about a file’s ownership and permissions is kept in the file’sindex node, better known by its short name inode. UNIX does not allow direct managing of index nodes; indirect management is provided through a certain number of commands that handle specific segments of the index nodes. A brief overview of the most common of these commands follows.

The long form of the ls command is used to display the ownership of a file or a directory, with a slightly different meaning of options for System V and BSD UNIX:

#ls-l System V

#ls-lg BSD

The system response looks like:

drwx--- 2 bjl mail 24 Mar 24 13:19 Mail -rw-rw-rw- 1 bjl users 20 May 2 13:26 modefile1

-rw-rw-rw- 1 bjl users 20 May 2 13:30 modefile2 -rw-rw-rw- 1 bjl users 20 May 2 13:30 modefile3

The file ownerships are presented in the third column (for a user-owner), and fourth column (for a group-owner). In this example, all files (modefiles1,2, and 3) are owned by the user bjl and the group users.

Ownership of a newly created file is determined in the following way:

• The user-owner is the user who has created the file

• The group-owner is:

• Same as the group-owner for the directory where the new file was created (for BSD)

• Same as the group to which the user who created the file belongs (for System V) Please note that this rule only applies to newly created files; once a file is created, its ownership can be arbitrarily modified.

The chown command is used to change the user ownership of a file or a directory:

# chownnewowner filename(s) where:

newowner A user name, or user-ID (UID)

filename A file name in the current directory, or a full-path file name (if multiple files are specified, they are separated by a space)

Directories are treated in the same way as files; to change the user ownership of a directory itself, type the command:

# chownnewowner directoryname(s) where:

newowner A user name, or user-ID (UID)

directoryname A subdirectory name in the current directory, or a full-path directory name (if multiple directories are specified, they are separated by a space).

However, to change the user ownership of a directory and all subdirectories and files within it, the chown command should be used recursively (the option -R):

# chown -Rnewowner directoryname(s)

(The command arguments are the same as those in the previous example.) Who is authorized to change the user ownership?

user-owner of the file, or root (System V)

root only (BSD)

Please note that on the System V platform, if the original owner transfers user-ownership to another user, it can only be transferred back to the original user-owner by the new user who now owns the file, or by root. Also, such a change of ownership is

restricted: some access rights cannot be transferred to the new user (we will discuss this issue in more details later).

Generally, each recursive command must be accomplished extremely carefully; the started command does not stay within the specified directory; it is propagated toward all existing subdirectories, files in these subdirectories, subsequent subdirectories, and so on, until the very end of the directory hierarchy (could be very, very deep). If implemented in the root directory, each recursive command affects every single file in the system.

Try to remember an unpleasant event when an administrator wanted to change recursively the owner for a certain directory (of course the administrator did that as the superuser). The administrator typed in the command and started to specify the full pathname of the directory; unfortunately the administrator hit unintentionally the [Enter] key too early, just after the leading “/” (slash character) of the directory path was typed. The disastrous command: chown -R newuser / was issued, causing recur-sive changes of many system files, and soon a collapse of the system. The only solution was to reinstall and restore the system from a backup (if such a backup is available at all).

The chgrp command is used to change the group ownership of a file or a directory:

# chgrpnewgroup filename(s)/directoryname(s) where:

newgroup A group name, or a group-ID (GID)

filename A file name in the current directory, or a full-path file name

directoryname A subdirectory name in the current directory, or a full-path directory name (multiple names are separated by a space)

To change the group ownership of a directory, and all subdirectories and files within it, the chgrp command should be used recursively (the option -R):

# chgrp -Rnewgroup directoryname(s)

Who is authorized to change the group ownership?

user-owner of the file, or root

Originally, the BSD UNIX allowed simultaneous changes of the file’s user and group ownership, using the same chown command in the following way:

# chownnewowner.newgroup filename(s)

# chown -Rnewowner.newgroup directoryname

where:

newowner A user name, or an UID newgroup A group name, or a GID

filename A file name in the current directory or a full-path file name

directoryname A subdirectory name in the current directory, or a full-path directory name

Today, most modern UNIX flavors (whether BSD- or System V-derived) accept this useful idea and allow the same simultaneous change, with slightly different syntax:

# chownnewowner:newgroup filename(s)

# chown -Rnewowner:newgroup directoryname

Instead of a dot (.) that was originally used as a separator between the new user and group name, now the colon (:) is introduced.

For a better understanding, a few examples follow:

Let’s start with a long listing of a directory (the logged-in user is bjl):

$ ls -l

drwx--- 2 bjl mail 24 Mar 24 13:19 Mail -rw-rw-rw- 1 bjl users 20 May 2 13:26 modefile1 -rw-rw-rw- 1 bjl users 20 May 2 13:30 modefile2 -rw-rw-rw- 1 bjl users 20 May 2 13:30 modefile3 -rw-rw-rw- 1 bjl users 2106 May 2 13:31 ses1.tmp

The user can change the user and group owners for certain files:

$ chown dubey modefile1

$ chgrp other modefile2

$ ls -l

drwx--- 2 bjl mail 24 Mar 24 13:19 Mail -rw-rw-rw- 1 dubey users 20 May 2 13:26 modefile1 -rw-rw-rw- 1 bjl other 20 May 2 13:30 modefile2 -rw-rw-rw- 1 bjl users 20 May 2 13:30 modefile3 -rw-rw-rw- 1 bjl users 2106 May 2 13:31 ses1.tmp

And then regains the group ownership of the changed file modefile2:

$ chgrp users modefile2

Regaining user ownership of the changed file modefile1 is not as simple; the logged-in user bjl doesn’t own this file anymore, and only the new owner or the superuser can reassign user ownership to bjl. Supposing that switching to root is possible (in most cases it is not possible, only administrators know the root password that is always required to become the superuser):

$ su

Password: ********

# chown bjl modefile1

# ls -l

total 8

drwx--- 2 bjl mail 24 Mar 24 13:19 Mail -rw-rw-rw- 1 bjl users 20 May 2 13:26 modefile1 -rw-rw-rw- 1 bjl users 20 May 2 13:30 modefile2 -rw-rw-rw- 1 bjl users 20 May 2 13:30 modefile3 -rw-rw-rw- 1 bjl users 2106 May 2 13:31 ses1.tmp