Recognizing Problems with Permissions and Ownership

When users cannot access files or directories that they used to be able to access, the most likely problem is that permissions or ownership on the files or directories has changed.

Frequently, file and directory ownerships change because someone edited the files as root. When you create home directories for new users, be especially careful to make the user the owner of both the home directory and the dot (.) files in the home directory.

Another way access problems can arise is when the group ownership changes or when a group of which a user is a member is deleted from the /etc/groups database.

Changing File Ownership

NOTE. You must own a file or directory (or have root permission) to be able to change its ownership. If the {_POSIX_CHOWN_RESTRICTED} configuration option is enabled (the default), you must be superuser to change ownership of a file, even if you own it. See "Changing File Ownership or Permissions (chown, chmod, chgrp)" on page 77 for more information.

Use the following steps to change file ownership.

Type ls -l filename and press Return. The owner of the file is displayed in the third column.
Become superuser.
Type chown new-owner filename and press Return. Ownership is assigned to the new owner you specify, in this case, ignatz.

oak% ls -l quest
-rw-r--r--  1  fred   staff    6023 Aug   5 12:06 quest
oak% su
Password:
# chown ignatz quest
# ls -l quest
-rw-r--r--  1 ignatz    staff     6023 Aug 5 12:06 quest
#

Changing File Permissions

You use the chmod command to change file permissions. You can change permissions in two ways. If you use letters, use the following syntax.

chmod [who] operator [permission(s)] file-name

For who, you can specify u, g, or o (for user, group, or other). You can specify a to change all operators. If you do not specify who the permissions are for, permissions are changed for all three groups. The operator is either + to add permission or – to take away permission. The permissions are r, w, or x, for read, write, or execute. See the chmod(1) manual page for more information.

For example, to grant read, write, and execute permissions to everyone, type chmod +wrx filename and press Return.

oak% chmod +wrx kookaburra
oak% ls -l kookaburra
-rwxrwxrwx  1    janice    staff    54   Jul 7   11:33   kookaburra
oak%

To grant read and execute permissions to everyone, type chmod +rx filename and press Return.

oak% chmod +rx kookaburra
oak% ls -l kookaburra
-r-xr-xr-x  1    janice   staff   54 Jul 7   11:34  kookaburra
oak%

Another way to change the permissions to read and execute only would be to deny write permission to everyone. Type chmod –w filename and press Return.

oak% chmod -w kookaburra
oak% ls -l kookaburra
-r-xr-xr-x  1    janice   staff    54 Jul 7   11:35  kookaburra
oak%

To change ownership for a specific group, type the letter for the group followed by the operator and the permission. In the following example, read, write, and execute permissions have been granted for the owner to the file kookaburra.

oak% chmod u+wrx kookaburra
oak% ls -l kookaburra
-rwxr-xr-x  1    janice   staff   54 Jul 7   11:36 kookaburra
oak%

To deny execute permissions to group and other, type chmod go-x filename and press Return.

oak% chmod go-x kookaburra
oak% ls -l kookaburra
-rwxr--r--  1    janice   staff   54 Jul 7   11:37 kookaburra
oak%

With the chmod command, you can also use a numeric argument that describes the user class and permission to change as a sequence of bits. Table 98 shows the octal values for setting file permissions. You use these numbers in sets of three to set permissions for owner, group, and other. For example, the value 644 sets read/write permissions for owner and read-only permissions for group and other.

Table 98. Octal Values for File Permissions
Value
Description
0
No permissions.
1
Execute-only.
2
Write-only.
3
Write, execute.
4
Read-only.
5
Read, execute.
6
Read, write.
7
Read, write, execute.

Use the following steps to change permissions on a file.

Type ls -l filename and press Return.

The long listing shows the current permissions for the file.
Type chmod nnn filename and press Return.

Permissions are changed according to the numbers you specify.

NOTE. You can change permissions on groups of files or on all files in a directory by using metacharacters such as * and ? in place of file names or in combination with them.

The following example changes the permissions of a file from 666 (read/write, read/write, read/write) to 644 (read/write, read-only, read-only).

oak% ls -l quest
-rw-rw-rw-  1 ignatz    staff    6023 Aug   5 12:06 quest
oak% chmod 644 quest
oak% ls -l quest
-rw-r--r--  1 ignatz    staff    6023 Aug   5 12:06 quest
oak%

Changing File Group Ownership

If a file has an incorrect group owner, users of the group won't be able to make changes to the file. To change file group ownership, you must either be a member of the group, owner of the file, or root.

To change the group ID for a file, type chgrp gid filename and press Return. The group ID for the file you specify is changed. With the Solaris Operating Environment, the ls -l command shows the owner and the group for the file. You can display only the group owner by using the ls -lg command.

$ ls -lg junk
-rw-r--r-- 1 other 0 Oct 31 14:49 junk
$ chgrp 10 junk
$ ls -lg junk
-rw-r--r-- 1 staff 0 Oct 31 14:49 junk
$

The group ID is found in the group database indicated by the group entry in the /etc/nsswitch.conf Nameservice Switch configuration file or the local /etc/group file.

[ Team LiB ]