Change Ownership with chown

On GNU/Linux every file is owned by a user and a group(consists of one or more than one user). There are 9 mode bits. rwxrwxrwx. rwx stands for read, write and execute. It is necessary for directories to have execute permission before a user can enter that. The first triplet of rwx is applicable for owner of the file, the second for group and the last applies to others. To control ownership and group of a file or directory you can use chown(change ownership) command. Synopsis:

chown [option]… {new-owner | --reference=ref_file} file…

If used, new-owner specifies the new owner and/or group as follows (with no embedded white space):

[owner] [ : [group] ]

Specifically:

owner If only an owner (a user name or numeric user ID) is given, that user is made the owner of each given file, and the files’ group is not changed. owner‘:’group

If the owner is followed by a colon and a group (a group name or numeric group ID), with no spaces between them, the group ownership of the files is changed as well (to group).

owner‘:’ If a colon but no group name follows owner, that user is made the owner of the files and the group of the files is changed to owner’s login group.

‘:’group If the colon and following group are given, but the owner is omitted, only the group of the files is changed; in this case, chown performs the same function as chgrp.

‘:’ If only a colon is given, or if new-owner is empty, neither the owner nor the group is changed.

If owner or group is intended to represent a numeric user or group ID, then you may specify it with a leading ‘+’.

So the command can be chwon owner or chown owner: or chown :group or chown :. Now let us look at most useful options supported by chown.

-c or --changes verbosely describes the action for each file whose ownership actually changes.

-f or --silent or --quiet Do not print error messages about files whose ownership cannot be changed.

--from=old-owner Change a file’s ownership only if it has current attributes specified by old-owner. old-owner has the same form as new-owner described above. This option is useful primarily from a security standpoint in that it narrows considerably the window of potential abuse. For example, to reflect a user ID numbering change for one user’s files without an option like this, root might run
find / -owner OLDUSER -print0 | xargs -0 chown -h NEWUSER
But that is dangerous because the interval between when the find tests the existing file’s owner and when the chown is actually run may be quite large. One way to narrow the gap would be to invoke chown for each file as it is found:
find / -owner OLDUSER -exec chown -h NEWUSER {} \;
But that is very slow if there are many affected files. With this option, it is safer (the gap is narrower still) though still not perfect:
chown -h -R --from=OLDUSER NEWUSER /

--dereference Do not act on symbolic links themselves but rather on what they point to. This is the default when not operating recursively.

Combining this dereferencing option with the --recursive option may create a security risk: During the traversal of the directory tree, an attacker may be able to introduce a symlink to an arbitrary target; when the tool reaches that, the operation will be performed on the target of that symlink, possibly allowing the attacker to escalate privileges.

-h or --no-dereference Act on symbolic links themselves instead of what they point to. This mode relies on the lchown system call. On systems that do not provide the lchown system call, chown fails when a file specified on the command line is a symbolic link. By default, no diagnostic is issued for symbolic links encountered during a recursive traversal, but see --verbose.

--preserve-root Fail upon any attempt to recursively change the root directory, /. Without --recursive, this option has no effect.

--no-preserve-root Cancel the effect of any preceding --preserve-root option.

--reference=ref_file Change the user and group of each file to be the same as those of ref_file. If ref_file is a symbolic link, do not use the user and group of the symbolic link, but rather those of the file it refers to.

-v or --verbose Output a diagnostic for every file processed. If a symbolic link is encountered during a recursive traversal on a system without the lchown system call, and --no-dereference is in effect, then issue a diagnostic saying neither the symbolic link nor its referent is being changed.

-R or --recursive Recursively change ownership of directories and their contents.

-H If --recursive (-R) is specified and a command line argument is a symbolic link to a directory, traverse it.

-L In a recursive traversal, traverse every symbolic link to a directory that is encountered.

Combining this dereferencing option with the --recursive option may create a security risk: During the traversal of the directory tree, an attacker may be able to introduce a symlink to an arbitrary target; when the tool reaches that, the operation will be performed on the target of that symlink, possibly allowing the attacker to escalate privileges.

-P Do not traverse any symbolic links. This is the default if none of -H, -L, or -P is specified.

Examples:

# Change the owner of /u to "root".
chown root /u

# Likewise, but also change its group to "staff".
chown root:staff /u

# Change the owner of /u and subfiles to "root".
chown -hR root /u

Leave a comment

Your email address will not be published. Required fields are marked *