Group Access Permissions on Files

Provides a tutorial example on how to control group access permissions on files. Use 'chgrp' to change group ownership. Use 'chmod g=' to change group access permission.

In the last tutorial, we learned the first 2 components of using groups to manage file access permissions: Defining a Group and Assigning Users to a Group. Now let's look at the third component:

3. Controlling File Group Access Permissions - File Group Access Permissions are controlled by 2 settings:

3.1. File Group Ownership - Each file has a group ownership which is the current context group of the user who created the file. For example, if I create a file call "junk", it will be owned by group "herong", which is the current context group of my login session. See the "Gid" field in the output.

herong$ touch junk

herong$ stat junk
  File: junk
  Size: 0           Blocks: 0          IO Block: 4096   regular empty file
Device: fd02h/64770d  Inode: 68319055    Links: 1
Access: (0664/-rw-rw-r--)  Uid: ( 1000/  herong)   Gid: ( 1000/  herong)
...

You can change group ownership of any given file with the "chgrp" command. For example, the following command changes the group ownership on "junk" to "dba".

root# chgrp dba junk

herong$ stat junk
  File: junk
  Size: 0           Blocks: 0          IO Block: 4096   regular empty file
Device: fd02h/64770d  Inode: 68319055    Links: 1
Access: (0664/-rw-rw-r--)  Uid: ( 1000/  herong)   Gid: ( 1004/    dba)

3.2 File Group Permissions - Each file has 3 permission codes, r, w and x, that control read, write and execute permissions granted for its group member users.

You can view current group permissions of any given file with the "ls -l" command. The first 10 characters in the output represent all permissions of the file including group permissions. The 3 group permission codes are located at 4, 5, 6 positions starting from 0. For example, the following command output shows "r, w, -" as group permissions on the file "junk":

herong$ ls -l junk

-rw-rw-r--. 1 herong dba 0 Oct 10 03:28 junk
0123456789
    |||
    rw- (group permissions)

So if you are assigned to the "herong" group, you can read and write on "junk". But you can not execute on "junk".

You can change group permissions of any given file with the "chmod g=" command. For example, the following command output shows "r, w, -" as group permissions on the file "junk":

herong$ chmod g=rwx junk

herong$ ls -l junk
-rw-rwxr--. 1 herong dba 0 Oct 10 03:28 junk
0123456789
    |||
    rwx (group permission changed)

Table of Contents

 About This Book

 Introduction to Linux Systems

 Cockpit - Web Portal for Administrator

 Process Management

 Files and Directories

Users and Groups

 Manage User Groups

Group Access Permissions on Files

 "sudo" Command and Privilege

 "adduser/usermod/userdel" - Commands to Manage Users

 File Systems

 Block Devices and Partitions

 LVM (Logical Volume Manager)

 Installing CentOS

 SELinux - Security-Enhanced Linux

 Network Connection on CentOS

 Software Package Manager on CentOS - DNF and YUM

 Running Apache Web Server (httpd) on Linux Systems

 Running PHP Scripts on Linux Systems

 Running MySQL Database Server on Linux Systems

 Running Python Scripts on Linux Systems

 vsftpd - Very Secure FTP Daemon

 Postfix - Mail Transport Agent (MTA)

 Dovecot - IMAP and POP3 Server

 Email Client Tools - Mail User Agents (MUA)

 LDAP (Lightweight Directory Access Protocol)

 GCC - C/C++ Compiler

 Conda - Environment and Package Manager

 Tools and Utilities

 Administrative Tasks

 References

 Full Version in PDF/EPUB