Changing owners and groups

Using hello.txt for exploratory work in the previous sections, we have shown how the owner of an object can allow various forms of access by managing the permission bits of the object. Changing the permissions is accomplished using the chmod syscall. Changing the user and/or group is done with the chown syscall. In this section, we will investigate the details of these operations in action.

Let's start by granting read and write permissions only to the owner of hello.txt file, bookuser.

$ chmod 0600 hello.txt
$ stat hello.txt
 File: `hello.txt'
 Size: 12 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 1587858 Links: 1
Access: (0600/-rw-------) Uid: ( 1000/bookuser) Gid: ( 1000/bookuser)
Access: 2014-08-23 12:34:30.147146826 -0700
Modify: 2014-08-23 12:47:19.123113845 -0700
Change: 2014-08-23 12:59:04.275083602 -0700
 Birth: -

As we can see, the file permissions are now set to only allow read and write access for bookuser. A thorough reader could execute the commands from earlier sections in this chapter to verify that permissions work as expected.

Changing the group can be done in a similar fashion with chown. Let's change the group to testuser:

$ chown bookuser:testuser hello.txt
chown: changing ownership of `hello.txt': Operation not permitted

This did not work as we intended, but what is the issue? In Linux, only privileged processes can change the USER and GROUP fields of objects. The initial USER and GROUP fields are set during object creation from the effective USER and GROUP, which are checked when attempting to execute that process. Only processes create objects. Privileged processes come in two forms: those running as the almighty root and those that have their capabilities set. We will dive into the details of capabilities later. For now, let's focus on the root.

Let's change the user to root to ensure executing the chown command will change the group of that object:

$ sudo su
# chown bookuser:testuser hello.txt 
Now, we can verify the change occurred successfully:
# stat hello.txt
 File: `hello.txt'
 Size: 12 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 1587858 Links: 1
Access: (0600/-rw-------) Uid: ( 1000/bookuser) Gid: ( 1001/testuser)
Access: 2014-08-23 12:34:30.147146826 -0700
Modify: 2014-08-23 12:47:19.123113845 -0700
Change: 2014-08-23 13:08:46.059058649 -0700
 Birth: -