Linux Tutorials - Herong's Tutorial Examples

∟Users and Groups

∟Group Access Permissions on Files

This section provides a tutorial example on how to control group access permissions on files. Use 'chgrp' to change group ownership. Use 'chmod g=' to change group access permission.

In the last tutorial, we learned the first 2 components of using groups to manage file access permissions: Defining a Group and Assigning Users to a Group. Now let's look at the third component:

3. Controlling File Group Access Permissions - File Group Access Permissions are controlled by 2 settings:

3.1. File Group Ownership - Each file has a group ownership which is the current context group of the user who created the file. For example, if I create a file call "junk", it will be owned by group "herong", which is the current context group of my login session. See the "Gid" field in the output.

herong$ touch junk

herong$ stat junk
  File: junk
  Size: 0           Blocks: 0          IO Block: 4096   regular empty file
Device: fd02h/64770d  Inode: 68319055    Links: 1
Access: (0664/-rw-rw-r--)  Uid: ( 1000/  herong)   Gid: ( 1000/  herong)
...

You can change group ownership of any given file with the "chgrp" command. For example, the following command changes the group ownership on "junk" to "dba".

root# chgrp dba junk

herong$ stat junk
  File: junk
  Size: 0           Blocks: 0          IO Block: 4096   regular empty file
Device: fd02h/64770d  Inode: 68319055    Links: 1
Access: (0664/-rw-rw-r--)  Uid: ( 1000/  herong)   Gid: ( 1004/    dba)

3.2 File Group Permissions - Each file has 3 permission codes, r, w and x, that control read, write and execute permissions granted for its group member users.

You can view current group permissions of any given file with the "ls -l" command. The first 10 characters in the output represent all permissions of the file including group permissions. The 3 group permission codes are located at 4, 5, 6 positions starting from 0. For example, the following command output shows "r, w, -" as group permissions on the file "junk":

herong$ ls -l junk

-rw-rw-r--. 1 herong dba 0 Oct 10 03:28 junk
0123456789
    |||
    rw- (group permissions)

So if you are assigned to the "herong" group, you can read and write on "junk". But you can not execute on "junk".

You can change group permissions of any given file with the "chmod g=" command. For example, the following command output shows "r, w, -" as group permissions on the file "junk":

herong$ chmod g=rwx junk

herong$ ls -l junk
-rw-rwxr--. 1 herong dba 0 Oct 10 03:28 junk
0123456789
    |||
    rwx (group permission changed)

Table of Contents

 About This Book

 Introduction to Linux Systems

 Cockpit - Web Portal for Administrator

 Process Management

 Memory Management

 Files and Directories

►Users and Groups

 Manage User Groups

►Group Access Permissions on Files

 "sudo" Command and Privilege

 "adduser/usermod/userdel" - Commands to Manage Users

 System Users and Groups

 Add Users and Groups Manually

 File Systems

 Block Devices and Partitions

 LVM (Logical Volume Manager)

 Installing CentOS

 SELinux - Security-Enhanced Linux

 Network Connection on CentOS

 Internet Networking Tools

 SSH Protocol and ssh/scp Commands

 Software Package Manager on CentOS - DNF and YUM

 vsftpd - Very Secure FTP Daemon

 LDAP (Lightweight Directory Access Protocol)

 Administrative Tasks

 References

 Full Version in PDF/EPUB

Group Access Permissions on Files - Updated in 2024, by Herong Yang