6.7 Changing a File's Owner or Group
The chown and chgrp
commands allow you to change the owner or the group of a file,
respectively.
6.7.1 chown: Changing a File's Owner
The chown
command lets you change the owner of a file. Only the
superuser can change the owner of a file
under most modern versions of Unix.
The chown command has the form:
chown [ -fRh ] owner filelist
The -f and -R options are
interpreted exactly as they are for the chmod
and chgrp commands, if supported. The
-h option is a bit different from that of
chmod. Under chown, the
option specifies that the owner of the link itself is changed and not
what the link points to.
Other entries have the following meanings:
- owner
-
The file's new owner; specify the owner by name or
by decimal UID
- filelist
-
The list of files whose owner you are changing
6.7.1.1 Old and new chown behavior
In earlier versions of Unix, all users could run the
chown command to change the ownership of a file
that they owned to that of any other user on the system. This lets
them "give away" a file. The
feature made sharing files back and forth possible, and allowed a
user to turn over project directories to someone else.
Allowing users to give away files can be a security problem because
it makes a miscreant's job of hiding his tracks much
easier. If someone has acquired stolen information or is running
programs that are trying to break computer security, that person can
simply change the ownership of the files to that of another user. If
he sets the permissions correctly, he can still read the results.
Permitting file giveaways also makes file quotas useless: a user who
runs out of quota simply changes the ownership of his larger files to
another user. Worse, perhaps, he can create a huge file and change
its ownership to someone else, exceeding that user's
quota instantly. If the file is in a directory to which the victim
does not have access, she is stuck.
The BSD development group saw these problems and changed the behavior
of chown so that only the superuser could change
ownership of files. This change has led to an interesting situation.
When the POSIX group working on a standard was faced with the hard
choice of which behavior to pick as standard, they bravely took a
stand and said "both." Thus,
depending on the setting of a system configuration parameter, your
system might use either the old AT&T behavior or the BSD-derived
behavior. We strongly urge you to choose the
BSD-derived behavior if your system presents such a choice. Not only
does it allow you to use file quotas and keep mischievous users from
framing other users, but many software packages you might download
from the Web or buy from vendors will not work properly if run under
the old AT&T-style environment.
6.7.1.2 Use chown with caution
If you have an old or odd system that came to you with the old
chown behavior, then ensure that the software
was written with that in mind. Be extra careful as you read some of
our advice in this book, because a few things we might recommend
won't work for you on such a system. Also, be
especially cautious about software you download from the Web or buy
from a vendor. Most of this software has been developed under
BSD-derived systems that limit use of chown to
the superuser. Thus, the software might have vulnerabilities when run
under your environment.
Do not mix the two types of systems when you are
using a network filesystem or removable, user-mountable media. The
result can be a compromise of your system. Files created with one
paradigm can be exploited with another.
Under some versions of Unix
(particularly those that let non-superusers
chown files), chown will
clear the SUID, SGID, and sticky bits. This is a security measure to
prevent SUID programs from being accidentally created. If your
version of Unix does not clear these bits when using
chown, check with an ls -l
after you have done a chown to make sure that
you have not suddenly created a SUID program that will allow your
system's security to be compromised. (Actually, this
process is a good habit to get into even if your system does do the
right thing.) Other versions of Unix will clear the execute, SUID,
and SGID bits when the file is written or modified. You should
determine how your system behaves under these circumstances and be
alert to combinations of actions that might accidentally create a
SUID or SGID file.
POSIX specifies
that when chown is executed on a symbolic link,
the ownership of the target of the link is changed instead of the
ownership of the link itself. POSIX further specifies that the
-R option does not follow symbolic links if they
point to directories (but nevertheless changes the ownership of these
directories). On most modern systems of Unix, there is a
-h option to chown (and
chgrp and chmod) that
instructs the command to not follow the link and to instead change
the permissions on the link itself—or to ignore the symbolic
link and change nothing. You should understand how this behaves on
your system and use it if appropriate.
6.7.2 chgrp: Changing a File's Group
The chgrp
command lets you change the file's group. The
behavior mirrors that of chown. Under most
modern versions of Unix, you can change the group of a file if you
are either of the following users:
On older AT&T versions of Unix, you can set any file you own to
any group that you want. That is, you can "give
away" files to other groups, just as you can give
away files to other users. Beware.
The chgrp command has the form:
chgrp [ -fRh ] group filelist
The -f and -R options are
interpreted the same as they are for the chmod
and chown commands. The -h
option is a bit different from that of chmod.
Under chgrp, the option specifies that the group
of the link itself is changed and not what the link points to.
Other entries have the following meanings:
- group
-
The group to which you are changing the file(s). The group may be
specified by name or with its decimal GID.
- filelist
-
The list of files whose group you are changing.
For example, to change the group of the file
paper.tex to chem, you
would type:
% chgrp chem paper.tex
% ls -l paper.tex
-rw-r--r-- 1 kevin chem 59321 Jul 12 13:54 paper.tex
%
Some versions of chown can also change a
file's group at the same time they change its owner.
The syntax is usually:
ch owner:group filelist
or:
ch owner.group filelist
|
