CIS Header Left CIS Header Center
C-2-100 Mackinac Hall
1 Campus Drive
Allendale, MI 49401

Phone:616-331-2060
Fax:616-331-2106
email: info@cis.gvsu.edu

ABET Accredited Symbol

The Computer Science and Information Systems programs are accredited by the Computing Accreditation Commission of ABET.
Find us on Facebook
Find us on Twitter
Linux Groups

Index->Linux Groups

Linux Groups

Overview and Goals

At the completion of this lab, you will be able to...

  1. change the group owner of a file
  2. change the group permissions of a file

The following utilities are used in this lab: chgrp(1) chmod(1)

Introduction

In Linux (and another other UNIX variants) users can belong to one or more "groups" that permit members to share files. This tutorial describes the basic aspects of groups and how to use them effectively.

NB: This tutorial assumes that you have already been assigned a member of a group. If not, please talk to your sys. admin. and have them create a group for you.

Group Ownership and Permissions

Before getting to the details of group membership, let's review some filesystem basics. Execute "ls -l is your home directory and take a look at columns 1, 3 and 4.

The third column in the output tells you the owner of a file. The owner of all the files is probably yourself.

The fourth column is the "group owner": which group owns the file. For example, the group owner of your files might be "users", which is a group that includes everyone who has an account on the system.

The first column tells you the permission for each file: what is a user allowed to do to your files. Recall that this information is divided into four sections:

  1. The first character tells you the type of file: '-' for normal files, 'd' for directories, etc.
  2. The next three characters give the permissions for the owner of the file. For example, "rwx" means that the owner (probably yourself) can read, write, and execute the file.
  3. The middle three characters give the permissions for members of the group that owns the file. For example, if users is the group owner, and the group permissions are "r-x" then everyone in the users group can read and execute the file.
  4. The last three characters give the permissions for everyone else. That is, not yourself, and not members of the group that owns the file.

The essence of groups is that by changing the group owner and group permissions of a file you can control who has access.

Changing Group Ownership and Permissions

Changing the group owner of a file is done with the "chgrp" command. Typing "chgrp group file" changes the group owner of file to the given group. You can use the "-R" option to recursive change the group owner of a directory and everything in it.

Changing the group permissions of a file is done with the "chmod" command, and is covered in a different tutorial.

Automatically Setting Group Ownership and Permissions

Using chgrp and chmod are certainly useful, but if you are changing lots of files spread throughout a number of directories, then keeping track of which files you've changed so you can go back and set the group owner and permissions can become difficult. Enter newgrp and umask.

When you log in, your "real group ID" is your default group. In the EOS lab, this is probably users. That means every file you create or edit will have its group owner set to users. Execute "touch file1" then run "ls -l". See that file1 has a group owner of users. What if you want to automatically have every file created or edited have a different group owner?

The "newgrp" command changes your "real group ID" to a group that you specify. Once executed, every file that you create or edit will have a new group owner. For example, assume that you are a member of the buddies group. Typing "newgrp buddies" will change your shell so that all new or edited files will be owned by the group buddies. Typing "newgrp" without an argument will change your shell back to using your default group. Try executing "newgrp groupname" where groupname is a group to which you belong. Now try "touch file2" followed by "ls -l". You should see that the file file2 is owned by the group you specified.

There's one more step. Look at the group permissions on file2. They are probably "r--", meaning that group members can only read the file, not edit it. Of course, you could use chmod to allow the group to change the file, but there's a slicker way.

Every shell has a variable called the "umask" that determines which permission bits must be turned off when a new file is created. For example, you probably don't want to allow everyone in the world to edit your files, so the umask specifies that the "world write" permission bit should never be set on new files. Unfortunately (?), the default umask also says that the "group write" permission bit should be turned off too. Lucklily, you can change the umask easily.

Type "umask 002", followed by "touch file3", followed by "ls -l". You should notice that the group write bit is now set, allowing members of the group to write to the file. See the chmod man page for more details, but briefly "002" is an octal representation of the nine permission bits.

Summary

In summary, you can use chgrp and chmod to explicitly change the group owner and permissions on a file.

To implicitly change every new file and every file you edit, type the following: "newgrp groupname; umask 002". To turn off this behaviour, type "newgrp; umask 022".

Top

This page was last modified July 15 2003.
Send comments to the CIS School Webmaster.
 Copyright ©1995 - 2009 Grand Valley State University.
GVSU is an Equal Opportunity/Affirmative Action Institution.