Often when working in Linux, users rarely think about who owns a file. When it comes to running a server, however, the situation changes. To increase security, the server gets its own user. It is not uncommon for servers to use the same group, like www-data. Next, let's see how this function works with files and directories. We will pay special attention to symbolic links, as they can cause problems when using insecure settings.
The file permissions standard came to Linux from Unix. So each object has a user, group in addition to this describes the rights of other users (other). The permissions consist of three items: read, write, execute. The umask command is used to change permissions, but the chown commands are used to change the owner and group directly. The ls command can be used to view current permissions.
The general form of the chgrp command is:
A list of common options for the chgrp command:
-h - work directly with the symbolic links themselves;
--dereference - work with files, not symbolic links themselves. Used by default;
-R - recursive processing of the directory with all its contents;
-H - follow symbolic link and change file/directory attributes. Used in conjunction with the -R parameter;
-L - follow the symbolic link and continue recursive processing. Used in conjunction with the -R parameter;
-P - when encountering a symbolic link, process only it. Used together with the -R parameter, is the default value;
--reference=sample_name - use the sample name;
-c - output only changes when processing;
-v - output information about each processed object.
The simplest example of using the chgrp command. The following changes the entire www-data object for the file file in the current folder:
And this one changes the group to www-data for the folder folder:
The command works in a very predictable way, changing their group. The objects in the folder remain unchanged. If symbolic links are processed, their attributes remain unchanged, but the object gets a new group. This behavior is similar to the handling of the --dereference parameter.
For example, these commands applied to symbolic links will work as shown in the screenshot:
Let's take a look at how the -h parameter, which changes the attributes of the symbolic link, works:
The group has been set not only to the directory, but to all the files inside. Note that the behavior has changed, now when processing a symbolic link the attributes are set for the link itself, not the object.
To see the difference between the -H and -L parameters, let's look at a couple more examples. Recall that they should be used in conjunction with -R:
Using -H, the behavior when processing symbolic links has changed, now they are handled as if the functions were executed separately. The attributes of the links do not change, the attributes of the objects themselves do, and recursive processing stops when you switch to a directory.
It performs one function - it changes the group of files and directories.
When processing symbolic links, you should be extremely careful not to damage systems.
Apply the discount by inserting the promo code in the special field at checkout: