coreutils: chown invocation
1
1 13.1 ‘chown’: Change file owner and group
1 =========================================
1
1 ‘chown’ changes the user and/or group ownership of each given FILE to
1 NEW-OWNER or to the user and group of an existing reference file.
1 Synopsis:
1
1 chown [OPTION]... {NEW-OWNER | --reference=REF_FILE} FILE...
1
1 If used, NEW-OWNER specifies the new owner and/or group as follows
1 (with no embedded white space):
1
1 [OWNER] [ : [GROUP] ]
1
1 Specifically:
1
1 OWNER
1 If only an OWNER (a user name or numeric user ID) is given, that
1 user is made the owner of each given file, and the files’ group is
1 not changed.
1
1 OWNER‘:’GROUP
1 If the OWNER is followed by a colon and a GROUP (a group name or
1 numeric group ID), with no spaces between them, the group ownership
1 of the files is changed as well (to GROUP).
1
1 OWNER‘:’
1 If a colon but no group name follows OWNER, that user is made the
1 owner of the files and the group of the files is changed to OWNER’s
1 login group.
1
1 ‘:’GROUP
1 If the colon and following GROUP are given, but the owner is
1 omitted, only the group of the files is changed; in this case,
1 ‘chown’ performs the same function as ‘chgrp’.
1
1 ‘:’
1 If only a colon is given, or if NEW-OWNER is empty, neither the
1 owner nor the group is changed.
1
1 If OWNER or GROUP is intended to represent a numeric user or group
11 ID, then you may specify it with a leading ‘+’. ⇒Disambiguating
names and IDs.
1
1 Some older scripts may still use ‘.’ in place of the ‘:’ separator.
1 POSIX 1003.1-2001 (⇒Standards conformance) does not require
1 support for that, but for backward compatibility GNU ‘chown’ supports
1 ‘.’ so long as no ambiguity results. New scripts should avoid the use
1 of ‘.’ because it is not portable, and because it has undesirable
1 results if the entire OWNER‘.’GROUP happens to identify a user whose
1 name contains ‘.’.
1
1 It is system dependent whether a user can change the group to an
1 arbitrary one, or the more portable behavior of being restricted to
1 setting a group of which the user is a member.
1
1 The ‘chown’ command sometimes clears the set-user-ID or set-group-ID
1 permission bits. This behavior depends on the policy and functionality
1 of the underlying ‘chown’ system call, which may make system-dependent
1 file mode modifications outside the control of the ‘chown’ command. For
1 example, the ‘chown’ command might not affect those bits when invoked by
1 a user with appropriate privileges, or when the bits signify some
1 function other than executable permission (e.g., mandatory locking).
1 When in doubt, check the underlying system behavior.
1
11 The program accepts the following options. Also see ⇒Common
options.
1
1 ‘-c’
1 ‘--changes’
1 Verbosely describe the action for each FILE whose ownership
1 actually changes.
1
1 ‘-f’
1 ‘--silent’
1 ‘--quiet’
1 Do not print error messages about files whose ownership cannot be
1 changed.
1
1 ‘--from=OLD-OWNER’
1 Change a FILE’s ownership only if it has current attributes
1 specified by OLD-OWNER. OLD-OWNER has the same form as NEW-OWNER
1 described above. This option is useful primarily from a security
1 standpoint in that it narrows considerably the window of potential
1 abuse. For example, to reflect a user ID numbering change for one
1 user’s files without an option like this, ‘root’ might run
1
1 find / -owner OLDUSER -print0 | xargs -0 chown -h NEWUSER
1
1 But that is dangerous because the interval between when the ‘find’
1 tests the existing file’s owner and when the ‘chown’ is actually
1 run may be quite large. One way to narrow the gap would be to
1 invoke chown for each file as it is found:
1
1 find / -owner OLDUSER -exec chown -h NEWUSER {} \;
1
1 But that is very slow if there are many affected files. With this
1 option, it is safer (the gap is narrower still) though still not
1 perfect:
1
1 chown -h -R --from=OLDUSER NEWUSER /
1
1 ‘--dereference’
1 Do not act on symbolic links themselves but rather on what they
1 point to. This is the default when not operating recursively.
1
1 Combining this dereferencing option with the ‘--recursive’ option
1 may create a security risk: During the traversal of the directory
1 tree, an attacker may be able to introduce a symlink to an
1 arbitrary target; when the tool reaches that, the operation will be
1 performed on the target of that symlink, possibly allowing the
1 attacker to escalate privileges.
1
1 ‘-h’
1 ‘--no-dereference’
1 Act on symbolic links themselves instead of what they point to.
1 This mode relies on the ‘lchown’ system call. On systems that do
1 not provide the ‘lchown’ system call, ‘chown’ fails when a file
1 specified on the command line is a symbolic link. By default, no
1 diagnostic is issued for symbolic links encountered during a
1 recursive traversal, but see ‘--verbose’.
1
1 ‘--preserve-root’
1 Fail upon any attempt to recursively change the root directory,
11 ‘/’. Without ‘--recursive’, this option has no effect. ⇒
Treating / specially.
1
1 ‘--no-preserve-root’
11 Cancel the effect of any preceding ‘--preserve-root’ option. ⇒
Treating / specially.
1
1 ‘--reference=REF_FILE’
1 Change the user and group of each FILE to be the same as those of
1 REF_FILE. If REF_FILE is a symbolic link, do not use the user and
1 group of the symbolic link, but rather those of the file it refers
1 to.
1
1 ‘-v’
1 ‘--verbose’
1 Output a diagnostic for every file processed. If a symbolic link
1 is encountered during a recursive traversal on a system without the
1 ‘lchown’ system call, and ‘--no-dereference’ is in effect, then
1 issue a diagnostic saying neither the symbolic link nor its
1 referent is being changed.
1
1 ‘-R’
1 ‘--recursive’
1 Recursively change ownership of directories and their contents.
1
1 ‘-H’
1 If ‘--recursive’ (‘-R’) is specified and a command line argument is
11 a symbolic link to a directory, traverse it. ⇒Traversing
symlinks.
1
1 ‘-L’
1 In a recursive traversal, traverse every symbolic link to a
1 directory that is encountered.
1
1 Combining this dereferencing option with the ‘--recursive’ option
1 may create a security risk: During the traversal of the directory
1 tree, an attacker may be able to introduce a symlink to an
1 arbitrary target; when the tool reaches that, the operation will be
1 performed on the target of that symlink, possibly allowing the
1 attacker to escalate privileges.
1
1 ⇒Traversing symlinks.
1
1 ‘-P’
1 Do not traverse any symbolic links. This is the default if none of
1 ‘-H’, ‘-L’, or ‘-P’ is specified. ⇒Traversing symlinks.
1
1 An exit status of zero indicates success, and a nonzero value
1 indicates failure.
1
1 Examples:
1
1 # Change the owner of /u to "root".
1 chown root /u
1
1 # Likewise, but also change its group to "staff".
1 chown root:staff /u
1
1 # Change the owner of /u and subfiles to "root".
1 chown -hR root /u
1