When using the Linux operating system at home, we rarely think about who owns the file. If we talk about starting the server, then the alignment changes. In order to improve security, the server gets its own user and group. It is not uncommon for servers to use the same group, such as www-data.
We will learn how the chgrp command works with files and directories. Pay special attention to symbolic links, as they can create problems when using unsafe options.
chgrp Linux command
The file permissions standard came to Linux from Unix. Each file has an owner ( u ser) and a group ( g roup), in addition, the rights of other users ( o ther) are described. The rights consist of three items: reading ( r ead), writing ( w rite), execution (e x ecute). The umask command is used to change permissions, but the chown and chgrp commands are used to change the owner and group directly. You can use the ls command to view the current permissions.
Syntax and options for chgrp
General view of the chgrp command:
$ chgrp [options] newgroup filename
List of common chgrp command options:
- -h – work directly with the symbolic links themselves, and not with the files they link to;
- –dereference – work with files, not symbolic links themselves. Used by default;
- -R – recursive processing of the directory with all its contents;
- -H – follow a symbolic link and change file/directory attributes. The link itself remains unchanged. Used in conjunction with the -R option;
- -L – follow the symbolic link and continue recursive processing. The link itself remains unchanged. Used in conjunction with the -R option;
- -P – when encountering a symbolic link, process only it. Used with the -R option , this is the default;
- –reference=sample_name – use the sample group. Used instead of new_group ;
- -c – output only changes during processing;
- -v – display information about each processed file.
Using the chgrp Command
Let’s look at several use cases at once, with a real file and directory, and then with symbolic links to them. The simplest example of using the chgrp command without parameters. The following command changes the group to www-data for the file file in the current folder:
sudo chgrp www-data file.txt
And this one changes the group to www-data for the folder folder:
sudo chgrp www-data folder
With real files and directories, the command works quite predictably, changing their group. The files in the folder remain unchanged. If you process symbolic links, then their attributes will remain unchanged, and the files will receive a new group. This behavior is similar to the –dereference option . For example, these commands, applied to symbolic links, will work as shown in the picture:
sudo chgrp www-data sym_file.txt
sudo chgrp www-data sym_folder
Now let’s look at how the -h option will work , changing the attributes of a symbolic link:
sudo chgrp -h www-data sym_file
With the -h option , only the link attributes are changed, not the files themselves. Now let’s look at working with the -R option , which is intended for recursive processing of directories:
sudo chgrp -R www-data folder
The new group was assigned not only to the directory, but to all files inside. Note that the behavior has changed, now when processing a symbolic link, the attributes are set for the link itself, and not for the file.
To see the difference between the -H and -L options , let’s look at a couple more examples. Recall that they must be used in conjunction with the -R option :
sudo chgrp -RH www-data folder
Using the -H option has changed the handling behavior of symbolic links, they are now treated as if the commands were run individually. The attributes of links do not change, the attributes of the files themselves change, and recursive processing stops when you switch to a directory.
sudo chgrp -RL www-data folder
With the -L option , navigating to a folder via a symbolic link does not stop recursive processing. Please note that the -H and -L options are not safe to use , they can reach system files.
Findings
The chgrp Linux command does one thing – it changes the group of files and directories. When handling symbolic links, one must be extremely careful not to harm the system, so the -R option is not recommended to be supplemented with others. You can also change user and group at the same time using the chown command.
As you may have noticed, the chgrp program only defines one group, but in fact access control lists (ACLs) allow you to assign multiple groups. To work with them, you can use the setfacl and getfacl utilities, there is also a utility with a graphical interface eiciel (Debian 10 and Ubuntu repositories contain an outdated version, the latest (0.9.13) can set rights recursively).