Menu
01101110 01100101 01110100 01110111 01101111 01110010 01101011 01100001 01100100 01101101 01101001 01101110 01110100 01101111 01101111 01101100 01110011 00001101 00001010

Background

Manage Engine

Our readers provide the funding for our platform, and we may receive a commission when you make a purchase using the links on our site.

C is for ch ch ch changes….

/ September 28, 2016 — GNU/Linux Dictionary

Average User Rating

    C is an extremely useful letter of the alphabet in Linux, especially when paired with an h. With these letters one can chown, chmod, chroot, and change lots of other things. One can even chkconfig.

    *****************************
    chown – change ownership of a file.
    *****************************

    Nothing too exciting to report here, but there are a couple of cute tricks. Surely you know that to change the ownership of an entire directory and all of its contents recursively one need only:

    [root@srv-2 usr-3]$ chown -R usr-3 doc

    Did you know that you can change the group which owns a file like this:

    [root@srv-2 doc]$ chown :users shopping-list

    or owner and group

    [root@srv-2 usr-3]$ chown -R usr-3:users doc

    What if you want to change ownership of the files only if they are now owned by a particular user/group? You could do this:

    [root@srv-2 doc]$ find . -user jsmith -print -exec chown usr-3 {} ;

    or

    [root@srv-2 doc]$ chown --from=jsmith usr-3 *

    Instead of stating the owner and group, you can tell chown to set the new ownership to be the same as another file.

    [root@srv-2 doc]$ chown --reference=/share/foo  bar

    Linux, like other modern unices does not allow file giveaways, in other words if I own a file I cannot use chown to make you the owner. Only root can do that. They used to allow that in some places a long long time ago, but those were more innocent times.

    *************************************
    chmod — change a file’s modes or permissions
    *************************************

    I guess this is the time to give the obligatory explanation of file modes and how they are represented in octal and symbolically. This will be simplified and quick!

    [usr-3@srv-2 doc]$ ls -l
drwxr-xr-x    2 bhaugaar users        4096 Jan 29 15:21 prop
-rw-r--r--    1 bhaugaar users          21 Sep 27  2000 redhat_mirror
drwxr-xr-x    2 bhaugaar users        4096 Aug  9  2001 services
-rw-r--r--    1 bhaugaar users          46 Feb 14 19:27 shopping-list
0 123 456 789
d rwx rwx rwx
|  |   |   |
|  |   |   permissions of everyone else (other) to read, write or execute the file
|  |   permissions of group members (group) to read, write or execute the file
|  permissions of file's owner (user) to read, write or execute the file
|
file type - 'd' if directory, '-' if regular file

    Symbolically, the modes can refer to user,group,other,or all (ugoa). The modes are read,write,execute (rwx).
    chmod ug+x file — give user & group execute permission on file chmod a-w file — remove for all users write permissions on file

    There are other bits that can be set, like the sticky bit or the set uid bit, and other more advanced file modes, but those are the basics. RTFM for more! Each group of three modes (rwx) is referred to as an octal. In octal it’s represented like so:
    read=4
    write=2
    execute=1
    rwx=7
    rw=6
    r=4
    rx=5

    And so we’ll chmod both numerically and symbolically:

    [usr-3@srv-2 doc]$ ls -ld solaris
drwxr-xr-x    2 bhaugaar users        4096 Sep 25 13:23 solaris

    The solaris directory is full of useful goodies for other geeks, I think I’ll let others write to it as well so I can get even more cool solaris tools.

    [usr-3@srv-2 doc]$ chmod 777 solaris
[usr-3@srv-2 doc]$ ls -ld solaris
drwxrwxrwx    2 bhaugaar users        4096 Sep 25 13:23 solaris

    Now user, group, and other have read, write, and execute permissions on this directory. In case you don’t know, you must have execute permission on a directory to be able to cd into it. Let’s do it symbolically now, making the modes more restrictive;

    [usr-3@srv-2 doc]$ ls -ld solaris
drwxr-xr-x    2 bhaugaar users        4096 Sep 25 13:23 solaris

    Now, as before, only the owner (user) can write to the solaris directory, but group and other can read and execute.

    [usr-3@srv-2 doc]$ ls -ld solaris
drwx------    2 bhaugaar users        4096 Sep 25 13:23 solaris

    Now I’ve become very greedy and want to keep it all to myself! Like chown, chmod has a -R (–recursive) option for recursively changing permissions on a directory & its contents. It also has –reference, so you can reference the modes of another file. Another fun fact about chmod is that when you chmod a symbolic link, it is never applied to the symbolic link but the file being referenced. BUT, during a recursive operation on a directory (chmod -R) chmod ignores symbolic links. Isn’t that special!

    ************************************************
    a few words about chroot — change the root directory for a process or shell.
    ************************************************

    Chroot is very useful for security purposes and comes in handy in recovery situations as well. It is most often used to create the dreaded chrooted jails in which we like to imprison daemons like apache and named. Unfortunately far too few of these daemons are locked up where they belong. You see, when I change the root directory of a process, its world shrinks down to the contents of that directory. No longer can it harm important system files that exist on the ‘outside’- all it has is whatever has been placed in its jail! But it can be a complicated and tedious task to make sure a program has all of the files – including shared libraries – it needs to run. Let’s make a little chrooted jail just for fun. Let’s say we want to run ping from a chrooted jail – just for kicks. First we’ll make the empty jail.

    [root@srv-2 opt]# mkdir jail

    Copy the ping binary into the jail.

    [root@srv-2 jail]# cp /bin/ping .

    Run ldd against ping to see what shared libraries it needs. You’ll have to put those in the jail, too, in the right place in relation to your changed root.

    [root@srv-2 jail]# ldd ping
libresolv.so.2 => /lib/libresolv.so.2 (0x4002c000)
libc.so.6 => /lib/libc.so.6 (0x4003e000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
[root@srv-2 jail]# mkdir lib
[root@srv-2 jail]# cp /lib/libresolv.so.2 lib/
[root@srv-2 jail]# cp /lib/libc.so.6 lib/
[root@srv-2 jail]# cp /lib/ld-linux.so.2 lib/

    If ping needed any config files or data files we’d put those in here, too. Now let’s see if it works!

    [root@srv-2 jail]# chroot /opt/jail /ping fandango.poopoo.com
ping: unknown host fandango.poopoo.com
[root@srv-2 jail]# chroot /opt/jail /ping 10.30.8.1             
PING 10.30.8.1 (10.30.8.1) from 10.30.8.7 : 56(84) bytes of data.
64 bytes from 10.30.8.1: icmp_seq=0 ttl=255 time=985 usec
64 bytes from 10.30.8.1: icmp_seq=1 ttl=255 time=185 usec
64 bytes from 10.30.8.1: icmp_seq=2 ttl=255 time=177 usec
--- 10.30.8.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/mdev = 0.177/0.449/0.985/0.379 ms

    We can see that ping doesn’t have what it needs to resolve names – the resolver that is used by the whole system is not installed in our jail. But the basic functionality of ping is there. Another great use for chroot is when you need to run lilo or other operations on a system that is booted off some kind of recovery media; for example my kernel install is all foobarred on my system and I can’t boot. So I boot off a recovery floppy or cd, mount the root filesystem of the hosed system at some mount point like /mnt/tmp. Then mount the rest of the filesystems under that, cd /mnt/tmp and chroot. Now you can run lilo and other commands against your messed-up system and hopefully fix it!

    Information

    About