CHGRP LINUX command

Often when working in Linux, users rarely think about who owns a file. When it comes to running a server, however, the situation changes. To increase security, the server gets its own user. It is not uncommon for servers to use the same group, like www-data. Next, let's see how this function works with files and directories. We will pay special attention to symbolic links, as they can cause problems when using insecure settings.

What it means

The file permissions standard came to Linux from Unix. So each object has a user, group in addition to this describes the rights ofother users(other). The permissions consist of three items: read, write, execute. The umask command is used to change permissions, but the chown commands are used to change the owner and group directly. The ls command can be used to view current permissions.

Syntax and options

General view of the chgrp command:

$ chgrp [options] new_group file_name

A list of common options for the chgrp command:

1. -h - work directly with the symbolic links themselves;
2. --dereference - work with files, not symbolic links themselves. Used by default;
3. -R - recursive processing of the directory with all its contents;
4. -H - follow the symbolic link and change file/directory attributes. Used in conjunction with the -R parameter;
5. -L - follow the symbolic link and continue recursive processing. Used in conjunction with the -R parameter;
6. -P - when encountering a symbolic link, process only it. Used together with the -R parameter, is the default value;
7. --reference=file_name - use the sample group;
8. -c - output only changes when processing;
9. -v - output information about each processed object.

Command usage

The simplest example of using the chgrp command. The next one changes the entire www-data object for the file in the current folder:

$ sudo chgrp www-data file.txt

And this one changes the group to www-data for the folder folder:

 $ sudo chgrp www-data folder

The command works in a very predictable way by changing their group. The objects in the folder remain unchanged. If you process symbolic links, however, their attributes remain unchanged, but the object gets a new group. This behavior is similar to the handling of the --dereference parameter.

For example, these commands applied to symbolic links will work as shown in the screenshot:

$ sudo chgrp www-data sym_file.txt

Let's take a look at how the -h parameter changing the attributes of a symbolic link would work:

$ sudo chgrp -h www-data sym_file

The group has been set not only to the directory, but also to all the files inside. Notice that the behavior has changed, now when processing a symbolic link the attributes are set for the link itself, not the object.

To see the difference between the -H and -L parameters, let's look at a couple more examples. Recall that they must be used together with -R:

$ sudo chgrp -RH www-data folder

Using -H, the behavior when processing symbolic links has changed; now they are handled as if the functions were executed separately. The attributes of the references are not changed, the attributes of the objects themselves are changed, and recursive processing stops when you switch to a directory.

$ sudo chgrp -RL www-data folder

It performs one function - it changes the group of files and directories.

When processing symbolic links, you should be extremely careful not to damage the system.