Difference between Chmod and Chown?

Cheerag Nundlall

Well-known member
Joined
Oct 12, 2016
Messages
210
Points
18
Can you guys tell me what is the difference between Chmod and Chown? I am learning Linux and see these commands, its a bit hard to understand for me :)
 

Efe Agbontaen

Member
Joined
Sep 4, 2020
Messages
20
Points
1
chmod is used to modify the permissions of a file or folder. Syntax is like chmod 664 filename. This will give Read&Write permissions to the owner and group of the filename and only Read permissions to other users
In order to Modify the permissions of a file, you have to either own that file or be an admin.

Now if for example, you are logged in as root and you want to give userA the ability to use chmod command on a file, then you should use the Chang Owner (chown) command.

Syntax is like chown userA:groupA filename. This will change the filename owner and group to userA and groupA respectively
 

tuxandrew

Well-known member
Joined
Aug 19, 2012
Messages
126
Points
18
Chmod used to change the permission of a file or a directory.
Chown used to change the ownership of a file or a directory .

read-4
write-2
execute -1

chmod 644 <file name> # example

- assign what kind of permissions for the users to have on this file.

Here,
- owner of the file has 4+2 =6 [ read and write] permission.
- users in a group which the file belongs and other users in the system has 4 [read] only permission


chown user:user <file name> #example
The chown command stands for "change owner"

- Can assign ownership for user and group to have the privileges to access the file for operations.
 

Efe Agbontaen

Member
Joined
Sep 4, 2020
Messages
20
Points
1
Folders should have 0755 and files should have 0644 permissions mostly.
Folders should have 0755 and files should have 0644 permissions mostly
I think it is important to mention particularly that files with config information like database details should have 600. Especially when in a shared environment.

Short story:
I was contacted to cleanup a hacked WordPress website. Hacked due to an unsecure WordPress plugin. The hacker then uploaded what I consider a "beautiful script". What the script does is to bruteforce the config location of popular webapps in the /var/www directory...Some of them includes:

WordPress
Joomla
WHMCS and many more

It then created a symlink to these files. And just like that almost all the websites were hacked.

Now the ones that survived the attack are the ones that set their config files to 600 which was about 1 or 2 websites.

Think about it. 644 means:
  • I can read and write to this file
  • Anyone in my group can read this file but not write
  • All other people including an hacker can read this file but not write
 

Chris Worner

Well-known member
Joined
Apr 15, 2016
Messages
535
Points
28
Chris Worner
I was contacted to cleanup a hacked WordPress website. Hacked due to an unsecure WordPress plugin
I am just curious how you detect a hack from an unsecure WordPress plugin? did you use any tools to find?
 

fiz

Member
Joined
Aug 6, 2020
Messages
49
Points
6
fiz
If you have a VPS with cPanel which is mostly the case these days. You can have Imunify for FREE. You can run a scan periodically to make sure everything is fine and there is no malware on the server. ClamAV + Maldet is also great and they even provide your cPanel users an option to run a scan whenever they want. There is a lot you can do if you have root access and know how to use Linux.
If you are on Shared Hosting and your Hosting Provider doesn't have the option of Virus Scanner in cPanel then you can use Online Scanners as my friend mentioned in posts above but sometimes they can't read everything you have in your account.

I always suggest people to hire someone to maintain your website so that you can focus on your business rather than handling these issues by yourself. You cannot do everything in your business. and if you are doing everything in your business then you are probably spending more time (which is actual money) than the money you are saving.
 

Efe Agbontaen

Member
Joined
Sep 4, 2020
Messages
20
Points
1
Efe Agbontaen
If you want to detect if you have been infected in the first place, like others said, there are tools you can use.
But in this case, I wanted to know how exactly the hacker broke in. Since it's a Web App, I'm sure they came in through the web (ie apache) and not some other vulnerability. So I just scanned the Access log of that website manually.

I can't post the actual exploit here, but this screenshot is an example of how I tracked exactly what they did:
Hack.png
 

fiz

Member
Joined
Aug 6, 2020
Messages
49
Points
6
fiz
Oh yes, you are right. Config files including .htaccess must have 600. It was more like a 500 error kind of situation, so the motive was to help him fix that. But you are absolutely right, should've mentioned this too.
 

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top