The chown command in Linux is used to assign ownership. Every file and directory can have only one user and one group as an owner. In Linux, the concept of ownership is key to understanding file access, security, resource management, and accountability.
In this article, I’ll show you how to use the chown command to change a file’s ownership and give you specific use-case scenarios of why you’d want to do so.
Basics of File Ownership in Linux
To assign owners to files and directories in Linux, we use the chown command. There are three types of owners in Linux:
- An individual user
- A group
- Others
The “Others” refers to all users who are neither the owner nor belong to the group that is the owner. By default, there are many users and groups on a Linux server even if you’re the only user. Users don’t have to be human – in fact, most of them aren’t. Groups are merely collections of users.
To see all the groups on a Linux system, use the following command:
cat /etc/group
This gives me the following output:
Each line starts with the group name. The “x” is a placeholder for the password, and the number is the group ID, followed by a comma-separated list of users belonging to that group.
If you want to see the list of users on a Linux system, use the following command:
awk -F: '{print $1}' /etc/passwd
This generates the output as shown here:
As you can see, there are many users on a Linux system that aren’t linked to a human being. The “www-data” user is the one linked to a web server like Apache. You can see that we have user processes for backups, mail, and proxy.
How to See the User and Group Ownership of a File or Folder
To see who owns a file or folder in Linux, you can simply use the ls-l command. For example, I’ve created a test file on my system. I can use the following command:
ls -l
This gives me the following output:
This output indicates that both the username as well as the group who have ownership of my testfile are “bhagwad”. This may sound strange until you realize that Linux often (depending on the system) creates a group with the same name as the username during account setup. Doing this allows Linux to automatically assign a group with the same name to the files that the user creates.
Modifying the User and/or Group Owner of a File
With the above background, we’re ready to use the chown command to change the owner of a file or folder.
Let’s say in my above example, I want to change the user owner of the file called “testfile” to another user – for example, the “www-data” user, instead. I would use the following command:
chown www-data testfile
This converts the user-owner to www-data. Executing this command, and using the ls-l command after that, allows us to see that the owner has indeed changed.
You might notice that I had to use my sudo password to use the chown command to change the owner of the file. This is expected, and it’s better than logging in as root – even temporarily – to change the user. In fact, I’ve written before about how to allow users to use the sudo command on Linux.
This segways nicely into the next segment – a special case of groups, and a good illustration of how users and groups work together seamlessly in system administration in Linux.
Special Case of Groups
Linux has various system groups. Here are two examples.
The “Wheel” Group
The more visible example of a group is the “wheel” group. This group consists of users who are able to access administrative rights via the “sudo” command. Even though we can temporarily switch to the root user and access all of its power, it’s not a good idea for a variety of reasons. So Linux has a system, whereby users can access admin rights by prefixing their commands with the “sudo” keyword. Linux will then prompt the user for their password, and if the user exists in the “wheel” group, they can proceed with the admin command.
The origins of the “wheel” group lie in the time when someone used to be called a “big wheel” if they had power, and similarly, those in the wheel group hold unlimited power over the system, thanks to the “sudo” command. As I explain in my linked article, you can use the “visudo” tool to add a user to the wheel group.
The “www-data” Group
The www-data group is used by web servers like Apache or NGINX. Your web server needs to constantly access files and folders on the server, and it might need access to upload some files as well. Normally, all this is hidden from the user and many of us don’t even realize that a specific group for webservers exists.
But files that the web server needs to manage will need to have the “www-data” group assigned to them via the chown command.
Use-Case Scenarios for the chown Command
There are several useful ways you can use the chown command in your day-to-day life, either as an ordinary user or as a system administrator of a Linux server. Here are a few.
Using the chown Command for Collaboration
It’s easy to imagine how the chown command can be used to collaborate on projects. Let’s say you’re working with a team that needs to read the files that you create. Perhaps you’re writing the documentation for a project, and need to send the entire folder to a group of people for review. Based on your needs, you can create a group for all the collaborators on the project and give them permission to either read or write to the files.
Using chown for Application Security
Let’s say you’re setting up a web server, and need to configure your security parameters. Web servers are a particularly juicy target for attacks, and so it’s the responsibility of everyone setting up a web server to take measures to “harden” it.
One such measure is ensuring that only the right people and system processes can access and write to your site’s files. For example, as we’ve seen, the www-data user and group belong to the web server. So the following command will allow the webserver to both read and write to the “uploads” folder:
sudo chown -R www-data:www-data /var/www/website/uploads
The “uploads” folder is relatively low-risk. But we might not want the webserver to have write permissions to another folder containing application files. So we assign an application’s folder to an individual user as well – like this:
sudo chown -R webadmin:www-data /var/www/website
Now we use the chmod command to allow the user-owner to read and write to the folder, but we only allow read writes to the webserver:
sudo chmod -R 755 /var/www/website sudo chmod -R 775 /var/www/website/uploads
This way, the webserver has read and write access to the “uploads” folder, but only read access to the main website, since the user-owner is different for the “uploads” folder and the main application directory.
Conclusion
The chown command is a very flexible tool that allows you to assign owners – be they groups or individuals to specific files and directories. This allows you to fine-tune the permissions that each has for purposes like security, collaboration, and administration.
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!
Leave a Reply