Users and Groups in Linux – How to use chown and chgrp commands?

When it comes to large organization, the Users and Groups plays important role in every side of people. There will be different levels of users in an organization. In order to scale this, We need a strong understanding of users and groups.

To protect files and directories in Linux from various types of users we can use chown and chgrp commands. These commands are used to manage which type of user can read, write, and execute a file.

We need to understand the basics of how groups and users work in Linux and how can we manipulate permissions for them.

Let’s get into the topic without any further ado.

What are the Group and Users and use cases of the group?

A user is a normal entity to manipulate files, directories, and any type of action in a system. We can create any number of users in Linux.

A group contains zero or more users in it. Users in a group share the same permissions. The group allows us to set permissions on the group level instead of having to set permissions for individual users.

Let’s consider a scenario in software development, a machine has been used by various types of people like Administrators, Developers, and Testers.

Each person should have an individual level of access to the files in a system.

Yet there will be a common set of permission allowed for developers, similarly, testers and admins. So level of permissions is common for the individual users inside their respective groups.

Let’s consider there are 10 developers and 8 testers in my team and we’re using 1 shared computer (Each of us holds a laptop too).

We want to create a file that should be accessible only to the developers. Can we achieve this without using the concept of groups? Yes. It’s achievable. But, we have to assign permission to each developer.

The next day, I get news that my team is expanding to 150 developers and 20 testers due to an immediate client requirement.

Achievable again. But, it’s not scalable. It’s so tedious to manage permission for each and every developer if they share common permissions.

Here comes the supremacy of groups 👬. If we have all 10 developers in a group called dev_group, We can simply give permission to the group dev_group.

Not only for permissions but there are other use cases for groups available too.

What are the primary and secondary groups in Linux?

As the name implies a Primary group is a group that a user belongs to that group by default.

For example,

Let’s assume your username is arun, and you create a group called admin, then you will belong to the group admin by default.

A Secondary group is a group where we can add any number of users into that group.

How to create a user?

Users are created by using useradd command. Each user in a Linux system has a unique user id.

useradd [OPTIONS] 

Let’s create a new user named developer

useradd developer

How to create a group?

Groups are created by using groupadd command. Similar to user, each group in a Linux system has a unique group id.

groupadd [OPTIONS] 

Let’s create a new group named developers_group

groupadd developers_group

How to add a user to a group?

So, we created a user and a group. Let’s add the user (developer) to the group (developers_group). The command to add a user to a group is usermod -aG.

sudo usermod -aG  

Here’s the actual command to add the user developer to developers_group group

sudo usermod -aG developers_group developer

How to list the groups?

You could ask the question, “How can we verify if the created group exists? and How to verify if the user is added to the group?”. The list of groups and the users who have permission to the group are stored in a file called group. It will be located under the /etc directory.

We can see the available groups by reading that file using the cat command.

cat /etc/group

This will be huge file. By default it has 70 to 100 lines. So, I’ve cropped the top and bottom part of the command’s output in the above screenshots.

The last 2 lines of the above screenshot describes that, there’s a new user called developer, a new group called developers_group, and the user developer is added to the developers_group group.

How to know the existing owner and group ownership of a file?

We have a powerful and most familiar command in Linux, which will show the permissions involved in a file/directory. i.e., ls -l

ls -l test.sh
Permission of test.sh file

Let’s split the output separated by space and understand each part of it,

-rw-rw-r-- 1” – Permission for file test.sh

1st occurrence of “gogosoon” – Owner of the file

2nd occurrence of “gogosoon” – Group ownership of the file

How to change the Owner of a file/directory?

chown command is used to change the ownership of the file. The chown command is abbreviated to change owner.

From our above example, we have seen the file test.sh owned by the user named gogosoon.

chown  

Let’s change the ownership of the file to the user admin using the chown command.

sudo chown admin test.sh
Change the ownership of the file test.sh using chown command

From the above screenshot, we can clearly see that the owner of the file test.sh has been changed from gogosoon to admin.

How to copy the ownership from one file to another?

I have faced this scenario once in my career. We use a common system in some rare usecases.

One day I am working on creating hundreds of files and gave access to my colleague’s user account. But the permissions to all the files will be the same. I was so lazy to do it manually and I’m sure that there must be some commands exist to do this. So I did a quick Google search to copy permission from one file to another. After few seconds, I found the solution and it was so simple. You can do this by adding a --reference flag.

chown --reference= 

Let’s explore that with an example,

Let’s create a new file named copy.sh with my user account gogosoon.

The owner of the test.sh file is admin user (from our previous example). I want the ownership of test.sh file to be copied to newly created copy.sh file which was owned by gogosoon user.

sudo chown --reference=test.sh copy.sh

From the above screenshot, the first command describes the ownership of test.sh file which is owned by admin user.

The second command describes the ownership of the copy.sh file which is owned by the gogosoon user.

The third command copies the ownership of test.sh to copy.sh file.

The last command again describes the ownership of copy.sh file which is now owned by admin user.

You may wonder that I’ve told that I created multiple files, but how did I change the ownership of all the files at once?

That’s a different story. But leaving my answer here. I created a script that loops over all the files and changes the ownership by referencing a single master file.

How to change ownership of multiple files with a single command?

You can do this by passing multiple file names to the chown command with one user name. This sets the ownership of all the given files to that particular user.

sudo chown  file1 file2 ...

Here’s an example where I try to set the ownership of files copy.sh and test.sh to admin user.

sudo chown admin copy.sh test.sh

How to change the group ownership of a file?

Almost all the operations related to group can be achieved with chgrp command, which abbreviated to change group. It’s almost similar to chown command.

Syntax of chgrp command,

sudo chgrp  

I have already created a group called admin . I do not belong to this group. Let’s change the group ownership of the test.sh file from gogosoon to admin group.

sudo chgrp admin test.sh

From the above screenshot, we can witness that group ownership of test.sh file has been changed from gogosoon to admin. Since, I do not belong to this group, I will not have write access to the file.

Let’s verify the same by opening the file in write mode,

nano test.sh

The above screenshot describes that (highlighted with red color at the bottom), I do not have write access to the test.sh file. Because I do not belong to the group admin.

How to change the group ownership of a directory?

The same syntax for files is applicable for directories also. Here’s a quick example,

sudo chgrp test group_test/

But remember the above command changes the group ownership of only the files in that directory. To recursively change the group permission of all the directories inside that directory, we have to add -R flag with it.

sudo chgrp -R admin group_test/

Now the group ownership for all the files and directories inside group_test have been changed from gogosoon to admin

Let’s verify the output, by trying to write a file from the directory group_test as gogosoon user

Hurray !!! The ownership has been applied appropriately.

Conclusion

In this article, you have learned about changing file and folder ownership of users and groups.

Subscribe to my newsletter by entering your email address in the below box to receive more such insightful articles that get delivered straight to your inbox.

Have a look at my site which has a consolidated list of all my blogs.

Cheers !!!

Share this article