File Ownership in Linux: Mastering chown, chgrp, and Recursive Changes
The Problem: Who Actually Owns This File?
You're setting up a web application. You deploy files as your user account, but the web server runs as www-data. Suddenly:
ls -l /var/www/html/index.html
-rw-r--r-- 1 ubuntu ubuntu 2048 Dec 09 10:00 index.html
The web server can't write to upload directories. Log files can't be created. The application breaks.
Or you're collaborating on a project, but files you create are locked to your user account. Your teammate can't edit them even though they should have access.
This is about ownership. Permissions (rwx) control what you can do. Ownership controls who can do it.
Understanding File Ownership
Every file in Linux has two owners:
- User owner - A specific user account
- Group owner - A specific group
When you run ls -l:
-rw-r--r-- 1 ubuntu developers 2048 Dec 09 10:00 file.txt
│ │
│ └─ Group owner
└──────── User owner
This file is owned by:
- User:
ubuntu - Group:
developers
Why does this matter?
Permissions (rwx) apply based on who you are:
- If you're the user owner, you get the first set of permissions
- If you're in the group owner, you get the second set
- If you're neither, you get the third set (others)
The chown Command: Change User Ownership
chown (change owner) changes who owns a file.
Basic Syntax
chown new_user filename
Simple Example
# Check current ownership
ls -l script.sh
-rwxr-xr-x 1 ubuntu ubuntu 512 Dec 09 10:00 script.sh
# Change owner to 'john'
sudo chown john script.sh
# Verify change
ls -l script.sh
-rwxr-xr-x 1 john ubuntu 512 Dec 09 10:00 script.sh
Note: You need sudo to change ownership (only root can do this).
Real-World Scenario: Web Server Files
You deployed a website, but the web server (running as www-data) can't write to the uploads directory:
ls -ld /var/www/html/uploads
drwxr-xr-x 2 ubuntu ubuntu 4096 Dec 09 10:00 uploads/
Fix it:
sudo chown www-data /var/www/html/uploads
ls -ld /var/www/html/uploads
drwxr-xr-x 2 www-data ubuntu 4096 Dec 09 10:00 uploads/
Now the web server can write to this directory.
The chgrp Command: Change Group Ownership
chgrp (change group) changes the group owner of a file.
Basic Syntax
chgrp new_group filename
Simple Example
# Check current ownership
ls -l project.txt
-rw-r--r-- 1 ubuntu ubuntu 1024 Dec 09 10:00 project.txt
# Change group to 'developers'
sudo chgrp developers project.txt
# Verify change
ls -l project.txt
-rw-r--r-- 1 ubuntu developers 1024 Dec 09 10:00 project.txt
Real-World Scenario: Team Collaboration
You're working on a shared project. Files should be editable by anyone in the developers group:
# Create shared directory
mkdir /shared/project
# Change group ownership
sudo chgrp developers /shared/project
# Give group write permissions
chmod 775 /shared/project
ls -ld /shared/project
drwxrwxr-x 2 ubuntu developers 4096 Dec 09 10:00 /shared/project/
Now anyone in the developers group can create and edit files here.
Changing Both User and Group with chown
You can change both owners at once using chown:
Syntax
chown user:group filename
Example
# Change both user and group
sudo chown www-data:www-data /var/www/html/config.php
ls -l /var/www/html/config.php
-rw-r--r-- 1 www-data www-data 512 Dec 09 10:00 config.php
This is faster than running chown and chgrp separately.
Change Only Group with chown
You can also change just the group using chown:
# Colon with only group name
sudo chown :developers file.txt
ls -l file.txt
-rw-r--r-- 1 ubuntu developers 1024 Dec 09 10:00 file.txt
This does the same thing as chgrp developers file.txt.
Recursive Ownership Changes: The -R Flag
Often you need to change ownership for entire directories and everything inside them.
The -R (Recursive) Flag
chown -R user:group directory/
This changes ownership for:
- The directory itself
- All files inside
- All subdirectories
- All files in subdirectories
- Everything nested below
Example: Website Directory
# Check current ownership
ls -l /var/www/html/
drwxr-xr-x 5 ubuntu ubuntu 4096 Dec 09 10:00 assets/
-rw-r--r-- 1 ubuntu ubuntu 2048 Dec 09 10:00 index.html
drwxr-xr-x 3 ubuntu ubuntu 4096 Dec 09 10:00 uploads/
# Change everything to www-data
sudo chown -R www-data:www-data /var/www/html/
# Verify
ls -l /var/www/html/
drwxr-xr-x 5 www-data www-data 4096 Dec 09 10:00 assets/
-rw-r--r-- 1 www-data www-data 2048 Dec 09 10:00 index.html
drwxr-xr-x 3 www-data www-data 4096 Dec 09 10:00 uploads/
All files and directories now owned by www-data:www-data.
Real-World Scenario: Application Deployment
You cloned a repository as your user, but the application needs to run as appuser:
# Clone repo
git clone https://github.com/company/app.git /opt/app
# Everything is owned by you
ls -l /opt/app/
-rw-r--r-- 1 ubuntu ubuntu 156 Dec 09 10:00 config.yml
drwxr-xr-x 3 ubuntu ubuntu 4096 Dec 09 10:00 logs/
-rwxr-xr-x 1 ubuntu ubuntu 8192 Dec 09 10:00 start.sh
# Change ownership recursively
sudo chown -R appuser:appuser /opt/app/
# Verify
ls -l /opt/app/
-rw-r--r-- 1 appuser appuser 156 Dec 09 10:00 config.yml
drwxr-xr-x 3 appuser appuser 4096 Dec 09 10:00 logs/
-rwxr-xr-x 1 appuser appuser 8192 Dec 09 10:00 start.sh
Now the application can access all its files.
Combining Ownership and Permissions
Ownership and permissions work together. You often need to set both:
Example: Secure Application Directory
# Set ownership
sudo chown -R appuser:appuser /opt/app/
# Set permissions: owner full access, group read/execute
sudo chmod -R 750 /opt/app/
ls -ld /opt/app/
drwxr-x--- 5 appuser appuser 4096 Dec 09 10:00 /opt/app/
Result:
-
appuserhas full control - Users in
appusergroup can read and execute - Others have no access
Example: Shared Team Directory
# Create directory
sudo mkdir /shared/team-project
# Set ownership
sudo chown ubuntu:developers /shared/team-project
# Set permissions: owner and group can write
sudo chmod 770 /shared/team-project
# New files inherit group (optional, advanced)
sudo chmod g+s /shared/team-project
ls -ld /shared/team-project
drwxrws--- 2 ubuntu developers 4096 Dec 09 10:00 /shared/team-project/
Now anyone in developers group can collaborate.
Common Patterns and Use Cases
Pattern 1: Web Server Files
# HTML/CSS/JS files
sudo chown -R www-data:www-data /var/www/html/
sudo find /var/www/html -type f -exec chmod 644 {} \;
sudo find /var/www/html -type d -exec chmod 755 {} \;
Pattern 2: Application with Log Directory
# Application files
sudo chown -R appuser:appuser /opt/app/
# Logs directory needs write access
sudo chown -R appuser:appuser /opt/app/logs/
sudo chmod -R 755 /opt/app/logs/
Pattern 3: Database Files
# PostgreSQL data directory
sudo chown -R postgres:postgres /var/lib/postgresql/
sudo chmod -R 700 /var/lib/postgresql/
Pattern 4: SSH Configuration
# User's SSH directory
sudo chown -R ubuntu:ubuntu /home/ubuntu/.ssh/
sudo chmod 700 /home/ubuntu/.ssh/
sudo chmod 600 /home/ubuntu/.ssh/id_rsa
Common Mistakes
Mistake #1: Forgetting sudo
# This fails unless you're root
chown newuser file.txt
# chown: changing ownership of 'file.txt': Operation not permitted
# Need sudo
sudo chown newuser file.txt
Mistake #2: Using -R on the wrong directory
# DANGEROUS - changes system files
sudo chown -R ubuntu:ubuntu /
# Be specific
sudo chown -R ubuntu:ubuntu /home/ubuntu/project/
Mistake #3: Wrong syntax for user:group
# Wrong - space between user and group
sudo chown user group file.txt
# Right - colon, no spaces
sudo chown user:group file.txt
Mistake #4: Changing ownership without checking permissions
# Change owner
sudo chown www-data file.txt
# But file isn't readable by owner!
ls -l file.txt
--wx-wx-wx 1 www-data www-data 512 Dec 09 10:00 file.txt
# Fix permissions too
sudo chmod 644 file.txt
Checking Current Ownership
View detailed ownership
ls -l filename
stat filename # Even more details
Find files by owner
# Find all files owned by ubuntu
find /home -user ubuntu
# Find all files owned by www-data group
find /var/www -group www-data
Find files with specific ownership
# Find files where user and group don't match
find /var/www -not -user www-data -o -not -group www-data
Special Case: Changing Ownership of Symbolic Links
By default, chown changes the target of a symbolic link, not the link itself.
# Create a link
ln -s /path/to/file.txt link.txt
# This changes the target file's ownership
sudo chown newuser link.txt
To change the link itself (rarely needed):
sudo chown -h newuser link.txt
Reference vs Non-Reference
You can reference another file's ownership:
# Copy ownership from reference.txt to target.txt
sudo chown --reference=reference.txt target.txt
This is useful in scripts where you want to match existing ownership.
Quick Reference
Basic Commands
# Change user owner
sudo chown newuser file.txt
# Change group owner
sudo chgrp newgroup file.txt
# Change both
sudo chown user:group file.txt
# Change only group (with chown)
sudo chown :group file.txt
# Recursive change
sudo chown -R user:group directory/
Common Patterns
| Use Case | Command |
|---|---|
| Web server files | sudo chown -R www-data:www-data /var/www/ |
| Application deploy | sudo chown -R appuser:appuser /opt/app/ |
| User's home directory | sudo chown -R ubuntu:ubuntu /home/ubuntu/ |
| Shared team directory | sudo chown user:developers /shared/project/ |
| Database files | sudo chown -R postgres:postgres /var/lib/postgresql/ |
Verification
# Check ownership
ls -l file.txt
# Detailed info
stat file.txt
# Find by owner
find /path -user username
find /path -group groupname
Advanced: Who Can Change Ownership?
Only root (or users with sudo privileges) can change file ownership. This is a security feature.
Why?
If regular users could change ownership, they could:
- Give files to other users without permission
- Bypass disk quotas
- Frame other users for their actions
Working with Groups
View your groups
groups
# ubuntu adm cdrom sudo dip plugdev developers
View a user's groups
groups username
Add user to group
sudo usermod -aG groupname username
# User must log out and back in for this to take effect
Key Takeaways
- Every file has two owners: User and group
-
chown changes user ownership:
sudo chown user file -
chgrp changes group ownership:
sudo chgrp group file -
Change both at once:
sudo chown user:group file -
Use -R for directories:
sudo chown -R user:group dir/ - Always need sudo: Only root can change ownership
- Combine with permissions: Ownership + chmod = complete access control
- Be careful with -R: Double-check your path
Ownership is the foundation of Linux security. Master it alongside permissions, and you'll have complete control over file access on your systems.
What ownership pattern do you use most in your workflow? Share your use cases in the comments.
Top comments (0)