Chown Command in Linux (File Ownership)

Updated on

6 min read

Linux Chown Command

The chown command in Linux allows you to change the user and/or group ownership of files, directories, and symbolic links. Knowing how to use chown is essential for managing access control, especially in multi-user environments.

In Linux, every file and directory has an owner and a group, along with permissions that define access rights for the file owner, the group members, and others.

This guide covers the chown command syntax, common options, practical examples, and best practices for secure usage.

What Is File Ownership in Linux?

Every file and directory in Linux has an owner and a group, and is assigned permission access rights for three different classes of users:

  • Owner (the user who owns the file)
  • Group (users in the file’s group)
  • Others (everyone else)

File ownership can be viewed using the ls command:

Terminal
ls -l filename.txt
output
-rw-r--r-- 12 linuxize users 12.0K Apr  8 20:51 filename.txt
              [------] [---]
                 |       |
                 |       +-----------> Group
                 +-------------------> Owner

chown Command Syntax

The basic syntax of the chown command is:

sh
chown [OPTIONS] USER[:GROUP] FILE(s)

Syntax Breakdown:

  • USER - The user name or the user ID (UID) of the new owner.
  • GROUP - The new group’s name or the group ID (GID).
  • FILE(s) - The name of one or more files, directories, or symlinks. Numeric IDs should be prefixed with the + symbol to avoid conflicts with usernames.

Key patterns:

  • USER - If only the user is specified, the specified user will become the owner of the given files. The group ownership is not changed.
  • USER: - When a colon (:) follows the username, and the group name is not given, the user will become the owner of the files, and the file’s group ownership is changed to the user’s login group.
  • USER:GROUP - If both the user and the group are specified (with no space between them), the user ownership of the files is changed to the given user, and the group ownership is changed to the given group.
  • :GROUP - If the User is omitted and the group is prefixed with a colon (:), only the file’s group ownership is changed to the given group (equivalent to chgrp).
  • : If only a colon (:) is given, without specifying the user and the group, no change is made.

Most common chown options:

  • -R - Apply to the directory and its contents recursively.
  • -h - Change ownership of the symbolic links, not the referenced file.
  • -v - Verbose output.
  • --reference=REF_FILE - Copy ownership from reference file.

By default, chown doesn’t produce any output on success and returns zero.

Who Can Use chown?

  • Regular users can change the file group only if they own the file and only to a group they are a member of.
  • Administrative users can change the ownership of all files.

Changing File Owner

To change the owner of a file, use the chown command followed by the user name of the new owner and the target file as an argument:

sh
chown USER FILE

For example, the following command will change the ownership of a file named file1 to a new owner named linuxize:

Terminal
chown linuxize file1

To change the ownership of multiple files or directories, specify them as a space-separated list:

Terminal
chown linuxize file1 dir1

The numeric user ID (UID) can be used instead of the username:

Terminal
chown +1000 file2
Warning
If a numeric owner exists as a user name, the ownership will be transferred to the user name. To avoid this, prefix the ID with +:

Changing Owner and Group

To change both the owner and the group of a file, use the chown command followed by the new owner and group separated by a colon (:) with no intervening spaces and the target file as argument:

sh
chown USER:GROUP FILE

The following command will change the ownership of a file named file1 to a new owner named linuxize and group devs:

Terminal
chown linuxize:devs file1

If the group is omitted, Linux assigns the user’s default login group:

Terminal
chown linuxize: file1

How to Change Group Ownership Only

To change only the group of a file, use the chown command followed by a colon (:) and the new group name (with no space between them) and the target file as an argument:

sh
chown :GROUP FILE

The following command will change the group of the file named file1 to www-data:

Terminal
chown :www-data file1

Alternatively, to change the group ownership of files, you can use the chgrp command.

By default, the chown command changes the group ownership of the files that the symlinks point to, not the symlinks themselves.

For example, if you try to change the owner and the group of the symbolic link symlink1 that points to /var/www/file1, chown will change the ownership of the file or directory the symlink points to:

Terminal
chown www-data: symlink1

Chances are that instead of changing the target ownership, you will get a “cannot dereference ‘symlink1’: Permission denied” error.

The error occurs because, by default, symlinks are protected on most Linux distributions, so you cannot operate on the target files. This option is specified in /proc/sys/fs/protected_symlinks. 1 means enabled, and 0 is disabled. We recommend not turning off symlink protection.

To change the group ownership of the symlink itself, use the -h option:

Terminal
chown -h www-data symlink1

Recursively Changing Ownership

To recursively change ownership of all files and directories within a directory, use the -R (--recursive) option:

sh
chown -R USER:GROUP DIRECTORY

For example, to change the ownership of all files and subdirectories under the /var/www directory to a new owner and group named www-data, you would run:

Terminal
chown -R www-data: /var/www

If the directory contains symbolic links, pass the -h option:

Terminal
chown -hR www-data: /var/www

Other options that can be used when recursively changing the directory ownership are -H and -L.

If the argument to the chown command is a symbolic link pointing to a directory, the -H option will cause the command to traverse the symbolic link. -L tells chown to traverse each symbolic link to a directory that is encountered. Usually, you should not use these options because you might mess up your system or create a security risk.

Using a Reference File

The --reference=ref_file option copies ownership from another file (ref_file). If the reference file is a symbolic link, chown will use the user and group of the target file.

sh
chown --reference=REF_FILE FILE

For example, the following command will assign the user and group ownership of file1 to file2

Terminal
chown --reference=file1 file2

Common Use Cases and Best Practices

  • Fixing permission issues after file transfers or archive extractions.
  • Managing web server directories (/var/www). Combine with chmod for secure setups, e.g., web files: chown -R www-data:www-data /var/www + chmod -R 755 /var/www.
  • Assigning correct ownership for application files
  • Maintaining secure multi-user environments
  • Always grant minimal access needed.
  • Always verify with ls -l before and after changes.
  • Avoid recursive operations on high-level directories such as / or /var.
  • Run as root/sudo only when necessary.

Conclusion

The Linux chown command is essential for managing files’ user and group ownership and access control. With chown, you can maintain system security, fix permission errors, and manage multi-user environments efficiently.

To learn more about the chown command, visit the chown man page or type man chown in your terminal.

If you have any questions or feedback, feel free to leave a comment.

Tags: linux commands