Users and Groups in Linux — How to use chown and chgrp commands?
When it comes to large organization, the Users and Groups plays important role in every side of people. There will be different levels of users in an organization. In order to scale this, We need a strong understanding of users and groups.
To protect files and directories in Linux from various types of users we can use chown
and chgrp
commands. These commands are used to manage which type of user can read, write, and execute a file.
We need to understand the basics of how groups and users work in Linux and how can we manipulate permissions for them.
Let’s get into the topic without any further ado.
What are the Group and Users and use cases of the group?
A user is a normal entity to manipulate files, directories, and any type of action in a system. We can create any number of users in Linux.
A group contains zero or more users in it. Users in a group share the same permissions. The group allows us to set permissions on the group level instead of having to set permissions for individual users.
Let’s consider a scenario in software development, a machine has been used by various types of people like Administrators, Developers, and Testers.
Each person should have an individual level of access to the files in a system.
Yet there will be a common set of permission allowed for developers, similarly, testers and admins. So level of permissions is common for the individual users inside their respective groups.
Let’s consider there are 10 developers and 8 testers in my team and we’re using 1 shared computer (Each of us holds a laptop too).
We want to create a file that should be accessible only to the developers. Can we achieve this without using the concept of groups? Yes. It’s achievable. But, we have to assign permission to each developer.
The next day, I get news that my team is expanding to 150 developers and 20 testers due to an immediate client requirement.
Achievable again. But, it’s not scalable. It’s so tedious to manage permission for each and every developer if they share common permissions.
Here comes the supremacy of groups 👬. If we have all 10 developers in a group called dev_group, We can simply give permission to the group dev_group.
Not only for permissions but there are other use cases for groups available too.
What are the primary and secondary groups in Linux?
As the name implies a Primary group is a group that a user belongs to that group by default.
For example,
A Secondary group is a group where we can add any number of users into that group.
How to create a user?
Users are created by using useradd
command. Each user in a Linux system has a unique user id.
useradd [OPTIONS]
Let’s create a new user named developer
useradd developer
How to create a group?
Groups are created by using groupadd
command. Similar to user, each group in a Linux system has a unique group id.
groupadd [OPTIONS]
Let’s create a new group named developers_group
groupadd developers_group
How to add a user to a group?
sudo usermod -aG
Here’s the actual command to add the user developer
to developers_group
group
sudo usermod -aG developers_group developer
How to list the groups?
You could ask the question, “How can we verify if the created group exists? and How to verify if the user is added to the group?”. The list of groups and the users who have permission to the group are stored in a file called group
. It will be located under the /etc
directory.
We can see the available groups by reading that file using the cat
command.
cat /etc/group
This will be huge file. By default it has 70 to 100 lines. So, I’ve cropped the top and bottom part of the command’s output in the above screenshots.
The last 2 lines of the above screenshot describes that, there’s a new user called developer
, a new group called developers_group
, and the user developer
is added to the developers_group
group.
How to know the existing owner and group ownership of a file?
We have a powerful and most familiar command in Linux, which will show the permissions involved in a file/directory. i.e., ls -l
ls -l test.sh
Let’s split the output separated by space and understand each part of it,
“-rw-rw-r-- 1
" - Permission for file test.sh
1st occurrence of “ gogosoon
" - Owner of the file
2nd occurrence of “ gogosoon
" - Group ownership of the file
How to change the Owner of a file/directory?
chown
command is used to change the ownership of the file. The chown
command is abbreviated to change owner.
From our above example, we have seen the file test.sh
owned by the user named gogosoon
.
Let’s change the ownership of the file to the user admin
using the chown
command.
sudo chown admin test.sh
From the above screenshot, we can clearly see that the owner of the file test.sh
has been changed from gogosoon
to admin
.
How to copy the ownership from one file to another?
I have faced this scenario once in my career. We use a common system in some rare usecases.
One day I am working on creating hundreds of files and gave access to my colleague’s user account. But the permissions to all the files will be the same. I was so lazy to do it manually and I’m sure that there must be some commands exist to do this. So I did a quick Google search to copy permission from one file to another. After few seconds, I found the solution and it was so simple. You can do this by adding a --reference
flag.
chown --reference=
Let’s explore that with an example,
Let’s create a new file named copy.sh
with my user account gogosoon
.
The owner of the test.sh
file is admin
user (from our previous example). I want the ownership of test.sh
file to be copied to newly created copy.sh
file which was owned by gogosoon
user.
sudo chown --reference=test.sh copy.sh
From the above screenshot, the first command describes the ownership of test.sh
file which is owned by admin
user.
The second command describes the ownership of the copy.sh
file which is owned by the gogosoon
user.
The third command copies the ownership of test.sh
to copy.sh
file.
The last command again describes the ownership of copy.sh
file which is now owned by admin
user.
You may wonder that I’ve told that I created multiple files, but how did I change the ownership of all the files at once?
That’s a different story. But leaving my answer here. I created a script that loops over all the files and changes the ownership by referencing a single master file.
How to change ownership of multiple files with a single command?
You can do this by passing multiple file names to the chown
command with one user name. This sets the ownership of all the given files to that particular user.
sudo chown admin copy.sh test.sh
Here’s an example where I try to set the ownership of files copy.sh
and test.sh
to admin
user.
sudo chown admin copy.sh test.sh
How to change the group ownership of a file?
Almost all the operations related to group can be achieved with chgrp
command, which abbreviated to change group. It's almost similar to chown
command.
Syntax of chgrp
command,
I have already created a group called admin
. I do not belong to this group. Let's change the group ownership of the test.sh
file from gogosoon
to admin
group.
sudo chgrp admin test.sh
From the above screenshot, we can witness that group ownership of test.sh
file has been changed from gogosoon
to admin
. Since, I do not belong to this group, I will not have write access to the file.
Let’s verify the same by opening the file in write mode,
nano test.sh
The above screenshot describes that (highlighted with red color at the bottom), I do not have write access to the test.sh
file. Because I do not belong to the group admin
.
How to change the group ownership of a directory?
The same syntax for files is applicable for directories also. Here’s a quick example,
sudo chgrp test group_test/
But remember the above command changes the group ownership of only the files in that directory. To recursively change the group permission of all the directories inside that directory, we have to add -R
flag with it.
sudo chgrp -R admin group_test/
Now the group ownership for all the files and directories inside group_test
have been changed from gogosoon
to admin
Let’s verify the output, by trying to write a file from the directory group_test
as gogosoon
user
Hurray !!! The ownership has been applied appropriately.
Conclusion
In this article, you have learned about changing file and folder ownership of users and groups.
Subscribe to my newsletter by entering your email address in the below box to receive more such insightful articles that get delivered straight to your inbox.
Give a clap 👏, if you liked and learnt something new.
Have a look at my site which has a consolidated list of all my blogs.
Cheers !!!
Originally published at https://www.gogosoon.com on January 18, 2023.