The “chown” command in Linux changes the file or directory owner. It can also be used to change the group ownership for the file or directory. The next questions you probably have are: Who is an owner of a file or directory? What is a group for a file or directory? What permissions (rights or privileges) do owners and groups have for a file or directory?
Imagine that you have built your house, and you are staying there alone. So, you naturally have the permission to do anything in any room or any equipment in your house. There are other people like you, who have built their own houses and are living alone. You belong to at least one association whose members are people like you. There are many other people like you who do not belong to the associations you are a member of. The members of your associations belong to other associations you do not belong to, and that is not any business of yours.
The associations to which you are a member, can hold meetings in your house. When they are holding a meeting in your house, they have the permission to use your toilet, your internet connection, and to use your television set. They do not have any other permission in your house. You have similar permissions in their own houses when you attend meetings in their houses.
There is a company today that has branches worldwide. This company can arrange with you to turn your house into a temporary hotel. For example, a stranger comes into your area and does not have enough money to pay for a standard hotel. So, the stranger arranges with the company and you to use your house for one week and pay you and the company some money; possibly less than what he would have paid to a hotel. You leave your house and go and stay with a friend, or you travel. Of course, you would limit the permissions on what the person can do with your house. This person may be like you; might have built his own house somewhere, possibly staying alone, might belong to his own associations, but you do not know him. Or, he may be renting an apartment, with a wife and children, but still, you do not know him. You would allow him to sleep in your guest room, and not in your master’s bedroom. He cannot use your internet connection or your television set; probably because you have not paid for the last bills. Of course, he can use your toilet, assuming the toilet is not in the master’s bedroom.
There are three sets of people here: you, your associations and their members, and then others who are strangers. Do you really own your house alone? You have all the rights (permissions) in your house. Members of your associations, which you call your groups, also have quite some rights in your house. Others, who are the strangers, have some minimal number of rights in your house.
In terms of Linux, there are three levels of ownership. You, the person who built the house, is known by the government of your country, as the owner of the house. Linux calls you the owner and the user of your house. Linux also believes that as soon as you finished building your house, you had your own association (group), of which you were the chairman (leader) of the association (group); and it was a one-person group, for the start. The groups (associations) you belong to, or would belong to, are secondary owners of your house. Others, the strangers, are tertiary owners of your house, and they pose the greatest risk in terms of security. They can rent your house and on leaving, they steal your television set, and you would never be able to see them again.
It is your house and you are free to give all these three owners all your rights. Well, there is a superuser who is the government. Linux also calls the superuser, the root. If the government deems it that you are not really mentally sound, the government can revoke your right to own a gun if you are in a country, where people are allowed to own guns. If you borrowed money from a bank with your house as a guarantee and you cannot pay back the money, the government will remove you from your house, give your house to the bank, so that the bank can sell it and regain their money. So, under certain circumstances, the government can revoke some or all of your rights, to your house.
Ownership to files and directories in Linux is similar to ownership of a house as illustrated above. This is based on the percentage of the total rights that different users have on a file or directory. Ownership actually depends on the different permissions the three sets of people have. There are three common permissions in Linux: the privilege to read, the privilege to write and the privilege to execute a file or directory. And there is a superuser, the person who creates users and groups and has all the privileges to all the files and directories in the computer. He can revoke all the rights of all the users and groups. Users and group members must login in order to use the files and directories in the computer. Others do not really have to login (do not have to own accounts), in order to use the files and directories. They are usually given the right only to read files and directories. For example, they can be given the right to read only web page files. Web page files are stored in directories.
The issue with the chown command in Linux is more on what to do with the command than how to use it. In fact, how to use the chown command is a short tutorial. Many people have problems on how to use the chown command because they do not really know what to do with it. What to do with the chown command is a longer tutorial than how to use it. Once you know what to do with it, it becomes easy to know how to use it. What to do with it is Linux’s (technical) answer to the above questions. So, this article spends more time on what to do with the chown command before spending a short time on how to use it. At the end of this tutorial article, you will be satisfied on what to do with the command and on how to use it.
- Read, Write and Executive Permissions
- The “ls -l” Command
- Changing File and Group Owner
As mentioned above, ownership is of three sets of people. The superuser (also called the root), makes you a user of the computer (Linux operating system), by allowing you to have a username and password so that you can log into the computer. You may be given a home directory which is an immediate sub-directory to the root directory. In this directory, you are typically given a user directory which has your username, and it is an immediate sub-directory to the home directory. From the user directory, you can create your own directory tree.
Once you create any sub-directory, you are the owner of that sub-directory. And you should have all the three permissions of read, write and execute for that directory. The superuser can allow you to join other groups. You can give these groups (associations) only the read (permission) to any of your directories. And so, they have some small ownership to that particular directory. You can still give these groups both read and executive rights to a particular directory of yours, and so, increasing their ownership. Well, you can give these groups all three rights: read, write and execute. When you do that, know that they almost own that directory, as well as you.
You can give one, two or all these three rights to others, who are people you do not know: that is, people who can use files in the computer without properly logging into the computer. If you are foolish enough to give them all three rights, then know that they can use the write privilege to modify your files and cause harm to information for you, and your users. The advice is that, you give others only the read permission to some of your directories and some of your files.
Ownership to files is the same as ownership to directories. The advice is that you give others only the read privilege (permission) to document files, such as web pages; and give executive privilege to others, only for the executable files, they need.
Note: Ownership in Linux is not among users. It is among a user and his groups. Others can be considered as one large group.
You give the same permissions of a particular file or particular directory, to all your groups. Different files or different directories can have different permissions for different groups. However, the same file or the same directory has the same rights for all your groups.
Changing ownership between users, means giving all your rights (privileges) of a file or directory, to another user. These same rights can be given to a group where there will be a principal owner of the file or directory.
The person who creates a file or directory is the user and principal owner of the file or directory. A group consists of users. A group may have only one member.
Once you become a user of a computer (operating system), you are given a group for which at the start, you are the only member. You can add members to this group. This group is called your default or primary group. This group is also called your login-group, and it is initially given your username. Secondary groups are identifiable groups of users who must login properly. Others can be considered a large group which is not a secondary group and is not really identifiable.
A user has a username and a user ID which is a unique positive integer. A group has a group-name and a group ID, which is a positive integer.
Read, Write and Executive Permissions
These permissions are also called rights or privileges. The “ls -l” command lists the files and sub-directories of a directory. Each listed line is begun by the permissions. r means read privilege; w means write privilege; and x means execute privilege
This gives a user the permission to read (view) the content of a file. If it is a program file, the user will be able to view the code of the file.
For a directory, this is the permission to list the items (files and directories) of a directory, with the ls command.
This gives a user the permission to modify the content of a file. This would exclude the permissions to rename the file, or to delete the file or to move the file (to a different directory). These extra permissions, belong to the owner (principal owner) of the file. These extra permissions also belong to the superuser.
For a directory, the write permission, gives the user the privilege to edit the content of the directory. This means that the user (from a group) can add files, delete files or rename files in that directory.
This allows the user to execute (run) a program file or a script. A script is a kind of program file. A document file, like a web page, has to be displayed (executed) by a program file, such as the browser (e.g., Mozilla Firefox Browser). The user in this case has the read permission for the document file which is at the server computer. He also has the execute permission of the browser which is at the client computer. The browser executes the presentation of the web page.
The execute permission for a directory allows a user to enter into the directory with the cd command. The user still needs the read directory permission in order to list the content of the directory.
The “ls -l” Command
When the “ls -l” command is executed for a directory, the output may be something like:
drwxr-xr-x 2 john grup1 4096 Jan 9 10:11 dir1
-rw-r--r-- 1 john grupA 675 Jan 7 12:05 profile
drwxr-xr-x 4 john grup2 4096 Jan 7 14:55 dirA
The first column with 10 characters, indicate the permissions for the file or directory on that line. For the second column, if the line is for a file, the value is 1. If it is for a directory, the value can be more than 1. In that case, it would be the number of files and sub-directories in the directory. The next column indicates the owner (principal owner) of the file or directory. The column after indicates the group that can use the file or directory.
The very first character in the first column can be a dash (-), meaning it is for a regular file. It can be a ‘d’ for a directory. It can be an ‘s’ for a special file. After that, there are nine characters in three parts each of three characters. The first part of three characters shows the permissions for the owner (principal owner). This owner is also called the user. The second part of three characters is for the group that can access the file or directory. The name for this group is given in the fourth field (column) on the line. The third and last part of three characters, for the first column, shows the permissions for others which can be considered as a large group, which is a very unreliable third owner of the file or directory. Others does not have a real name and so its name is not indicated in the line; but its permissions are indicated, as the third part of the first column.
For each part of three characters, in the first column, the first position can have a -, meaning there is no read permission, or an ‘r’, meaning there is a read permission. The second position can have a -, meaning there is no write permission, or a ‘w’, meaning there is a write permission. The third position can have a -, meaning there is no execute permission, or an ‘x’, meaning there is an execute permission.
Changing File and Group Owner
With the chown command, there is no real exchange of owners. It just replaces the old user with a new user, or replaces the old group with a new group. There are two syntaxes for chown. The one most commonly used is:
In Linux, a directory is a kind of file, and it fits into this syntax in the position of FILE. FILE should include the path if you are not in the directory of the file. There can be more than one file for FILE.
Remember that the write permission does not include the authority to rename the file, or to delete the file or to move the file. When the user ownership is changed, the permissions shown by the “ls -l” command as well as these extra permissions are changed for the user. When the group is changed, only the permissions shown by the “ls -l” command for the group are changed. The default group can be changed as explained below.
In the typed command, the username can be replaced by the user ID (UID); the group-name can be replaced by the group ID (GID). Only the username or group-name is used below.
Remember, that ownership is in three sets (three levels): the user, the group, and others. The idea for the group is that, instead of giving the same combination of read, write, execute privileges to different users repeatedly, you give it once with a single command to a group of users.
Changing Owner Without Changing Group
Use the simplified syntax,
The user executing this command is not the superuser. Chown is preceded by sudo, which gives the user the superuser’s privilege to change ownership. And so, the new user, john becomes owner of the file, report.txt. The person (user) executing the command has entered (is in the) directory that has the file, report.txt. When using sudo, you may be asked for your password. – If so, type your password.
Changing Owner and Group as Well
Use the simplified syntax,
There should be no space between the username and ‘:’, and no space between ‘:’ and the group-name.
Here, john might have replaced the old user, peter; and grpA might have replaced the old group, grp1.
Changing Owner and Making the New Group, the Receiver’s Default Group
A user’s default group is the user’s login group. The user can change his ownership. However, instead of changing the associated group to just another group, he can change it to the receiver’s default (primary) group.
For this, use the simplified syntax,
The group-name is omitted, but the colon and username are included.
Changing Group Without Changing User
To change the group without changing the principal owner, use the simplified syntax:
The username is omitted, but the colon and group-name are included.
Making Sure to Remove Ownership from Those Who Do Not Want It Again
With the above command lines, ownership can be removed from the wrong person or wrong people. To avoid this, include the givers with the “from” option,
And the simply syntax becomes:
With this, you are sure that you typed the correct givers.
Changing Ownership in Directory and into All Sub-Directories
To change the ownership of a directory and all the files and sub-directories of the sub-tree, use the -R option. And so, the simple syntax becomes:
Here, the directory in question with the sub-tree is, dirA.
All the above are the main points for the chown command in Linux.
In order to understand the chown command in Linux, you have to know what it does. In trying to know what is does, you would know why it exists in the first place. Chown in Linux changes the file or directory owner. Ownership in Linux exists in three sets (or three levels). These three sets are the principal owner, the group that is associated with the file, and others. When you create a file, you are the principal owner of that file. Each of the owners has a combination of read, write and execute privileges. The owner and the superuser have the extra privileges to rename the file, to delete the file or to move the file. The next command you should learn, is the change-mode command (chmod), which changes the combination of read, write, execute privileges, for the different sets of owners.