Connect with us

Website

Understanding The chown Command In Linux

Published

9 months ago

on

Understanding The chown Command In Linux

The chown command in Linux is used to assign ownership. Every file and directory can have only one user and one group as an owner. In Linux, the concept of ownership is key to understanding file access, security, resource management, and accountability.

In this article, I’ll show you how to use the chown command to change a file’s ownership and give you specific use-case scenarios of why you’d want to do so.

Basics of File Ownership in Linux

To assign owners to files and directories in Linux, we use the chown command. There are three types of owners in Linux:

  1. An individual user
  2. A group
  3. Others

The “Others” refers to all users who are neither the owner nor belong to the group that is the owner. By default, there are many users and groups on a Linux server even if you’re the only user. Users don’t have to be human – in fact, most of them aren’t. Groups are merely collections of users.

To see all the groups on a Linux system, use the following command: 

cat /etc/group

This gives me the following output:

Advertisement
List of Groups in Linux
List of Groups in Linux

Each line starts with the group name. The “x” is a placeholder for the password, and the number is the group ID, followed by a comma-separated list of users belonging to that group.

If you want to see the list of users on a Linux system, use the following command: 

awk -F: '{print $1}' /etc/passwd

This generates the output as shown here:

List of Users in Linux
List of Users in Linux

As you can see, there are many users on a Linux system that aren’t linked to a human being. The “www-data” user is the one linked to a web server like Apache. You can see that we have user processes for backups, mail, and proxy.

How to See the User and Group Ownership of a File or Folder

To see who owns a file or folder in Linux, you can simply use the ls-l command. For example, I’ve created a test file on my system. I can use the following command: 

ls -l

This gives me the following output:

User and Group Ownership of a File
User and Group Ownership of a File

This output indicates that both the username as well as the group who have ownership of my testfile are “bhagwad”. This may sound strange until you realize that Linux often (depending on the system) creates a group with the same name as the username during account setup. Doing this allows Linux to automatically assign a group with the same name to the files that the user creates.

Modifying the User and/or Group Owner of a File

With the above background, we’re ready to use the chown command to change the owner of a file or folder.

Advertisement

Let’s say in my above example, I want to change the user owner of the file called “testfile” to another user – for example, the “www-data” user, instead. I would use the following command: 

chown www-data testfile

This converts the user-owner to www-data. Executing this command, and using the ls-l command after that, allows us to see that the owner has indeed changed.

www-data User is Now the Owner
www-data User is Now the Owner

You might notice that I had to use my sudo password to use the chown command to change the owner of the file. This is expected, and it’s better than logging in as root – even temporarily – to change the user.

This segways nicely into the next segment – a special case of groups, and a good illustration of how users and groups work together seamlessly in system administration in Linux.

Special Case of Groups

Linux has various system groups. Here are two examples.

The “Wheel” Group

The more visible example of a group is the “wheel” group. This group consists of users who are able to access administrative rights via the “sudo” command. Even though we can temporarily switch to the root user and access all of its power, it’s not a good idea for a variety of reasons. So Linux has a system, whereby users can access admin rights by prefixing their commands with the “sudo” keyword. Linux will then prompt the user for their password, and if the user exists in the “wheel” group, they can proceed with the admin command.

Advertisement

The origins of the “wheel” group lie in the time when someone used to be called a “big wheel” if they had power, and similarly, those in the wheel group hold unlimited power over the system, thanks to the “sudo” command. As I explain in my linked article, you can use the “visudo” tool to add a user to the wheel group.

The “www-data” Group

The www-data group is used by web servers like Apache or NGINX. Your web server needs to constantly access files and folders on the server, and it might need access to upload some files as well. Normally, all this is hidden from the user and many of us don’t even realize that a specific group for webservers exists.

But files that the web server needs to manage will need to have the “www-data” group assigned to them via the chown command.

Use-Case Scenarios for the chown Command

There are several useful ways you can use the chown command in your day-to-day life, either as an ordinary user or as a system administrator of a Linux server. Here are a few.

Using the chown Command for Collaboration

It’s easy to imagine how the chown command can be used to collaborate on projects. Let’s say you’re working with a team that needs to read the files that you create. Perhaps you’re writing the documentation for a project, and need to send the entire folder to a group of people for review. Based on your needs, you can create a group for all the collaborators on the project and give them permission to either read or write to the files.

Advertisement

Using chown for Application Security

Let’s say you’re setting up a web server, and need to configure your security parameters. Web servers are a particularly juicy target for attacks, and so it’s the responsibility of everyone setting up a web server to take measures to “harden” it.

One such measure is ensuring that only the right people and system processes can access and write to your site’s files. For example, as we’ve seen, the www-data user and group belong to the web server. So the following command will allow the webserver to both read and write to the “uploads” folder: 

sudo chown -R www-data:www-data /var/www/website/uploads

The “uploads” folder is relatively low-risk. But we might not want the webserver to have write permissions to another folder containing application files. So we assign an application’s folder to an individual user as well – like this: 

sudo chown -R webadmin:www-data /var/www/website

Now we use the chmod command to allow the user-owner to read and write to the folder, but we only allow read writes to the webserver: 

sudo chmod -R 755 /var/www/website 
sudo chmod -R 775 /var/www/website/uploads

This way, the webserver has read and write access to the “uploads” folder, but only read access to the main website, since the user-owner is different for the “uploads” folder and the main application directory.

Advertisement

Conclusion

The chown command is a very flexible tool that allows you to assign owners – be they groups or individuals to specific files and directories. This allows you to fine-tune the permissions that each has for purposes like security, collaboration, and administration.

Related Topics:

Stephen Oduntan is the founder and CEO of SirsteveHQ, one of the fastest growing independent web hosts in Nigeria. Stephen has been working online since 2010 and has over a decade experience in Internet Entrepreneurship.

Continue Reading
Advertisement
Comments

Trending

Copyright © 2024 SirsteveHQ. All Rights Reserved.