Files and folders in Linux are owned by a user and group, this can affect which users can access the files and can be an important part of security. The command to change the ownership of a file is creatively called “chown”, short for “change owner”.
When an account is created, it is given a primary group. By default, a new group is created with the same name as the user, although it’s possible to manually set it to an existing group too. Each account can then be added to multiple secondary groups. When a user creates a document, it’s owned by them and their primary group. Access permissions for files and folders can be set for the owner, group, and globally.
If you want to configure who can access a file or folder you may need to change the owner and/or the owning group. The chown command allows you to change owner or owning group or both at the same time.
The structure of the “chown” command
The chown command takes the form “chown [fl ags] [User][:[Group]] File[s]”. Flags denote the command flags that change the behaviour of the command and are entirely optional. At least a User or Group name must be specified although both can be. One or more files and folders need to be named.
Generally, you won’t need to use any flags but there are a few that could come in useful occasionally. The flag “-R” operates recursively on files and folders. The flag “–from=[current owner][:[current group]” is used to apply the command only to files and folders current owned by the specified user or group. The flag “–help” prints the help page.
If only a username is provided, then the file’s owner is changed to that user. If a colon “:” is also specified after the username, a group name can also be specified. If the group name is left blank, then the file’s owning group is changed to the primary group of the specified user; if a group name is specified, then the group ownership is changed to that group, even if the specified user is not a part of that group. If the username is omitted and a colon and group name is supplied, then the owning group is changed while the owning user remains the same.
Note: The owning users and groups can either be specified by the user and group names, or by the associated IDs.
For example, the file file.txt can have its ownership changed to user2 and group to group2 with the command “chown user2:group2 filt.txt”. If either the new owner or group was omitted, then that setting would remain unchanged. The easiest way to see the owning user and group of a set of files is to use the command “ls -l” which shows the long-form directory listing including the name of the owner and the name of the owning group.
Why is file and folder ownership important
File and folder ownership is how access to files is restricted. For example, a user can access their user directory because they are the owner, but they can’t access another user’s home directory as they are not the owner of that.
Ownership is especially important for internet-facing services such as webservers. By ensuring that the webserver only has ownership of the files it needs to run and display websites you can protect the server from security vulnerabilities where hackers attempt to trick the webserver into displaying other files. This is the main reason that web-facing services should not be running as root but as their own user.
Tip: Services such as webservers and databases have their own user accounts and can be assigned ownership of files and folders.