chown File Ownership

chown cheatsheet — change file and directory ownership on Linux. chown user:group file, chown -R www-data /var/www, chown --reference. Every ownership pattern covered.

6 min read

chown - File Ownership Cheatsheet

What it is

chown is a command-line utility for changing the owner and group of files and directories on Unix-like systems. You reach for it when you need to grant or revoke access to files by changing who "owns" them.

Installation

chown is a core utility and is pre-installed on most Linux and macOS systems.

Linux: No installation needed.

macOS: No installation needed.

Windows: chown is not a native Windows command. For similar functionality on Windows, you would typically use the icacls command or the graphical user interface (GUI) for file properties.

Core Concepts

  • Owner: The user account that has primary control over a file or directory.
  • Group: A collection of user accounts. Files and directories can be associated with a group, allowing multiple users within that group to share access.
  • Permissions: While chown changes ownership, permissions (read, write, execute) determine what the owner, group, and others can do with the file. chown is often used in conjunction with chmod to manage access.

Commands / Usage

Changing the Owner

  • Change owner of a file:

    chown alice my_document.txt

    Makes alice the new owner of my_document.txt.

  • Change owner of a directory (and its contents recursively):

    chown bob /var/www/html

    Makes bob the new owner of the /var/www/html directory and everything inside it.

Changing the Group

  • Change group of a file:

    chown :developers report.pdf

    Changes the group ownership of report.pdf to the developers group. The colon : indicates only the group is being changed.

  • Change group of a directory (and its contents recursively):

    chown :www-data /var/log/apache2

    Changes the group ownership of the /var/log/apache2 directory and its contents to the www-data group.

Changing Both Owner and Group

  • Change owner and group of a file:

    chown alice:developers config.yml

    Makes alice the owner and developers the group owner of config.yml.

  • Change owner and group of a directory (and its contents recursively):

    chown charlie:staff /home/charlie/projects

    Makes charlie the owner and staff the group owner of the /home/charlie/projects directory and everything within it.

Using User and Group IDs (UID/GID)

You can also use numerical User IDs (UID) and Group IDs (GID) instead of names. This is useful when user/group names might not be consistent across systems or when dealing with system accounts.

  • Change owner using UID:

    chown 1001 my_script.sh

    Sets the owner of my_script.sh to the user with UID 1001.

  • Change group using GID:

    chown :1005 data.csv

    Sets the group of data.csv to the group with GID 1005.

  • Change owner and group using UID and GID:

    chown 1001:1005 shared_file.dat

    Sets the owner to UID 1001 and the group to GID 1005 for shared_file.dat.

Common Flags

  • -R, --recursive: Recursively change ownership of directories and their contents. This is one of the most frequently used flags.

    chown -R webmaster:www-data /srv/www

    Changes ownership of /srv/www and all files/directories within it to webmaster and www-data respectively.

  • -v, --verbose: Explain what is being done. Useful for scripts or when you want to see each file being processed.

    chown -v user1:group1 /data/*

    Shows each file in /data/ for which ownership is being changed to user1:group1.

  • -c, --changes: Like verbose, but report only when a change is made.

    chown -c alice:users *.txt

    Reports changes only for .txt files that were actually modified.

  • -H: If the target of a symbolic link is a directory, traverse it.

    # Example scenario: link_to_dir is a symlink to /path/to/actual/dir
chown -R -H owner:group link_to_dir

    This will change ownership recursively for files within link_to_dir as if link_to_dir were the actual directory /path/to/actual/dir.

  • -L: Always follow symbolic links. If a symbolic link points to a directory, traverse it.

    chown -R -L owner:group my_project_dir

    Ensures all symbolic links are followed and their contents are processed recursively.

  • -P: Never follow symbolic links. This is the default behavior.

    chown -R -P owner:group my_project_dir

    Ownership changes will not be applied to the targets of symbolic links.

Common Patterns

  • Setting up web server directories:

    sudo chown -R www-data:www-data /var/www/html

    Commonly used to give the web server user (www-data on Debian/Ubuntu, apache on CentOS/RHEL) ownership of web root files.

  • Giving a user full control over their home directory:

    sudo chown -R $(whoami):$(whoami) $HOME

    Ensures the current user owns all files and directories in their home directory. $(whoami) dynamically inserts the current username.

  • Changing ownership of newly created files (e.g., by a service): If a service creates files owned by root but you want your user to manage them:

    sudo chown -R youruser:yourgroup /path/to/service/data

  • Changing group for shared access:

    sudo chown -R :project_team shared_files/

    Makes all files in shared_files/ belong to the project_team group, allowing members of that group to access them (assuming correct permissions are set via chmod).

Gotchas

  • sudo is usually required: Changing ownership of files not owned by your user typically requires root privileges. Forgetting sudo will result in "Operation not permitted" errors.

    # This will likely fail unless you are the owner of /etc/passwd
chown alice /etc/passwd
# This is the correct way if you are not root
sudo chown alice /etc/passwd

  • Recursive (-R) is powerful and dangerous: Be extremely careful when using chown -R. Applying it to the wrong directory (like /) can break your system by changing ownership of critical system files. Always double-check the target directory.

  • Symbolic Link Behavior (-H, -L, -P): The default behavior (-P) is often what you want – not to follow symlinks. If you intend to change ownership of the target of a symlink, use -L or -H with caution. -L is generally safer than -H if you want consistent recursive behavior across symlinks.

  • User/Group Existence: chown will accept any number or name for a user/group. If the user or group doesn’t actually exist on the system, it might not cause an immediate error but can lead to confusion or access issues later. It’s best practice to ensure the target user and group exist.

  • Changing Ownership of Mount Points: If you chown -R a directory that is a mount point for another filesystem (e.g., an external drive, NFS share), chown will operate on the mounted filesystem, not the directory itself. This can lead to unexpected results or errors if the target filesystem doesn’t support the operation or has different ownership rules.