When it comes to large organizations, Users and Groups in Linux play an important role in helping keep systems secure and properly functioning.
There can be different levels of users in an organization with different roles and permissions. And you'll need a good understanding Linux permissions to manage and/or understand them.
To protect files and directories in Linux from access by certain types of users, we can use the
chgrp commands. These commands let you manage which type of user can read, write, and execute a file.
Before discussing the specifics of these commands, though, you need to understand the basics of how groups and users work in Linux. You'll also need to know how you can manipulate permissions for them.
Let's get into the topic without any further ado.
What are Group and Users in Linux?
A user is a regular entity that can manipulate files, directories, and perform various types of actions in a system. We can create any number of users in Linux.
A group contains zero or more users in it. Users in a group share the same permissions. The group allows you to set permissions on the group level instead of having to set permissions for individual users.
Let's consider a scenario in software development where a machine gets used by various types of people like Administrators, Developers, and Testers.
Each person should have an individual level of access to the files in the system. Accordingly, there will be a common set of permissions for developers, testers and admins, in their respective groups.
Let's say there are 10 developers and 8 testers on your team and you're using 1 shared computer (each of you has a laptop too).
You want to create a file that should be accessible only to the developers. Can you achieve this without using the concept of groups? Yes – it's doable. But, that means you'll have to assign permissions individually to each developer.
The next day, say you get news that your team is expanding to 150 developers and 20 testers due to an immediate client requirement.
Again, you could assign all those additional permissions individually. But, it's not scalable. It's so tedious to manage permissions for each and every developer – so why not do it all together if they share common permissions?
Here comes the usefulness of groups. If we have all 10 (or 150) developers in a group called
dev_group, we can simply give permission to the group
There are other use cases aside from permissions for groups, but we won't get into that here.
What are Primary and Secondary Groups in Linux?
As the name implies, a primary group is a group that a user belongs to by default.
For example, let's assume your username is
arun, and you create a group called
admin. Then you will belong to the group
admin by default.
A secondary group is a group to which you can add any number of users.
How to Create a User
You can create a user by using the
useradd command. Each user in a Linux system has a unique user id.
Let's create a new user named
How to Create a Group
Groups are created by using the
groupadd command. Similar to users, each group in a Linux system has a unique group id.
Let's create a new group named
How to Add a User to a Group
So, we created a user and a group. Let's add the user (
developer) to the group (
developers_group). The command to add a user to a group is
Here's the actual command to add the user
How to List Out Groups
You might wonder how you can verify if the created group exists, and how to verify if the user has been added to the group. The list of groups and the users who have permissions in the group are stored in a file called
group. It will be located under the
We can see the available groups by reading that file using the
cat command like this:
This will be huge file. By default it has 70 to 100 lines. So, I've cropped the top and bottom part of the command's output in the above screenshots.
The last 2 lines of the above screenshot describe that there's a new user called
developer, a new group called
developers_group, and the user
developer has been added to the
How to Find the Current Owner and Group Ownership of a File
There's a powerful – and likely familiar – command in Linux which shows the permissions involved in a file/directory. This is the
ls -l command:
Let's go over the output separated by spaces and understand each part of it:
-rw-rw-r-- 1– Permission for file test.sh
- 1st occurrence of
gogosoon– Owner of the file
- 2nd occurrence of
gogosoon– Group ownership of the file
How to Change the Owner of a File or Directory
You can use the
chown command to change the ownership of a file. The
chown command is abbreviated from "change owner".
From our previous example, we have seen the file
test.sh owned by the user named
Let's change the ownership of the file to the user
admin using the
chown command. We can do that like this:
From the above screenshot, you can clearly see that the owner of the file
test.sh has been changed from
How to Copy Ownership from One File to Another
I have faced this scenario once in my career. We use a common system in some rare use cases. Here's what was going on:
One day I was working on that system to complete a POC which required me to create hundreds of files with a different user ownership. A file was created with default permissions (owned by me) whenever it was created.
But I want the file to be owned by another user. I was too lazy to change the ownership for each file manually. If I changed the ownership for one file, I wanted to be able to copy the same ownership for other files. I was sure that there must be some command that allowed me to do this.
So I did a quick Google search about how to copy ownership from one file to another. After few seconds, I found the solution and it was so simple. You can do this by adding a
Let's explore this with an example:
Let's create a new file named
copy.sh with my user account
The owner of the
test.sh file is the
admin user (from our previous example). I want the ownership of
test.sh file to be copied to the newly created
copy.sh file which is owned by the
From the above screenshot, you can see that the first command describes the ownership of the
test.sh file, which is owned by the
The second command describes the ownership of the
copy.sh file which is owned by the
The third command copies the ownership of the
test.sh to the
The last command again describes the ownership of the
copy.sh file which is now owned by
You may wonder that at the beginning I told that I created hundreds of files – but how did I change the ownership of all the files at once?
That's a different story. But here's a quick answer: I wrote a script that looped over all the files and changed the ownership by referencing a single master file.
How to Change Ownership of Multiple Files with a Single Command
You can do this by passing multiple file names to the
chown command with one user name. This sets the ownership of all the given files to that particular user.
Here's an example where I want to set the ownership of the files
test.sh to the
How to Change the Group Ownership of a File
Almost all the operations related to groups can be achieved with
chgrp command (an abbreviation of "change group"). It's pretty similar to the
Syntax of the
I have already created a group called
admin . I do not belong to this group. Let's change the group ownership of the
test.sh file from
gogosoon to the
From the above screenshot, you can see that I changed group ownership of the
test.sh file from
admin. Since I do not belong to this group, I will not have write access to the file.
Let's verify the same by opening the file in write mode using
How to Change the Group Ownership of a Directory
The same syntax for files is applicable to directories also. Here's a quick example:
But remember that the above command changes the group ownership of only the files in that directory. To recursively change the group permissions of all the directories inside that directory, we have to add the
-R flag to it like this:
Now the group ownership for all the files and directories inside group_test have been changed from
Let's verify the output by trying to write a file from the directory
group_test as the
Hurray! The ownership has been applied appropriately.
In this article, you have learned about handling user and group ownership of files and folders. I hope you enjoyed reading it.
Subscribe to my newsletter by visiting my site and also have a look at the consolidated list of all my blogs.