Table of contents
We’re Earthly. We make building software simpler and, therefore, faster. This article is about Linux file permissions and ownership. If you enjoy doing things at the command line you might like Earthly. It’s a pretty great open-source build tool.
In Linux, file, and directory ownership is a core aspect of the operating system’s security and file management model. Each file and directory has an owner and a group assigned to it. The owner of a file or directory is the user who created it, and the group is a collection of users who share the same permissions for that file or directory.
chown command, which stands for “change owner”, has been the de facto tool in the Unix operating system for changing the owner of a file or directory. During the 1990s, as Linux was being developed, many Unix commands were ported over to the new operating system, including
Understanding file and directory ownership is important for managing and securing a Linux system. Proper ownership ensures that only authorized users have access to sensitive files and directories, and can help prevent data breaches and security vulnerabilities.
In this article, software developers can learn everything they need to know about Linux file and folder ownership. This includes discussing different methods for changing ownership (including
chown) and how this topic relates to file permissions.
Before you begin to use
chown, you need to learn how to read and interpret Linux file ownership and permissions.
How Linux Permissions Work
The operating system grants file and directory owner’s certain permissions. For files, the read permission allows the owner to view the contents of the file, the write permission allows them to modify the contents of the file, and the execute permission allows them to run the file as a program.
For directories, the read permission allows the owner to list the contents of the directory; the write permission allows them to add, remove, and rename files and directories within the directory; and the execute permission allows them to access the contents of the files in the directory.
Other (non-owner) users and groups may also have permission to read, write, or execute a specific file, depending on the permissions set on the file or directory.
Linux permissions can seem confusing at first, but there are a lot of resources that can help you understand them better.
To see the permissions of any given file, you can use the
Listing File and Directory Permissions
ls is a command used on Linux operating systems for listing files and directories on any system.
On most modern Linux desktop systems, like Ubuntu Desktop or Fedora, you’re typically given a standard user that you set up and name during the installation process. For example, here, the user is called
demo@localhost:~$ ls docs downloads photos todo.txt
ls command lists all the files and directories in your user’s home directory. However, this isn’t very useful. Try adding the
-l argument to our
ls command like this:
demo@localhost:~$ ls -l total 16 drwxrwxr-x 2 demo demo 4096 Apr 12 22:23 docs drwxrwxr-x 2 demo demo 4096 Apr 12 22:23 downloads drwxrwxr-x 2 demo demo 4096 Apr 12 22:23 photos -rw-rw-r-- 1 demo demo 39 Apr 12 22:24 todo.txt
Using the preceding code, you get a lot more information about each file and directory. The relevant parts of the output are broken down as follows:
drwxrwxr-x: This section describes the permissions for the file or directory. The first character,
d, indicates that this is a directory. The next nine characters are broken up into three groups of three characters each. The first three characters describe the permission level that the file owner currently has, the next three characters display the permission level that the assigned group has, and finally, the last three characters describe the permissions that everyone else has (in other words, a user who is not the file owner and/or does not belong to the assigned group).
demo demo: The first instance of
demois the file owner, a user called
demo; while the second instance is the assigned group, also called
4096: This indicates the size of the file in bytes or the size of the directory metadata in bytes.
Apr 12 22:23: This shows us the last time that the file or directory was modified.
docs: This is the name of the directory.
chown to Change Owners
Once you get the hang of listing and reading the permissions of a file or directory, you can start experimenting with the
Take a look at an example of a
chown command in the format
chown <newowner-username> <filename>:
chown notdemo todo.txt`
If your command executes successfully, then you’ve changed the owner of the
todo.txt file, thanks to the robust way that Linux handles file ownership.
However, look at this next example:
demo@localhost:~$ chown notdemo todo.txt chown: changing ownership of 'todo.txt': Operation not permitted
chown typically requires administrative-level access to the system. While it may seem like an inconvenience, it’s actually an intentional safeguard that prevents users from making unauthorized changes to someone else’s files.
So whether you’re installing a new software package or fixing permissions on a particular directory, it’s extremely likely that you’ll be running this command as the root user.
chown command as the root user:
demo@localhost:~$ sudo -i root@localhost:~# chown notdemo /home/demo/todo.txt root@localhost:~# exit
Your Linux configuration or distribution may have a different method for interacting with or becoming the
root user. Consult with your specific online documentation on how to use the
sudo command properly.
Notice how you now need to specify the full path to the file. That’s because the root user gets logged into its own home directory and not the home directory of the demo user. The
exit command breaks you out of the root shell and back into your standard user shell.
Take a look and see whether your changes have taken hold:
root@localhost:~$ ls -l total 16 drwxrwxr-x 2 demo demo 4096 Apr 12 22:23 docs drwxrwxr-x 2 demo demo 4096 Apr 12 22:23 downloads drwxrwxr-x 2 demo demo 4096 Apr 12 22:23 photos -rw-rw-r-- 1 notdemo demo 39 Apr 12 22:24 todo.txt
The owner of the file is no longer
demo and is now
notdemo. But see if you can still read the file:
root@localhost:~$ cat todo.txt * Feed the cat! * Mow the lawn * Chill
Yes! But why? It all comes down to read, write, and execute permissions.
Managing Read, Write, and Execute Permissions
rwx pattern shows us the permission level that the owner, group, and everyone else has. Take a look at the pattern for the
demo@localhost:~$ ls -l todo.txt -rw-rw-r-- 1 notdemo demo 39 Apr 12 22:24 todo.txt
-rw-rw-r-- string shows you that the file owner (
notdemo) can read from and write to the file. The
demo group has the same permissions. Everyone else can only read the file.
Test this by trying to add another task to the file using the append operator (
demo@localhost:~$ echo "* Sleep" >> todo.txt demo@localhost:~$ cat todo.txt * Feed the cat! * Mow the lawn * Chill * Sleep
That worked, and for a good reason. You executed the
echo command as the
demo user, but the
demo user still belongs to the
demo group as well:
demo@localhost:~$ cat /etc/passwd | grep ^demo demo:x:1001:1001:,,,:/home/demo:/bin/bash demo@localhost:~$ cat /etc/group | grep ^demo demo:x:1001:
demo user belongs to group ID
1001, which is indeed the
demo group. For argument’s sake, change the group of the file to
notdemo as well:
demo@localhost:~$ sudo -i root@localhost:~# chown notdemo:notdemo /home/demo/todo.txt
Notice how the first argument for the
chown command changed slightly. It’s using a
<username>:<groupname> format to specify both the username and the group that the file now belongs to:
demo@localhost:~$ ls -l total 16 drwxrwxr-x 2 demo demo 4096 Apr 12 22:23 docs drwxrwxr-x 2 demo demo 4096 Apr 12 22:23 downloads drwxrwxr-x 2 demo demo 4096 Apr 12 22:23 photos -rw-rw-r-- 1 notdemo notdemo 47 Apr 12 23:14 todo.txt demo@localhost:~$ echo "* Wake up" >> todo.txt -bash: todo.txt: Permission denied
Now the file cannot be modified by the
demo user because they don’t have owner- or group-level write permissions on the file. However, the
demo user can still read the file:
demo@localhost:~$ cat todo.txt * Feed the cat! * Mow the lawn * Chill * Sleep
That’s because the everyone part of the set permissions still allows read operations on the file.
Now that you’ve got the basics of
chown down, take a look at some other arguments and examples.
Changing Ownership of Multiple Files
To change the ownership of multiple files at once, you can include wildcard characters.
In the following example, you can see that your home directory contains three
.txt files, all owned by the
demo user and group:
demo@localhost:~$ ls -l *.txt -rw-rw-r-- 1 demo demo 0 Apr 12 23:29 today.txt -rw-rw-r-- 1 demo demo 0 Apr 12 23:29 tomorrow.txt -rw-rw-r-- 1 demo demo 0 Apr 12 23:29 yesterday.txt
root user, change the owner of all the files starting with
demo@localhost:~$ sudo -i root@localhost:~# chown notdemo:notdemo /home/demo/to*.txt root@localhost:~# exit
Now you can confirm that the file owner has been changed to
notdemo for those specific files but not the others:
demo@localhost:~$ ls -l *.txt -rw-rw-r-- 1 notdemo notdemo 0 Apr 12 23:29 today.txt -rw-rw-r-- 1 notdemo notdemo 0 Apr 12 23:29 tomorrow.txt -rw-rw-r-- 1 demo demo 0 Apr 12 23:29 yesterday.txt
Recursively Changing All File Owners in a Directory and Its Subdirectories
In the following example, you have a
2023 directory containing some assignments you did in
Feb, each in their own respective directories:
demo@localhost:~$ ls 2023 demo@localhost:~$ ls -lR .: total 4 drwxrwxr-x 4 demo demo 4096 Apr 12 23:36 2023 ./2023: total 8 drwxrwxr-x 2 demo demo 4096 Apr 12 23:39 Feb drwxrwxr-x 2 demo demo 4096 Apr 12 23:39 Jan ./2023/Feb: total 4 -rw-rw-r-- 1 demo demo 28 Apr 12 23:39 feb_assignment.txt ./2023/Jan: total 4 -rw-rw-r-- 1 demo demo 60 Apr 12 23:39 jan_assignment.txt
Recursively change the owner of all the files and directories in the
demo@localhost:~$ sudo -i root@localhost:~# chown -R notdemo:notdemo /home/demo/2023 root@localhost:~# exit
Then take a look at the results again:
demo@localhost:~$ ls -lR .: total 4 drwxrwxr-x 4 notdemo notdemo 4096 Apr 12 23:36 2023 ./2023: total 8 drwxrwxr-x 2 notdemo notdemo 4096 Apr 12 23:39 Feb drwxrwxr-x 2 notdemo notdemo 4096 Apr 12 23:39 Jan ./2023/Feb: total 4 -rw-rw-r-- 1 notdemo notdemo 28 Apr 12 23:39 feb_assignment.txt ./2023/Jan: total 4 -rw-rw-r-- 1 notdemo notdemo 60 Apr 12 23:39 jan_assignment.txt
As you can see, all the directories, subdirectories, and files in the subdirectories now have a different username and group assigned to them.
Other Ownership and Permission-Related Commands
Here are a few brief examples of other commands that you might run into when managing file and directory permissions on a Linux file system:
chgrp is very similar to
chown, as it allows you to change only the group assigned to the file. Currently, the command isn’t as useful as it once was because the newer
chown syntax allows you to change groups as well by using the
<username>:<group> format for the first parameter.
chmod command allows you to add or remove certain permissions to any file that already has a username and group defined. For example, you might have a file that needs to be able to be written to by everyone. Everyone can read the following file because the last three characters of the permissions string only have an
r in that position:
demo@localhost:~$ ls -l *txt -rw-rw-r-- 1 demo demo 0 Apr 12 23:55 writehere.txt
But you can change that:
demo@localhost:~$ sudo -i root@localhost:~# chmod o+w /home/demo/writehere.txt root@localhost:~# exit
Then go back and view the file permissions:
demo@localhost:~$ ls -l *.txt -rw-rw-rw- 1 demo demo 0 Apr 12 23:55 writehere.txt
Now you can see that the
w flag has been set for everyone else. The
o in the command means “other” or “everyone else”. If you want to expand your knowledge of the
chmod command, check out these other examples.
The Root User Has Special Permissions
As you may have noticed, many of the permissions-related commands require you to execute the relevant commands as the root user. The root user on a Linux system is the account with the highest level of system privileges. It can perform any action on the system, including installing and removing software, modifying system files and configurations, and creating and deleting user accounts.
Because the root user has unrestricted access to the system, it’s highly recommended to only use this account when absolutely necessary. For all other day-to-day activities, a normal user account should be utilized.
In this quick guide, you’ve got the hang of using
chmod to manage Linux file permissions and ownership. Sure, it can be tricky, but there are loads of resources to help you out, like official docs, online tutorials, and forums. Some cool places to start could be Linux Documentation Project, LinuxQuestions.org, or the Ubuntu Community Help Wiki.
Now that you’ve mastered Linux permissions, why not level up your build automation game with Earthly? It’s a great tool to streamline your development process.