When it comes to large organization, the Users and Groups plays important role in every side of people. There will be different levels of users in an organization. In order to scale this, We need a strong understanding of users and groups.
To protect files and directories in Linux from various types of users we can use
chgrp commands. These commands are used to manage which type of user can read, write, and execute a file.
We need to understand the basics of how groups and users work in Linux and how can we manipulate permissions for them.
Let’s get into the topic without any further ado.
Table of Contents
What are the Group and Users and use cases of the group?
A user is a normal entity to manipulate files, directories, and any type of action in a system. We can create any number of users in Linux
A group contains zero or more users in it. Users in a group share the same permissions. The group allows us to set permissions on the group level instead of having to set permissions for individual users.
Let’s consider a scenario in software development, a machine has been used by various types of people like Administrators, Developers, and Testers.
Each person should have an individual level of access to the files in a system.
Yet there will be a common set of permission allowed for developers, similarly, testers and admins. So level of permissions is common for the individual users inside their respective groups.
Let’s consider there are 10 developers and 8 testers in my team and we’re using 1 shared computer (Each of us holds a laptop too).
We want to create a file that should be accessible only to the developers. Can we achieve this without using the concept of groups? Yes. It’s achievable. But, we have to assign permission to each developer.
The next day, I get news that my team is expanding to 150 developers and 20 testers due to an immediate client requirement.
Achievable again. But, it’s not scalable. It’s so tedious to manage permission for each and every developer if they share common permissions.
Here comes the supremacy of groups 👬. If we have all 10 developers in a group called dev_group, We can simply give permission to the group dev_group.
Not only for permissions but there are other use cases for groups available too.
What are the primary and secondary groups in Linux?
As the name implies a Primary group is a group that a user belongs to that group by default.
Let’s assume your username is
arun, and you create a group called
admin, then you will belong to the group
admin by default.
A Secondary group is a group where we can add any number of users into that group.
How to create a user?
Users are created by using
useradd command. Each user in a Linux system has a unique user id.
Let’s create a new user named
How to create a group?
Groups are created by using
groupadd command. Similar to user, each group in a Linux system has a unique group id.
Let’s create a new group named
How to add a user to a group?
So, we created a user and a group. Let’s add the user (
developer) to the group (
developers_group). The command to add a user to a group is
sudo usermod -aG
Here’s the actual command to add the user
sudo usermod -aG developers_group developer
How to list the groups?
You could ask the question, “How can we verify if the created group exists? and How to verify if the user is added to the group?”. The list of groups and the users who have permission to the group are stored in a file called
group. It will be located under the
We can see the available groups by reading that file using the
This will be huge file. By default it has 70 to 100 lines. So, I’ve cropped the top and bottom part of the command’s output in the above screenshots.
The last 2 lines of the above screenshot describes that, there’s a new user called
developer, a new group called
developers_group, and the user
developer is added to the
How to know the existing owner and group ownership of a file?
We have a powerful and most familiar command in Linux, which will show the permissions involved in a file/directory. i.e.,
ls -l test.sh
Let’s split the output separated by space and understand each part of it,
-rw-rw-r-- 1” – Permission for file
1st occurrence of “
gogosoon” – Owner of the file
2nd occurrence of “
gogosoon” – Group ownership of the file
How to change the Owner of a file/directory?
chown command is used to change the ownership of the file. The
chown command is abbreviated to change owner.
From our above example, we have seen the file
test.sh owned by the user named
Let’s change the ownership of the file to the user
admin using the
sudo chown admin test.sh
From the above screenshot, we can clearly see that the owner of the file
test.sh has been changed from
How to copy the ownership from one file to another?
I have faced this scenario once in my career. We use a common system in some rare usecases.
One day I am working on creating hundreds of files and gave access to my colleague’s user account. But the permissions to all the files will be the same. I was so lazy to do it manually and I’m sure that there must be some commands exist to do this. So I did a quick Google search to copy permission from one file to another. After few seconds, I found the solution and it was so simple. You can do this by adding a
Let’s explore that with an example,
Let’s create a new file named
copy.sh with my user account
The owner of the
test.sh file is
admin user (from our previous example). I want the ownership of
test.sh file to be copied to newly created
copy.sh file which was owned by
sudo chown --reference=test.sh copy.sh
From the above screenshot, the first command describes the ownership of
test.sh file which is owned by
The second command describes the ownership of the
copy.sh file which is owned by the
The third command copies the ownership of
The last command again describes the ownership of
copy.sh file which is now owned by
You may wonder that I’ve told that I created multiple files, but how did I change the ownership of all the files at once?
That’s a different story. But leaving my answer here. I created a script that loops over all the files and changes the ownership by referencing a single master file.
How to change ownership of multiple files with a single command?
You can do this by passing multiple file names to the
chown command with one user name. This sets the ownership of all the given files to that particular user.
file1 file2 ...
Here’s an example where I try to set the ownership of files
sudo chown admin copy.sh test.sh
How to change the group ownership of a file?
Almost all the operations related to group can be achieved with
chgrp command, which abbreviated to change group. It’s almost similar to
I have already created a group called
admin . I do not belong to this group. Let’s change the group ownership of the
test.sh file from
sudo chgrp admin test.sh
From the above screenshot, we can witness that group ownership of
test.sh file has been changed from
admin. Since, I do not belong to this group, I will not have write access to the file.
Let’s verify the same by opening the file in write mode,
The above screenshot describes that (highlighted with red color at the bottom), I do not have write access to the
test.sh file. Because I do not belong to the group
How to change the group ownership of a directory?
The same syntax for files is applicable for directories also. Here’s a quick example,
sudo chgrp test group_test/
But remember the above command changes the group ownership of only the files in that directory. To recursively change the group permission of all the directories inside that directory, we have to add
-R flag with it.
sudo chgrp -R admin group_test/
Now the group ownership for all the files and directories inside
group_test have been changed from
Let’s verify the output, by trying to write a file from the directory
Hurray !!! The ownership has been applied appropriately.
In this article, you have learned about changing file and folder ownership of users and groups.
Subscribe to my newsletter by entering your email address in the below box to receive more such insightful articles that get delivered straight to your inbox.
Have a look at my site which has a consolidated list of all my blogs.