In Unix and Linux, each file and directory belong to a user and a group. To allow other users to read, write, or execute them, we can change their access rights—also called permissions—using the chmod command. Another way to achieve this consists in directly transferring their ownership to another user or group of users using the chown command. However, unlike chmod, the chown command is more sensitive and requires elevated privileges to be executed.
In this post, we’ll discuss why the chown command requires superuser privileges and what are the most common pitfalls to avoid when using it.
Executing the chown command as root with sudo chown
In Linux, regular users are not allowed to change the ownership of files or directories, even if they own them.
The main reason for this security mechanism is to prevent users from acquiring or giving away files they’re not supposed to, which could end up being harmful to the system or flagged as suspicious activity.
For example:
- A user could bypass their assigned disk quota—which is the amount of space allotted to each user for file storage on a given computer—by creating a file in a directory only accessible by them, and transfer the ownership of this file to another user. This file would then count towards the disk quota of another user and not themselves.
- A user could give away a file containing illegal or compromising data to another user, without leaving a trace of who originally created it.
- A user could usurp the identity of another user and transfer the ownership of a private file to themselves.
- A user could accidentally change the ownership of a binary required by the operating system, resulting in broken commands such as sudo.
Using the sudo command
To execute the chown command, a user will have to be registered on the list of sudoers, and temporarily gain elevated privileges through the use of the sudo command.
$ sudo chown
Run in WarpChoosing a user for sudo chown <user>
When using sudo chown command, the user argument designates any user account registered on the system, which can be, for example, your own account (e.g. johndoe) or the root account.
Using user identifiers UIDs
One valid argument as <user> is a user identifier (UID). On Unix-like operating systems, each user is identified by a unique value called the UID. On most distributions, identifiers below 1000 are reserved for a special type of users called system users, which are in fact security identities used by system daemons.
Since the chown command allows you to either use symbolic names (e.g. foobar) or identifiers (e.g. 1001) to specify the user or group you want to transfer the ownership of a file to, you have to make sure not to mistake them with numeric permissions, such as the ones used with the chmod command.
For example, executing the following command will result in the target file being transferred to the user identified on the system by the UID 777.
# This 777 refers to the user with UID 777
# very different from the common chmod 777 command
$ sudo chown 777 file
Run in WarpAvoiding common pitfalls
The execution of the chown command is definitive and can be extremely harmful to the operating system if not used with caution. In this part, we’ll cover the most common pitfalls to avoid when using it.
Transferring ownership to the root user (sudo chown root)
Transferring the ownership of files and directories to the root user in order to restrict their access is usually discouraged. Instead, it is better to use the chmod command to change their permissions.
For example, transferring the home folder of a user to the root user, will result in this user being unable to access or operate on its files anymore.
# DON’T RUN THIS
$ sudo chown root:root /home/foobar
Run in WarpUsing the recursive flag (sudo chown -r)
The chown command has a handy but quite dangerous option flag -R, that allows you to recursively change the ownership of the entries contained in a specific directory.
$ sudo chown -R <user> <file>
Run in WarpThis command is often combined with the whoami command–itself executed within a subshell using the command substitution syntax $(command) –which allows the transfer of the targeted entries onto the user you are currently logged in as.
$ sudo chown -R $(whoami) file
Run in WarpWhen using this flag, you have to be careful not to insert any undesirable spaces or typos in the path of the target directory, especially if your path starts at the root directory (/), as you might otherwise end up with a broken system. As a rule of thumb, it is usually discouraged to change the ownership of files that belong to the system or the root user.
For example, executing the following command will result in all the entries of the filesystem to be assigned to the foobar user, which will cause commands such as sudo to become unusable, thus preventing any user from gaining elevated privileges.
# DON’T RUN THIS
$ sudo chown -R foobar / var/www
Run in WarpWritten by
Razvan Ludosanu
Founder, learnbackend.dev
Filed Under
Related Articles
List Open Ports in Linux
Learn how to output the list of open TCP and UDP ports in Linux, as well as their IP addresses and ports using the netstat command.
Count Files in Linux
Learn how to count files and folders contained in directories and subdirectories in Linux using the ls, find, and wc commands.
How to Check the Size of Folders in Linux
Learn how to output the size of directories and subdirectories in a human-readable format in Linux and macOS using the du command.
Linux Chmod Command
Understand how to use chmod to change the permissions of files and directories. See examples with various chmod options.
POST JSON Data With Curl
How to send valid HTTP POST requests with JSON data payloads using the curl command and how to avoid common syntax pitfalls. Also, how to solve the HTTP 405 error code.
Format Command Output In Linux
Learn how to filter and format the content of files and the output of commands in Linux using the awk command.
Create Groups In Linux
Learn how to manually and automatically create and list groups in Linux.
Switch Users In Linux
Learn how to switch between users, log in as another user, and execute commands as another user in Linux.
Remover Users in Linux
Learn how to remove local and remote user accounts and associated groups and files in Linux using the userdel and deluser commands.
Delete Files In Linux
Learn how to selectively delete files in Linux based on patterns and properties using the rm command.
Find Files In Linux
Learn how to find and filter files in Linux by owner, size, date, type and content using the find command.
Copy Files In Linux
Learn how to safely and recursively copy one or more files locally and remotely in Linux using the cp and scp command.
