How to change ownership of files and directories in Linux

Changing ownership of files and directories in Linux controls who can read, modify, or execute data on a system. Correct ownership keeps application data under the right service accounts, isolates user home directories, and prevents accidental access to sensitive files. Adjusting ownership becomes essential after restoring backups, migrating data, or copying files as root.

In Linux, each filesystem object has a user owner and a group owner, represented as user:group and backed by numeric user IDs (UIDs) and group IDs (GIDs). Commands such as chown and chgrp modify these fields, allowing ownership changes for individual paths, whole directory trees, or patterns like wildcards. Tools such as stat and ls -l reveal current ownership so changes can be planned and verified.

Ownership changes typically require administrative privileges through sudo or a root shell, because taking control of files can expose or deny access to others. Recursive operations against system directories can break services or lock users out if applied to the wrong path, so verifying targets before running a command is critical. Limiting changes to application data paths, such as /var/www or /srv, reduces the risk of impacting core system files.

1. Open a terminal on a Linux system with an account that has sudo access.
2. Display existing users to identify the correct owner account.

   $ getent passwd
   root:x:0:0:root:/root:/bin/bash
   daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
   www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
   user:x:1000:1000:user,,,:/home/user:/bin/bash
   ##### snipped #####

   The getent command queries the system user database so the correct owner account can be selected.

3. Display existing groups to find the appropriate group for the files.

   $ getent group
   root:x:0:
   www-data:x:33:
   sudo:x:27:user
   user:x:1000:
   ##### snipped #####

   Group entries determine which group should own shared resources, such as www-data for web content.

4. Check the current ownership of a specific file or directory.

   $ stat -c "%U:%G" /var/www/html/index.html
   root:root

   The stat utility prints ownership in user:group format for the given path.

5. Change the owner of a file while keeping the existing group.

   $ sudo chown www-data /var/www/html/index.html

   Supplying only a user name to chown updates the file owner and leaves the group unchanged.

6. Verify the updated owner and group of the file.

   $ stat -c "%U:%G" /var/www/html/index.html
   www-data:root

7. Change only the group of a file or directory.

   $ sudo chgrp www-data /var/www/html/index.html

   The chgrp command targets just the group field, which is useful when group membership changes but user ownership should remain.

8. Change both the owner and group of a directory itself.

   $ sudo chown www-data:www-data /var/www/html/

   Providing user:group to chown updates both ownership fields for the specified path without affecting its contents.

9. Change both owner and group for all items directly inside a directory.

   $ sudo chown www-data:www-data /var/www/html/*

   A wildcard pattern applies ownership changes to the immediate contents of /var/www/html but does not recurse into nested subdirectories.

10. Change ownership recursively for all files and subdirectories under a path.

    $ sudo chown --recursive www-data:www-data /var/www/html/

    Running a recursive ownership change on an incorrect path, such as / or /etc, can break services or expose sensitive data; the directory path should be double-checked before using this command.

11. Confirm the new ownership for the directory and its contents.

    $ ls -l /var/www/html/
    total 20
    drwxr-xr-x 2 www-data www-data  4096 Jan 24 09:58 css
    -rw-r--r-- 1 www-data www-data 10918 Jan 23 19:57 index.html
    drwxr-xr-x 2 www-data www-data  4096 Jan 24 09:57 js