chgrp — Change the group ownership of a file or directory on Unix systems across all 5 shells
Equivalents in every shell
chgrp devs filechgrp devs filechgrp devs fileicacls file /grant "devs":(RX)NTFS has no Unix-style "primary group" attribute. To give a *group* access to a file, add an ACL entry for the group with `icacls` or `Set-Acl`.
icacls file /grant "devs":(RX)Same idea — add an ACL entry for the group rather than setting a single group-owner field.
Worked examples
Give group `devs` read access to a file
sudo chgrp devs file.txticacls file.txt /grant "devs":(RX)icacls file.txt /grant "devs":(RX)Recursively grant a group access to a directory tree
sudo chgrp -R devs /var/log/appicacls C:\logs\app /grant "devs":(OI)(CI)RX /Ticacls C:\logs\app /grant "devs":(OI)(CI)RX /TSetgid: new files inherit the directory’s group
chmod g+s shared/icacls shared /grant "devs":(OI)(CI)MGotchas
- `chgrp` only changes the group; use `chown user:group` to set both owner and group in one step.
- On Windows NTFS the "group that owns a file" field is vestigial (used by the deprecated SFU / SUA POSIX subsystems). Modern Windows ignores it — use ACL entries instead.
- The setgid bit (`chmod g+s` on a directory) makes new files inherit the directory’s group on Unix. Windows has no exact equivalent; use `icacls` inheritance flags `(OI)(CI)` to apply a group ACL to new children.
- Group names map to GIDs in `/etc/group`; if the group does not exist `chgrp` errors. On Windows, `icacls` resolves the group against the local SAM or Active Directory.
WSL & PowerShell Core notes
Common tasks using chgrp
- Change file permissions
Modify read/write/execute permissions on a file or directory.
- Change the group ownership of a file or directory
Reassign a file's group — for granting team-wide read/write via group permissions, for matching a service account's primary group, or for fixing post-clone permissions where the working tree is owned by the wrong group.
- Change the owner of a file or directory
Reassign a file or directory to a different user (and optionally group) — for fixing permission errors after copying files between users, after extracting tarballs as root, or when handing data over to a service account.
- Set permissions recursively on a directory tree
Apply a single permission change to a directory and every file underneath — for locking down a freshly-extracted tarball, undoing world-writable mistakes, or normalizing permissions on a copied directory.
- View ACLs and extended file permissions
Inspect the full access-control list of a file — beyond the POSIX nine-bit `rwxrwxrwx` mode — to see per-user / per-group grants, the ACL mask, default (inherited) ACLs, and the audit (SACL) entries that `ls -l` will not show.