Cohort — Group Ownership, Redefined

Everything you need to manage group identity at scale

Every feature maps to a real capability in the Cohort engine. No fluff, just infrastructure-grade group assignment.

🔄

Deep Reassignment Engine

Cascade group changes through every nested directory with our recursive mode. One command, infinite depth.

cohort -R staff /projects

📋

Change Intelligence™

Only surface what actually mutated. Our change-reporting mode suppresses noise and highlights the signal — perfect for audit pipelines.

cohort -c devops /var/data

📣

Full Transparency Mode

Emit a diagnostic for every single file touched. Complete observability over your group reassignment workflow, from leaf to root.

cohort -v engineering /src

🤫

Silent Operations

Suppress error noise entirely. When you need group changes at scale without the chatter, quiet mode has your back.

cohort -f deploy /releases

🔗

Symlink-Aware Targeting

Choose whether to update the symlink itself or the referent behind it. Precision control over every pointer in your file graph.

cohort -h ops /var/links

📎

Reference Cloning

Mirror the group identity of any existing file. No manual lookup, no guessing — just point to the source of truth.

cohort --reference=master.cfg /etc/app

🛡️

Root Guard™

Prevent catastrophic recursive operations on your root filesystem. Enterprise-grade guardrails baked into the core engine.

cohort --preserve-root -R staff /

🧭

Traversal Control

Fine-grained symlink traversal policies for recursive operations. Choose from command-line-only, full traversal, or zero traversal.

cohort -R -L team /opt

Three steps to unified group identity

Select your target scope

Point Cohort at a single file, a directory, or an entire recursive tree. Our engine adapts to any scale.

Define the target group

Specify the group directly, or use reference mode to mirror an existing file's group identity — zero manual lookup required.

Execute and observe

Run with verbose, change-only, or silent mode. Get full diagnostics or pure silence — your call, your observability level.

See Cohort in action

Real operations. Real output. No smoke and mirrors.

cohort — demo

$ cohort staff /u

$ cohort -hR staff /u

$ cohort -v engineering /var/data/reports

changed group of '/var/data/reports' from admin to engineering

$ cohort --reference=/etc/defaults /var/app/config

$ cohort -cR deploy /opt/releases

changed group of '/opt/releases/v2.1' from root to deploy

changed group of '/opt/releases/v2.1/bin' from root to deploy

$ cohort --preserve-root -R staff /

cohort: it is dangerous to operate recursively on '/'

cohort: use --no-preserve-root to override this failsafe

Simple, transparent pricing

Start free. Scale when you're ready.

Starter

$0/mo

Single file group assignment
10 operations / month
Basic verbose output
Recursive mode
Reference cloning
Root Guard™

Get Started

Pro

$19/mo

Unlimited file targets
Recursive mode (-R)
Change Intelligence™ (-c)
Silent & verbose modes
Reference cloning
Traversal control

Start Free Trial

Team

$59/seat/mo

Everything in Pro
Root Guard™
Symlink-aware targeting
Full traversal control (-H -L -P)
Audit logs & SSO
Priority support

Start Free Trial

Enterprise

Custom

Everything in Team
Conditional ownership (--from)
Dedicated infrastructure
Custom SLA
Dedicated account manager
On-premise deployment

Contact Sales

What's new

New

Conditional ownership filters

Use --from to only reassign group identity when the current owner and group match your criteria. Surgical precision for large-scale migrations.

Improved

Traversal policy engine

Fine-tuned -H, -L, and -P for recursive operations. Last-specified policy now correctly takes precedence.

Fix

Root Guard™ reliability

--preserve-root now correctly intercepts edge cases involving symlinked root paths. Safer than ever.

Trusted by teams that ship

"We migrated 4,000 project directories to a new team group in under a minute. Cohort's recursive mode is an absolute game-changer for our deploys."

Elise Rivera VP of Infrastructure, ScaleForge

"Reference cloning alone saved us from maintaining a 200-line shell script. We just point at a golden config and Cohort handles the rest."

Mika Lin SRE Lead, DataMesh

"The silent mode is chef's kiss for CI pipelines. Zero noise, zero surprises. Just group identity, perfectly assigned."

Casey Thornton Solo Developer

"Root Guard saved us from a catastrophic recursive chgrp on /. This is the kind of guardrail every infrastructure tool needs."

Ingrid Sharma CTO, NullPointer Labs

Frequently asked questions

What happens if I run Cohort on a symlink? +

By default, Cohort follows the symlink and changes the group of the target file. Use the -h flag to change the symlink itself. Total control, zero ambiguity.

Is my data secure? +

Cohort operates directly on your file system with zero data exfiltration. We're SOC 2 Type II certified and GDPR compliant. Your files never leave your infrastructure.

Can I conditionally reassign groups? +

Absolutely. Our Enterprise tier unlocks --from, which lets you specify the current owner and/or group as a precondition. Only matching files are mutated.

Can I use Cohort offline? +

Cohort's core engine runs entirely on-premise, no internet connection required. License validation is cached locally for uninterrupted operation.

What's the difference between the traversal modes? +

-P (default) ignores symlinks entirely. -H traverses symlinks only if they're passed as direct arguments. -L traverses every symlink to a directory encountered during recursion. The last one specified wins.

Coming soon

Group ownership,redefined.