A comprehensive guide to understanding and managing file ownership and permission systems in Linux using commands like chmod, chown, and chgrp.
chown)chgrp)chmod)Every file in Linux has:
Permissions are divided into three categories:
| Category | Affects |
|---|---|
| User | File owner |
| Group | Users in the file's group |
| Others | All other users |
Each file or directory can have:
r (read)
w (write)
x (execute)
ls -l filename
-rwxr-xr-- 1 alice developers 1234 Jul 10 08:00 script.sh
Breakdown:
- = file type (- for file, d for directory)rwx = owner (alice) permissionsr-x = group (developers) permissionsr-- = others permissions1 = number of hard linksalice = file ownerdevelopers = group1234 = size in byteschown)Change file owner:
sudo chown newuser filename
Change owner and group:
sudo chown newuser:newgroup filename
Recursive ownership change:
sudo chown -R user:group directory/
chgrp)Change group ownership only:
sudo chgrp groupname filename
Recursive:
sudo chgrp -R groupname directory/
chmod)Modify file permissions using:
chmod u+x script.sh # Add execute for owner
chmod g-w file.txt # Remove write from group
chmod o=r file.txt # Set read-only for others
chmod a+x runme.sh # Add execute to all
chmod u+rwx,g+rx,o-r file.txt
| Value | Permission |
|---|---|
| 0 | --- |
| 1 | --x |
| 2 | -w- |
| 3 | -wx |
| 4 | r-- |
| 5 | r-x |
| 6 | rw- |
| 7 | rwx |
chmod 755 script.sh # rwx for user, rx for group and others
chmod 644 notes.txt # rw for user, r for group and others
umask defines the default permission mask for new files/directories.
umask
umask 022
# New files will be 644, directories 755
chmod u+s /path/to/file
Example:
ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root ...
chmod g+s /project/shared
chmod +t /tmp
drwxrwxrwt 10 root root 4096 /tmp
ACLs provide fine-grained permissions beyond traditional rwx.
getfacl filename
setfacl -m u:john:rwx file.txt
setfacl -d -m g:developers:rw /project
setfacl -x u:john file.txt
Used for multi-user environments like /tmp.
chmod +t /shared
Prevents users from deleting each other’s files in that directory.
777 on scripts and web directories.chown to assign proper file ownership after copying or extracting.find, ls -l, or getfacl.| Task | Command Example |
|---|---|
| View permissions | ls -l |
| Change file owner | chown user file.txt |
| Change owner & group | chown user:group file.txt |
| Change group only | chgrp group file.txt |
| Change permissions (symbolic) | chmod u+x file.sh |
| Change permissions (numeric) | chmod 755 file.sh |
| Recursively change permissions | chmod -R 755 /myfolder |
| View default umask | umask |
| Set special permission bits | chmod u+s file, chmod g+s dir |
| View ACL | getfacl file.txt |
| Modify ACL | setfacl -m u:john:rw file.txt |
| Sticky bit for shared dir | chmod +t /shared |
✅ This guide helps you understand how Linux handles file access, and how you can secure your systems using built-in tools like chmod, chown, ACLs, and sticky bits.
# Example: Secure a web directory
sudo chown -R www-data:www-data /var/www/html
sudo chmod -R 755 /var/www/html