Skip to main content

Managing permissions in Linux

Updated this week

Introduction

Managing permissions and ownerships in Linux is critical for system security and stability. It controls who can read, write, or execute files and directories, protecting important system files from unauthorized changes.

Proper permissions prevent accidental or malicious damage, and ensure users only access what they are allowed to. Without good management, a system can easily be compromised or broken. Every file and directory in Linux has an owner, a group, and specific permissions attached to it.

Each command overview

  • ls -l – Lists files and directories with detailed information including permissions, ownership, and size.

  • chmod – Changes the permissions (read, write, execute) of a file or directory.

  • chown – Changes the owner and group of a file or directory.

  • chgrp – Changes only the group ownership of a file or directory.

  • umask – Sets default permission masks for newly created files and directories.

  • stat – Displays detailed information about a file or directory, including its permissions and ownership.

Linux permission model

The Linux permission model controls who can access and modify files and directories by setting specific rights for three categories: the owner (user), the group, and others (everyone else).

  • User (u) – The owner of the file or directory.

  • Group (g) – Users who are part of the file's assigned group.

  • Others (o) – All other users who are not the owner or in the group.

Each category can have permissions to read, write, and execute, which determine how they can interact with the file or directory. Permissions are shown using letters (r, w, x) or numbers (like 755) for quick configuration.

  • Read (r) – Allows viewing the contents of a file or listing the contents of a directory.

  • Write (w) – Allows modifying a file or adding/removing files in a directory.

  • Execute (x) – Allows running a file as a program or entering a directory to access its contents.

The “ls -l” command

To view files and folders permission in your current working directory, run the following command:

ls -l

Let’s overview our directory (the first in the list)

drwxr-xr-x 2 root root 4096 Apr 28 11:33 directory

  • d – This is a directory (if it were a file, it would show - instead).

  • rwxr-xr-x – Permissions: owner can read (r) / write (w) / execute (x); group and others can read (r) / execute (x).

  • root – Owner of the directory.

  • root – Group that owns the directory.

The “chmod” command

This is default syntax for chmod command:

chmod [option] [mode] [file/folder]

You can use options to change command’s behavior, these are the most common:

  • -v (output a diagnostic for every file processed)

  • -c (like verbose but report only when a change is made)

  • -f (suppress most error messages)

  • -R (change files and directories recursively)

Mode is the new permissions for the file or folder, which you can write in symbolic or numeric notation.

Symbolic example: chmod u+x file.txt

It will change the user (owner) now can execute the file. You can combine types and categories, for example:

chmod og-wx file.txt

Others and group can no longer write and execute the file. There’s more quick notes with the chmod:

  • Letter “a” – to use all types at once (user, group, others);

  • = – to set permissions

Numeric example: chmod 775 file.txt

It will mean user and group have full access to a file and others can only read and write.

The picture explains, you need to calculate and sum up permissions, since:

  • 4 – for read;

  • 2 – for write;

  • 1 – for execute.

If you want to give group read and write permissions and others only read access for example, you should run following command:

chmod 764 file.txt

The “chown” and “chgrp” commands

The chown command is used to change the owner and optionally the group of a file or directory. The chgrp command specifically changes only the group ownership without altering the file's owner.

Syntax:

chown [new_owner]:[new_group] file_or_directory
chgrp [new_group] file_or_directory

Few examples:

chown john file.txt – Changes the owner of file.txt to john, keeping the group unchanged.

chown john:developers file.txt – Changes the owner to john and group to developers.

chgrp developers file.txt – Changes only the group of file.txt to developers.

chown -R john:developers /var/www – Recursively changes owner and group for /var/www and everything inside it.

The “umask” command

The umask command sets default permissions for new files and directories a user creates. It is important because it automatically restricts access, preventing files from being too openly accessible by default.

Syntax

umask [permission_mask]

Examples:

  • umask 022 – New files get 644 permissions (read/write for owner, read-only for group and others); new directories get 755.

  • umask 077 – New files and directories are accessible only by the owner (no permissions for group or others).

  • umask – Shows the current umask setting.

Conclusion

Managing permissions and ownerships is a basic but critical part of Linux system administration. It ensures that only the right users can access, modify, or execute important files and directories.

Commands like chmod, chown, chgrp, and umask give you full control over file security and organization. Mastering these tools helps keep your system secure, stable, and properly managed.

Related Articles
How to Install Laravel on Ubuntu
How to Install ownCloud on AlmaLinux 9 and Rocky Linux 9
How To install Apache with Let's Encrypt on Rocky Linux 9/ AlmaLinux 9
Transferring files between servers with SCP
Basic SSH commands
Did this answer your question?