Changing read, write and execute permissions of files or folders, and changing the owner of those elements is easy if you have the basic knowledge of how permissions work in Linux.

Table of Contents

Types of permissions

There are three types of permissions:

  • Read:
    • File: user can open and view the file.
    • Folder: user can list the files inside the folder.
  • Write:
    • File: user can modify the file.
    • Folder: user can add or remove files inside the folder.
  • Execute:
    • File: user can execute a file (e.g.: a Bash script).
    • Folder: user can access the folder.

There is also a special permission that allows to set a default user or group for future files.

Types of users

There are also three types of users:

  • Owner: the owner of the file/folder.
  • Group: A file or folder can also belong to a group. This allows to set permissions to several users inside a group.
  • Other: Rest of users.

chmod

chmod allows to set permissions on a file or folder to the owner, group and other. There are two ways for setting permissions, using numeric codes or using letters.

Setting permissions using digits

  • This is an example of using chmod with a numeric code.
    chmod 600 file.txt
    
  • First digit corresponds to owner permissions, second digit to group permissions and last digit to other users permissions.
  • Read corresponds to number 4.
  • Write corresponds to number 2.
  • Execute corresponds to number 1.
  • If you want to set read and write permissions to a file, you have to sum read number (4) and write number (2), so you need to type 6.
  • There is a four-digit code that you can use to set a default user (setuid) or group (setgid) to a folder for new files or subdirectories, in addition to the other permissions. You can also enable the ‘sticky bit’ or the restricted deletion flag. In these cases, first digit corresponds to these special permissions: 1 enables ‘sticky bit’ (only owner of the file or directory can delete a file), 2 means setgid (set group id) and 4 means setuid (set user id). Some examples:
    # Read and write permissions to owner, only read permissions to group and others
    chmod 644 file.txt
    
    # Execute, read and write permissions on a folder to owner, 
    # only execute and read for group and no permissions to others.
    chmod 750 folder/
    
    # Set default group for new files as the same as folder (you may need to be root or use sudo)
    chmod 2750 folder
    

Setting permissions with letters

  • This is an example of using chmod with letters.
    chmod u+rw file.txt
    
  • First letter refers to the user (u for owner, g for group, o for others, a for all).
  • Second character means add (+) or remove (-) a permission. You can also use = (u=rw).
  • Rest of letters refers to the permission (r for read, w for write, x for execute, s to set SUID or SGID).

Tips when using chmod

  • Add -R for changing permissions in a recursive way. Use with caution because files could require different permissions than folders.
  • Using find is a better way to set permissions recursively because you can apply permissions only to files or folders:
    # Change permissions only to folders
    find . -type d -exec chmod 700 {} \;
    
    # Change permissions only to files
    find . -type f -exec chmod 600 {} \;
    

chown

chown allows to set the owner and group of the file/folder. This is an example:

# Set user 'ricardo' to be the owner of the file
sudo chown ricardo file.txt
  • You need to use “sudo” or be a root user.
  • To change owner and group:
    sudo chown someuser:somegroup file.txt
    
  • Do it recursively:
    # Set user 'root' and group 'root' on every file inside folder, including the folder itself
    sudo chown -R root:root folder/
    

chgrp

chgrp allows to change the group of a file or folder.

sudo chgrp somegroup file.txt

Extra: umask

umask defines the default permissions for new files. Normally you don’t need to use umask because it’s easier to use chmod to change permissions after creating the file. But if you want, you can check and change the default file permissions.

Run umask -S to see default permissions:

$ umask -S
u=rwx,g=rx,o=rx

To set the default permissions or ‘mask’ (for the current user and session), run umask and the permissions, using the same syntax of the previous command.

umask 'u=r,g=r,o='
$ umask 'u=r,g=r,o='
$ umask -S
u=r,g=r,o=
$ touch test-umask
$ ls -l test-umask
-r--r----- 1 ricardo ricardo 0 sep 21 13:11 test-umask
Test with this online terminal:

If you have any suggestion, feel free to contact me via social media or email.