chmod and chown in Linux: Basic Permission Management Commands

Introduction / Why This Is Needed

In Linux, every file system has a strict security model: each file and directory has an owner (user and group) and permissions (what each can do: read, write, execute). The chown (change owner) and chmod (change mode) commands are the primary tools for managing these settings. Without them, you won't be able to properly configure file access, run scripts, or protect sensitive data. This guide will teach you how to use these commands in practice.

Requirements / Preparation

1. Access to a Linux terminal (Ubuntu, Debian, CentOS, or any other distribution).
2. Basic understanding of the file system structure (what a file, directory, and path are).
3. To change the owner (chown) or permissions on files belonging to other users, you will need superuser (sudo) privileges. If you're working with your own files, sudo is not needed.
4. It's recommended to create a test directory and files to experiment without risk:

mkdir ~/test_permissions
touch ~/test_permissions/file1.txt ~/test_permissions/script.sh

Step 1: Check Current Permissions and Owner

Before making any changes, you need to understand the current state. Use the ls -l (long list) command.

ls -l ~/test_permissions/

Example output:

-rw-r--r-- 1 alex users 0 Feb 16 12:00 file1.txt
-rw-r--r-- 1 alex users 0 Feb 16 12:00 script.sh

Let's break down the line for file1.txt:

• - — type (dash = regular file, d = directory).
• rw- — owner's permissions (alex): read (r), write (w), execute (x).
• r-- — group's permissions (users): read only.
• r-- — others' permissions: read only.
• 1 — number of hard links.
• alex — owner (user).
• users — owning group.
• 0 — size in bytes.
• Then — date, time, name.

Remember: The 9 permission characters are divided into three triads: owner (user), group, others. Each triad represents rwx bits (read, write, execute), where an absent permission is replaced by -.

Step 2: Change Owner (chown)

The chown command changes the user and/or group owner of a file. Syntax:

sudo chown [user][:group] file

Example 1: Change only the owner

sudo chown bob file1.txt

After this, user bob becomes the owner of file1.txt, and the group remains users.

Example 2: Change both owner and group simultaneously

sudo chown bob:devs file1.txt

Now the owner is bob and the group is devs.

Example 3: Recursively change owner for a directory and all its contents

sudo chown -R alice:developers /home/alice/project

The -R (recursive) flag applies the change to all nested files and subdirectories.

⚠️ Important: Be careful with recursive chown on system directories (/etc, /usr). This can break the system. Always double-check the path.

Step 3: Change Permissions (chmod)

The chmod command changes permissions (rwx). There are two main methods: numeric (octal) and symbolic.

Numeric (octal) method

Each permission triad (rwx) corresponds to a number from 0 to 7, where:

• r = 4
• w = 2
• x = 1 Sum the needed bits.

Example: rwx = 4+2+1 = 7, rw- = 4+2+0 = 6, r-x = 4+0+1 = 5, r-- = 4.

Command: chmod [number] file

Examples:

chmod 755 script.sh   # Owner: rwx (7), group and others: r-x (5)
chmod 644 file1.txt   # Owner: rw- (6), group and others: r-- (4)
chmod 777 temp.log   # Everyone: rwx (use with caution!)

Symbolic method

More flexible: you add/remove/set permissions for a specific category (u=user, g=group, o=others, a=all).

Operators:

• + — add permission.
• - — remove permission.
• = — set exactly (others will be cleared).

Examples:

chmod u+x script.sh          # Add execute (x) for owner (u)
chmod go-w file1.txt         # Remove write (w) from group (g) and others (o)
chmod a=r file1.txt          # All (a) get read only (r)
chmod ug=rwx,o= script.sh    # Owner and group: rwx, others: none

The symbolic method is convenient for precise changes, while the numeric method is for quickly setting standard combinations.

Step 4: Commonly Used Permission Combinations

Know these "magic" numbers:

• 755 — standard for executables and scripts (owner can do everything, others can read and execute).
• 644 — standard for regular files (owner can read/write, others can only read).
• 700 — only the owner has full access (for confidential files).
• 777 — full access to everyone (dangerous, use only for temporary shared resources).
• 750 — owner: everything, group: read/execute, others: nothing.

Step 5: Practical Examples

Example 1: Make a script executable

chmod +x script.sh

Or numerically: chmod 755 script.sh. Now the script can be run as ./script.sh.

Example 2: Allow group write access to a shared directory

sudo chown :developers /shared_folder   # Change the owning group to developers
sudo chmod 775 /shared_folder           # Owner and group: rwx, others: r-x

Now all users in the developers group can create/delete files in /shared_folder.

Example 3: Remove read access from others for a confidential file

chmod 640 config.ini   # Owner: rw-, group: r--, others: ---

Others (not in the group) cannot see the file.

Example 4: Set the sticky bit for a shared directory (e.g., /tmp)

The sticky bit (t bit) ensures that only the file owner can delete files, even if the directory is writable by everyone.

chmod +t /shared_folder

Permissions will change to drwxrwxrwt (the t appears instead of x for others).

Verifying the Result

After each change, check:

ls -l file_or_directory

Ensure:

• Owner and group changed (after chown).
• The 9 permission characters match expectations (after chmod).

For directories with recursive changes, check several nested files.

Potential Issues

Issue 1: "Operation not permitted" with chown/chmod

Cause: You are not the file owner and aren't using sudo, or you're trying to change permissions on a file you don't own and lack CAP_CHOWN rights (typically only root has these). Solution:

• For your own files: confirm you are the owner (ls -l).
• For others' or system files: use sudo (if you have sudo rights) or contact an administrator.
• Do not change owner/permissions on system files (/bin, /etc, /usr) unless absolutely necessary.

Issue 2: Script doesn't execute despite having +x

Cause: The file system where the script resides may not support execution (e.g., mounted with noexec), or the script's first line (shebang) specifies an incorrect interpreter. Solution:

• Check if the file system is mounted with noexec (mount | grep /path).
• Ensure the script starts with #!/bin/bash (or another correct interpreter path).
• Run the script explicitly: bash script.sh (if the x bit is missing).

Issue 3: Recursive chown/chmod affected more than intended

Cause: Error in the path or forgot -R (or conversely, used -R on the wrong directory). Solution: Always verify the path before a recursive operation. To revert, use find with -exec or restore from a backup. Be careful!

Issue 4: Group doesn't change when using chown user:group

Cause: The specified group does not exist in the system. Solution: Create the group first (sudo groupadd groupname) or use an existing one (getent group to list groups).

Issue 5: After chmod 777, the file is accessible to everyone but insecure

Solution: Immediately revert to sensible permissions, e.g., chmod 755 file for executables or chmod 644 file for regular files. Avoid 777 as a permanent setting.