FixPedia
Linux

Setting Up File Permissions in Linux: A Step-by-Step Guide

Understand how Linux's permission system works and which commands to use for precise permission settings. Learn to securely manage files and directories without access errors.

Updated at April 6, 2026
10-15 min
Medium
FixPedia Team
Применимо к:Ubuntu 20.04+Debian 11+CentOS / RHEL 8+Fedora 36+

Introduction / Why This Matters

The Linux permission system is the foundation of security for both servers and workstations. Without understanding it, you'll easily encounter Permission denied errors or accidentally open configuration files to the entire server. After completing this guide, you'll be able to precisely manage who can read, modify, or execute your files using only the terminal—no third-party utilities required. You'll learn to read permissions, apply them in bulk, and automate the creation of secure objects.

Requirements / Preparation

  • Access to a terminal (locally or via SSH).
  • Superuser privileges (sudo) to modify system file permissions or change ownership.
  • Basic understanding of the Linux filesystem structure. All commands have been tested on modern distributions with kernel 5.15+.

Step 1: Analyzing Current Permissions

Before making changes, you need to understand the current state. Run ls -la in the target directory. You'll see output like:

-rwxr-xr-- 1 admin users 4096 Apr  5 14:20 report.txt

Let's break down the structure:

  • The first character: - (file), d (directory), or l (symbolic link).
  • The next 9 characters are divided into three triplets: owner permissions, group permissions, and permissions for everyone else. r means read, w means write, x means execute, and - means the permission is absent.
  • Following that are the owner name, group name, size, and modification date.

Remember: the system checks permissions strictly from left to right. Matching follows this chain: owner → group → others. If you are the owner, permissions for group and others are ignored.

Step 2: Setting Permissions with chmod

The chmod utility is used to change permissions. You can work in symbolic or numeric mode. Numeric mode is more precise and faster for batch changes. Numbers correspond to the sum of permission bits: r=4, w=2, x=1. For example, 7 (4+2+1) grants full permissions, while 5 (4+0+1) grants read and execute.

# Give owner read/write/execute, group and others only read
chmod 744 my_script.sh

# Add execute permission for owner only (symbolic mode)
chmod u+x my_script.sh

# Remove write permission from group and others
chmod go-w my_script.sh

💡 Tip: For directories, 755 is commonly set (full permissions for owner, read and execute for others), while for regular files, 644 is standard. This is an industry security best practice.

Step 3: Changing File Owner and Group

Sometimes you need to transfer a file to another user or associate it with a specific project group. Use chown (change owner) and chgrp (change group).

# Change owner to user1, leave group unchanged
sudo chown user1 file.txt

# Change both owner and group simultaneously
sudo chown user1:developers project/

# Recursively apply to all nested files and directories
sudo chown -R user1:developers /var/www/html/

⚠️ Important: The -R (recursive) flag applies changes to all nested objects. Use it cautiously in system directories like /etc or /usr to avoid disrupting the OS.

Step 4: Automating Secure File Creation

By default, Linux creates files with a specific umask. It determines which permission bits will be denied upon creation. The standard value 022 means new files get 644 permissions and directories get 755.

# Check current umask
umask

# Temporarily set a stricter umask (027 denies access to "others")
umask 027

To make the setting persist after reboot, add the line umask 022 to the end of ~/.bashrc or /etc/profile. All new sessions will inherit this rule.

Verifying the Result

After making changes, ensure the rules applied correctly. Run ls -la /path/to/file again and compare the output to your expectations. Try to open, modify, or execute the file as a test user to confirm isolation:

# Test as another user
sudo -u guest_user cat /path/to/file

If the command returns Permission denied, the protection is working. Successful text output confirms the permissions are set correctly.

Common Issues

  • Permissions don't change and Operation not permitted appears: The file may have the immutable attribute set. Remove it with sudo chattr -i file, change permissions, then reapply protection with sudo chattr +i file.
  • Changes don't apply recursively or break structure: Ensure you're using the -R flag correctly. For complex scenarios, prefer using find with the -exec flag to handle files and directories separately: find . -type f -exec chmod 644 {} +.
  • Script runs but terminal shows bad interpreter: This isn't a permissions issue but a problem with encoding or the interpreter. Check the file's first line (#!/bin/bash) and line break format (should be LF, not CRLF).

F.A.Q.

What does the 'Permission denied' error mean when running a script?
What's the difference between `chown` and `chmod`?
Is it safe to use `chmod 777` for directories?

Hints

View current permissions
Change permissions
Change owner and group
Set default umask

Did this article help you solve the problem?

FixPedia

Free encyclopedia for fixing errors. Step-by-step guides for Windows, Linux, macOS and more.

© 2026 FixPedia. All materials are available for free.

Made with for the community