FixPedia
Linux

Linux Permissions: Complete Guide to chmod and chown

This guide thoroughly explains Linux permission structure. You'll learn to check, interpret, and modify permissions using chmod and chown. Gain confidence in securing your file system.

Updated at February 17, 2026
15-30 min
Easy
FixPedia Team
Применимо к:Ubuntu 20.04+CentOS 7+Debian 10+Fedora 35+

Introduction / Why This Matters

Linux is a multi-user system where every file and directory has an owner and a group. Access permissions control who can read, modify, or execute files. Understanding permissions is critical for security, preventing "Permission denied" errors, and ensuring services run correctly. After this guide, you'll be able to confidently set permissions for any scenario.

Prerequisites / Preparation

Before you begin, ensure you have:

  • Access to a Linux terminal (locally or via SSH).
  • Basic command-line navigation knowledge.
  • For operations changing ownership or special bits, superuser privileges (sudo) are required.

Step 1: Permission Basics: Owner, Group, Others

Every file and directory in Linux has three user categories:

  • Owner (user) — the user who created the object.
  • Group (group) — users belonging to the object's group.
  • Others (others) — all other system users.

For each category, three types of actions can be set:

  • r (read) — read file contents or list directory contents.
  • w (write) — modify a file or create/delete files in a directory.
  • x (execute) — run a file as a program or enter a directory (for cd).

Step 2: How to Read Permissions: The ls -l Command

To view permissions, run:

ls -l filename

Example output:

-rwxr-xr-- 1 alice developers 4096 Feb 17 10:00 script.sh

Decoding the first 10 characters:

  • - — object type (- file, d directory, l symbolic link).
  • rwx — owner permissions (alice: read, write, execute).
  • r-x — group permissions (developers: read and execute).
  • r-- — others permissions (read-only).

Step 3: Permission Types: Read, Write, Execute

  • Read (r): for a file — view contents; for a directory — list files (ls).
  • Write (w): for a file — modify contents; for a directory — create, delete, rename files (requires x on the directory as well).
  • Execute (x): for a file — run as a program; for a directory — enter (cd) and access metadata.

Step 4: Changing Permissions with chmod

The chmod command changes permissions. There are two modes:

Numeric (Octal)

Each category corresponds to a three-bit number. Permissions are summed: r=4, w=2, x=1. Example: rwx = 7, rw- = 6, r-x = 5, r-- = 4. Setting rwxr-xr-x (755):

chmod 755 script.sh

Symbolic

Syntax: chmod [who][operator][permissions]

  • who: u (owner), g (group), o (others), a (all, default).
  • operator: + (add), - (remove), = (set exactly).
  • permissions: r, w, x, s (setuid/setgid), t (sticky bit).

Examples:

chmod u+x script.sh    # Add execute for owner
chmod g-w script.sh    # Remove write for group
chmod o=r script.sh    # Set read-only for others
chmod a+x script.sh    # Add execute for all

Step 5: Changing Owner and Group: chown and chgrp

To change the owner, use chown:

sudo chown new_owner filename

To change both owner and group:

sudo chown new_owner:new_group filename

Group only:

sudo chgrp new_group filename
# or
sudo chown :new_group filename

These commands require superuser privileges.

Step 6: Special Bits: setuid, setgid, and Sticky Bit

Beyond rwx, there are special bits:

  • setuid (4000) — the file executes with the owner's privileges, not the current user's. Used for programs like passwd.
    sudo chmod 4755 /usr/bin/passwd

    In ls -l, it appears as rwsr-xr-x (s instead of x for owner).
  • setgid (2000) — for a file: execute with the group-owner's privileges; for a directory: new files inherit the directory's group.
    sudo chmod 2770 directory

    Appears as rwxrwsr-x (s for group).
  • sticky bit (1000) — on directories: only the file owner can delete/rename it, even if others have w on the directory. Example: /tmp.
    sudo chmod 1777 /tmp

    Appears as rwxrwxrwt (t instead of x for others).

Step 7: Extended Permissions: ACL

Standard permissions are sometimes insufficient. POSIX ACL allows setting permissions for specific users or groups outside the main categories.

Set permissions for a user:

sudo setfacl -m u:username:rwx filename

Remove:

sudo setfacl -x u:username filename

View:

getfacl filename

In ls -l, ACL is indicated by a + at the end of the permission string (e.g., -rwxr-xr--+).

Verifying Changes

After making changes, check permissions with ls -l. For ACLs, use getfacl for detailed viewing. Ensure the permission string (or ACL) matches expectations.

Common Issues

  • Permission denied when running a command: insufficient privileges (requires sudo) or attempting to execute a file without x.
  • Permissions lost during copy: cp resets permissions by default. Use cp -p to preserve them.
  • Incorrect numeric mode: remember each digit is a separate category. chmod 777 gives full access to everyone — a dangerous practice.
  • setuid/setgid reset: when using symbolic mode without u+s/g+s, special bits may be cleared. Use numeric mode or explicitly specify u+s.
  • ACL not working: the filesystem must be mounted with the acl option (e.g., for ext4 in /etc/fstab). Check with mount | grep / or tune2fs -l /dev/sdX | grep 'Default mount options'.

F.A.Q.

What are bit permissions in Linux?
How to change a file's owner in Linux?
What are setuid, setgid, and sticky bit?
How to check current file permissions?

Hints

Check current file permissions
Decoding the permission string
Changing permissions with chmod (numeric mode)
Changing permissions with chmod (symbolic mode)
Changing file owner and group
Working with extended ACL

Did this article help you solve the problem?

FixPedia

Free encyclopedia for fixing errors. Step-by-step guides for Windows, Linux, macOS and more.

© 2026 FixPedia. All materials are available for free.

Made with for the community