FixPedia
Linux

Managing User Permissions in Linux: A Step-by-Step Guide

This guide thoroughly explains how to manage user permissions in Linux. You'll master commands like chmod and chown, and learn to work with groups to control resource access.

Updated at February 16, 2026
10-15 min
Medium
FixPedia Team
Применимо к:Ubuntu 20.04+Debian 10+CentOS 7+Fedora 30+

Introduction / Why This Matters

User permissions in Linux are a fundamental mechanism for controlling access to files and directories. In multi-user systems, they ensure that only authorized users can read, modify, or execute specific resources. Without proper permission configuration, you risk data leaks, unauthorized changes, or service failures. This guide will help you master the chmod, chown commands, and group management to confidently configure your system's security.

Prerequisites / Preparation

Before you begin, ensure you have:

  • Access to a Linux terminal (physical machine, virtual environment, or WSL).
  • Basic command-line skills (navigation, file editing).
  • Superuser privileges (sudo) for operations requiring changes to ownership or system files.
  • Understanding of the filesystem structure (e.g., /home, /etc, /var).

💡 Tip: If you're new, practice on test files in your home directory to avoid accidentally disrupting the system.

Step 1: Understanding Current Permissions

First, you need to find out what access permissions are already set. Use the ls -l command for a detailed file list:

ls -l /path/to/directory

The output will look something like this:

-rwxr-xr-- 1 alice developers 2048 Feb 16 10:30 script.sh
drwxrwx--- 2 bob users      4096 Feb 16 10:35 shared_folder

Let's break down the first line:

  • The first character (- or d): file type (- is a regular file, d is a directory).
  • The next 9 characters: permissions for the owner (first 3), group (next 3), and others (last 3).
    • r — read (4), w — write (2), x — execute (1), - — no permission.
    • For example, rwx = 7 (4+2+1), r-x = 5 (4+0+1), r-- = 4 (4+0+0).
  • Following that are the number of links, owner (alice), group (developers), size, date, and filename.

Step 2: Changing Permissions with chmod

The chmod command changes access permissions. There are two main modes: symbolic (letter-based) and numeric (octal).

Symbolic Mode

Specify who (u — owner, g — group, o — others, a — all) and which permissions (r, w, x) to add (+), remove (-), or set (=).

Examples:

# Add execute permission for the owner
chmod u+x script.sh

# Remove write permission for group and others
chmod go-w file.txt

# Set permissions: owner full, group and others read-only
chmod u=rwx,go=r file.txt

Numeric Mode

Each category (owner, group, others) is assigned a three-bit number, where bits correspond to rwx. The sum of values gives a digit (0-7).

Examples:

# 755: owner rwx (7), group and others r-x (5)
chmod 755 script.sh

# 644: owner rw- (6), group and others r-- (4)
chmod 644 config.conf

# 777: full permissions for everyone (not recommended for security!)
chmod 777 temp_file

⚠️ Important: Avoid 777 for important files — it allows any user to modify them, creating a vulnerability.

Step 3: Change Owner and Group with chown

If you need to change a file's or directory's owner or group, use chown. Syntax: chown [owner][:group] file.

Examples:

# Change only the owner
chown alice file.txt

# Change both owner and group
chown alice:developers file.txt

# Recursively for a directory and its contents
chown -R bob:users /shared_folder

💡 Tip: To change the group without changing the owner, you can use chgrp groupname file.

Step 4: Managing User Groups

Groups allow centralized access management for multiple users. Group management is performed as root or with sudo.

Creating and Deleting Groups

# Create a new group
sudo groupadd devteam

# Delete a group (if it's not in use)
sudo groupdel oldgroup

Adding a User to a Group

# Add a user to an additional group (without removing from current groups)
sudo usermod -aG devteam alice

# Check a user's groups
groups alice

⚠️ Important: Group changes take effect after the user logs out and back in, or restarts their session.

Step 5: Practical Examples

Example 1: Web Server Setup

For website files in /var/www/html:

# Set owner to www-data (typical for Apache/Nginx)
sudo chown -R www-data:www-data /var/www/html

# Give read permissions to all, write only to owner
sudo chmod -R 755 /var/www/html
# For upload directories (e.g., uploads), 775 allows group write
sudo chmod 775 /var/www/html/uploads

Example 2: Shared Directory for a Team

Create a /projects directory writable by all developers group members:

sudo mkdir /projects
sudo groupadd developers  # if the group doesn't exist
sudo chown :developers /projects
sudo chmod 775 /projects
# Now any user in the developers group can create files in /projects.

Example 3: Executable Script

Give only the owner execute permission for the backup.sh script:

chmod 700 backup.sh  # rwx for owner, none for group and others

Step 6: Verifying the Result

After making changes, always check permissions:

ls -l /path/to/file_or_directory

Ensure:

  • Owner and group are correct.
  • Permissions match expectations (e.g., rwxr-xr-x for executables).
  • Directories typically require x (execute) permission to access contents.

Also test functionality: try reading/modifying the file as another user (use su - username or a separate terminal).

Common Issues

"Operation not permitted" Error

Cause: insufficient privileges (not run with sudo) or file has the immutable flag (chattr +i). Solution:

# Remove immutable flag if set
sudo chattr -i file
# Run the command with sudo
sudo chmod 755 file

Permissions Not Changed After chmod

If permissions didn't change, check:

  • Command syntax (e.g., didn't confuse + and =).
  • Whether permissions are being overridden by other mechanisms (e.g., ACLs via setfacl). View ACLs: getfacl file.

User Cannot Write to Directory Despite Being in Group

Possible causes:

  • The directory's group is not the one the user was added to (check ls -ld directory).
  • The user hasn't logged out and back in since being added to the group.
  • The directory lacks group write permission (chmod g+w directory).

By default, chmod -R and chown -R do not follow symbolic links, but if links point to important files, ensure you didn't change unintended items. To affect the links themselves, use -h (for chown) or be careful with paths.

💡 Tip: For complex scenarios, use find with -exec to apply permissions precisely, e.g.:

find /var/log -type f -name "*.log" -exec chmod 640 {} \;

F.A.Q.

What's the difference between chmod and chown?
How do I grant execute permission to a script?
What does the number 755 mean in chmod?
How do I add a user to a group?

Hints

Check current permissions
Change permissions with chmod
Change owner and group with chown
Manage user groups
Practical examples
Verify the results

Did this article help you solve the problem?

FixPedia

Free encyclopedia for fixing errors. Step-by-step guides for Windows, Linux, macOS and more.

© 2026 FixPedia. All materials are available for free.

Made with for the community