Understanding user permissions and ownership in Linux is fundamental for ensuring system security and proper access control. In this blog, we explore two crucial commands: chmod and chown. We'll break down how they work, give practical examples, and highlight key differences to strengthen your command-line proficiency.
Introduction to Permissions
In Unix/Linux systems, file and directory permissions control who can access or modify resources. Each file has three distinct permission sets: owner, group, and others. Each set can allow read, write, and execute.
The chmod Command
The chmod (change mode) command alters permissions of a file or directory, defining who can read, write, or execute it.
Permission Triplets
Each file has three permission triplets (user/group/others), each containing:
- Read (r) – view contents
- Write (w) – modify contents
- Execute (x) – run as a program (or enter a directory)
Example Long Listing
-rw-r--r--
Breakdown:
rw-(owner): read + writer--(group): readr--(others): read
Symbolic Mode Changes
Use u, g, o, or a (all) with +, -, =:
chmod u+r file.txt # Add read for owner
chmod g-w file.txt # Remove write for group
chmod o=x file.txt # Set execute only for others
chmod ugo=rwx file.txt # Explicitly give all full perms
chmod a-x script.sh # Remove execute for everyone
Numeric (Octal) Mode
Permissions map: r=4, w=2, x=1. Sum per triplet:
chmod 755 run.sh # rwx r-x r-x
chmod 744 notes.md # rwx r-- r--
chmod 644 notes.md # rw- r-- r--
Common combos:
- 777: rwx / rwx / rwx (rare; avoid for security)
- 755: rwx / r-x / r-x (executables, directories)
- 644: rw- / r-- / r-- (text files)
- 600: rw- / --- / --- (private secrets)
Making Scripts Executable
chmod +x deploy.sh # Add execute for current script (affects all classes missing it)
chmod u+x deploy.sh # Only owner execute
chmod 750 deploy.sh # Owner full, group read/execute, others none
Recursive Changes (Be Careful!)
chmod -R 755 public_html/
Avoid blindly applying recursive writes/execution to files that shouldn't be executable.
Tip: Use
findfor finer control:
find project -type d -exec chmod 755 {} +
find project -type f -exec chmod 644 {} +
The chown Command
The chown (change owner) command modifies the ownership (user and/or group) of files and directories.
Basic Patterns
chown user file # Change owner
chown :group file # Change group only
chown user:group file # Change both
chown -R user:group dir/ # Recursive
Practical Examples
chown www-data /var/www/index.html
chown :developers app.log
chown root:root /usr/local/bin/tool
Ownership Strategy Tips
- Keep application directories owned by a deploy/system user, not
root. - Use a shared group for collaborative write access (e.g.,
developers). - Avoid granting blanket write privileges to
others—prefer groups.
chmod vs chown Differences
| Aspect | chmod (Permissions) | chown (Ownership) |
|---|---|---|
| Purpose | Change access bits (r,w,x) | Change file owner and group |
| Affects security | Yes (who can act) | Yes (who is treated as owner/group) |
| Recursive flag | -R | -R |
| Typical use | Adjust modes post-deploy | Fix ownership after copy/extract |
| Dangerous misuse | Over-permissive (e.g., 777) | Wrong owner breaking service access |
Short vs Long Options
Some utilities support both short and long forms; many core chmod/chown options use only short flags, but conceptually:
| Form | Meaning Example | Sample (if supported) |
|---|---|---|
| Short | Concise | chmod -R 755 directory |
| Long | More explicit | chmod --recursive 755 directory |
Not all platforms ship long-form aliases for these; rely on short flags for portability.
Quick Reference Tables
chmod Symbolic Cheatsheet
| Symbolic Command | Effect |
|---|---|
chmod u+r file.txt | Add read for owner |
chmod g-w file.txt | Remove write for group |
chmod o+x file.txt | Add execute for others |
chmod ugo=rwx file.txt | All full permissions |
chmod a-w file.txt | Remove write for everyone |
Permission Numeric Map
| Octal | Meaning |
|---|---|
| 7 | rwx |
| 6 | rw- |
| 5 | r-x |
| 4 | r-- |
| 0 | --- |
chown Commands
| Command | Effect |
|---|---|
chown john file.txt | Owner → john |
chown :developers file.txt | Group → developers |
chown john:developers file.txt | Owner john, group developers |
chown -R john:developers directory | Recursive ownership change |
Common Pitfalls
- Using
sudo chmod -R 777— overexposes system/data. - Forgetting group membership; use
idto verify. - Setting execute bit on non-executables (clutters intent).
- Changing ownership inside mounted volumes (containers) where host UID/GID mismatch matters.
Hardening Pattern Example
# Directories: 755, Files: 644, Sensitive config: 600
find /srv/app -type d -exec chmod 755 {} +
find /srv/app -type f -exec chmod 644 {} +
chmod 600 /srv/app/.env
chown -R appuser:appgroup /srv/app
Conclusion
Mastering chmod and chown gives you precise control over security and collaboration. Apply least privilege, prefer groups over broad others access, and audit recursively applied changes. With these patterns, you can confidently manage Linux file access.
Have a follow‑up question? Drop it in the comments and I can extend this guide (e.g., into ACLs or setuid bits).