Linux permissions control who can access files and directories and what they can do with them. This system is based on three entities (User, Group, Other) and three permission types (Read, Write, Execute).

1. chown (Change Owner)

• Changes the file owner and/or group

• Syntax: chown [user][:group] [file/directory]

• -r option: Apply changes recursively (to directories and all contents)

• Examples:

  • chown clark file.txt - Changes only the owner

  • chown clark:dev2 file.txt - Changes owner to clark AND group to dev2

  • chown -r clark:dev2 /directory/ - Changes owner/group recursively

2. chgrp (Change Group)

• Changes only the group ownership (leaves user owner unchanged)

• Syntax: chgrp [groupname] [file/directory]

• -r option: Apply changes recursively

• Example: chgrp dev2 /tmp/ops_team

3. chmod (Change Mode)

• Changes permission bits (what users can do with the file)

• Can use symbolic mode OR octal mode

• Syntax: chmod [permissions] [file/directory]

Linux divides permissions into three categories:

1. User (u): The owner of the file

2. Group (g): Users who are members of the file's group

3. Other (o): Everyone else (not owner, not in group)

Three Types of Permissions:

1. Read (r)

   • Files: View/read file contents

   • Directories: List contents of directory

   • Symbolic: r

   • Octal: 4

2. Write (w)

   • Files: Modify/edit file contents

   • Directories: Create/delete files within directory

   • Symbolic: w

   • Octal: 2

3. Execute (x)

   • Files: Run file as a program/script

   • Directories: Enter directory (cd into it)

   • Symbolic: x

   • Octal: 1

Symbolic Mode

Uses letters: r (read), w (write), x (execute)

Format: [who][operation][permission]

• Who: u (user), g (group), o (other), a (all)

• Operation: + (add), - (remove), = (set exactly)

• Permission: r, w, x

Examples:

• chmod g+w file - Add write permission for group

• chmod o-r file - Remove read permission for other

• chmod u+x,g+x file - Add execute for user and group

Octal Mode

Uses numbers 0-7 (sum of permission values)

Each permission has a value:

• Read = 4

• Write = 2

• Execute = 1

• No permission = 0

Calculate by adding values:

• 7 = rwx (4+2+1) - Full permissions

• 6 = rw- (4+2+0) - Read and write

• 5 = r-x (4+0+1) - Read and execute

• 4 = r-- (4+0+0) - Read only

• 3 = -wx (0+2+1) - Write and execute

• 2 = -w- (0+2+0) - Write only

• 1 = --x (0+0+1) - Execute only

• 0 = --- (0+0+0) - No permissions

Three digits represent: [User][Group][Other]

Examples:

• chmod 755 file - rwxr-xr-x (User: full, Group: read+execute, Other: read+execute)

• chmod 644 file - rw-r--r-- (User: read+write, Group: read, Other: read)

• chmod 600 file - rw------- (User: read+write, Group: none, Other: none)

• chmod 777 file - rwxrwxrwx (Everyone: full permissions)

When you run ls -l, you see something like:

-rw-r--r-- 1 barry ops 0 Jan 1 12:00 test1

drwxr-xr-x 2 barry ops 4096 Jan 1 12:00 ops_team

Breaking down -rw-r--r--:

• Position 1: File type

  • - = regular file

  • d = directory

  • l = symbolic link

• Positions 2-4: User permissions (rw- = read, write, no execute)

• Positions 5-7: Group permissions (r-- = read only)

• Positions 8-10: Other permissions (r-- = read only)

This equals octal: 644

Breaking down drwxr-xr-x:

• d = directory

• rwx = User has read, write, execute (7)

• r-x = Group has read, execute (5)

• r-x = Other has read, execute (5)

This equals octal: 755

Execute Permission on Directories

• Critical: Without execute (x) permission on a directory, you cannot cd into it

• Even with read permission, you can't list contents without execute

• Write permission allows creating/deleting files inside directory

Default Permissions

• Directories: Typically 755 (rwxr-xr-x)

• Files: Typically 644 (rw-r--r--)

Recursive Operations

• The -r flag applies changes to directory and ALL contents beneath it

• Example: chown -r clark:dev2 /directory/ changes ownership of directory and everything inside

Root/Sudo Privileges

• Only file owner or root can change permissions

• Need sudo for changes if you don't own the file

• Root can change ANY file's permissions/ownership

chmod o-r test2

# Result: -rw-r----- (640)

chmod 664 test1

# Result: -rw-rw-r-- (User: rw, Group: rw, Other: r)

chmod g+w,o-x ops_team

# Adds write to group, removes execute from other

chown -r clark:dev2 /tmp/ops_team

# Changes owner to clark and group to dev2 for directory and all contents

1. Three commands: chown (owner/group), chgrp (group only), chmod (permissions)

2. Three permission groups: User, Group, Other (UGO)

3. Three permission types: Read (4), Write (2), Execute (1)

4. Two notation systems: Symbolic (rwx) and Octal (0-7)

5. Permissions work differently on files vs directories

6. Execute on directories = ability to cd into them

7. Write on directories = ability to create/delete files inside

8. Use -r for recursive operations on directories

1. chown - Changes file owner and group

2. chgrp - Changes only group ownership

3. chmod - Changes file permission bits (what users can do)

Example: chown clark:dev file.txt, chgrp ops file.txt, chmod 755 file.txt

1. User (u) - The owner of the file

2. Group (g) - Users who are members of the file's group

3. Other (o) - Everyone else (not owner, not in group)

Together abbreviated as UGO. Every file has permissions for all three.

1. Read (r) - View/read file contents; list directory contents

2. Write (w) - Modify files; create/delete files in directories

3. Execute (x) - Run files as programs; cd into directories

Key: Execute on directories allows you to enter them!

• Read = 4

• Write = 2

• Execute = 1

• No permission = 0

You add these values together:

• 7 = rwx (4+2+1)

• 6 = rw- (4+2)

• 5 = r-x (4+1)

• 4 = r-- (4)

Breaking it down:

• - = Regular file (d would mean directory)

• rw- = User has read+write (6)

• r-- = Group has read only (4)

• r-- = Other has read only (4)

Octal representation: 644 Meaning: Owner can read/write, everyone else can only read

• 7 (User) = rwx = read, write, execute (4+2+1)

• 5 (Group) = r-x = read, execute (4+1)

• 5 (Other) = r-x = read, execute (4+1)

Result: -rwxr-xr-x Common use: Default for directories - owner has full control, others can read and enter

• 6 (User) = rw- = read, write (4+2)

• 4 (Group) = r-- = read only (4)

• 4 (Other) = r-- = read only (4)

Result: -rw-r--r-- Common use: Default for files - owner can edit, others can only read

Symbolic Mode: Uses letters (r, w, x) and operators (+, -, =)

• Example: chmod g+w file (add write to group)

• Example: chmod o-r file (remove read from other)

Octal Mode: Uses numbers 0-7

• Example: chmod 755 file (set exact permissions)

Both change the same thing, just different notation!

chmod g+w [filename]

Breaking it down:

• g = group

• + = add permission

• w = write

Example: chmod g+w test1 You can combine: chmod g+w,o-r test1 (add write to group, remove read from other)

chmod o-x [filename]

Breaking it down:

• o = other (everyone else)

• - = remove permission

• x = execute

Example: chmod o-x ops_team/ Important for directories - prevents others from cd-ing into it!

The -r (recursive) option applies the change to:

• The specified directory

• ALL files and subdirectories inside it

Examples:

• chmod -r 755 /directory/ - Changes permissions recursively

• chown -r user:group /directory/ - Changes ownership recursively

• chgrp -r groupname /directory/ - Changes group recursively

Critical for directories with many files!

chown [user]:[group] [file/directory]

Key: Use a colon (:) between user and group with NO SPACES

Examples:

• chown clark:dev2 file.txt - Changes owner to clark, group to dev2

• chown clark file.txt - Changes only owner to clark

• chown :dev2 file.txt - Changes only group to dev2

• chown -r clark:dev2 /directory/ - Recursive change

chown (Change Owner):

• Can change both user owner AND group

• Can change only user owner

• Can change only group (with :group syntax)

• More versatile

chgrp (Change Group):

• Changes only the group ownership

• Simpler when you only need to change group

• Cannot change user owner

Example: chgrp dev2 file.txt vs chown :dev2 file.txt (same result)

Execute permission on directories controls whether you can:

1. cd (change directory) into it - Most important!

2. Access files inside (even if you have read permission on files)

Without execute: Cannot enter the directory or access contents Example: Directory with rw- (no x) = You can see it exists but cannot cd into it

Remember: Execute doesn't mean "run" for directories, it means "enter"!

On Files:

• Modify/edit the file contents

• Cannot delete the file itself (that's controlled by directory permissions)

On Directories:

• Create new files inside

• Delete files inside

• Rename files inside

Key insight: To delete a file, you need write permission on the directory, not the file!

On Files:

• View/read the file contents

• Example: cat file.txt

On Directories:

• List the contents (filenames)

• See what files exist inside

• Example: ls directory/

Important: Read alone isn't enough for directories - you also need execute (x) to access the contents!

• d = This is a directory (not a file)

• rwx = User: read, write, execute (7) - full control

• r-x = Group: read, execute (5) - can list and enter

• r-x = Other: read, execute (5) - can list and enter

Octal: 755 Meaning: Owner can do everything, others can browse and enter but not modify

Add up the values for each group (User, Group, Other):

• r (read) = 4

• w (write) = 2

• x (execute) = 1

Examples:

• rwx = 4+2+1 = 7

• rw- = 4+2+0 = 6

• r-x = 4+0+1 = 5

• r-- = 4+0+0 = 4

• --- = 0+0+0 = 0

So rwxr-xr-- = 754 (7,5,4)

777 (or rwxrwxrwx)

• User: rwx (7)

• Group: rwx (7)

• Other: rwx (7)

Command: chmod 777 file

Warning: Generally considered insecure! Gives everyone full control. Use with caution!

700 (or rwx------)

• User: rwx (7)

• Group: --- (0)

• Other: --- (0)

Command: chmod 700 file

Use case: Private files/directories only the owner should access

Execute (x) permission is missing for your permission group (user, group, or other).

Without execute on a directory, you cannot:

• cd into it

• Access files inside it (even if you have permissions on the files)

Solution: chmod +x directory/ or chmod 755 directory/

Makes TWO changes to ops_team directory:

1. g+w - Adds write permission for group

2. o-x - Removes execute permission from other

Result: Group can now create/delete files inside; Others can no longer cd into directory

Key: Multiple changes separated by commas, no spaces!

NO! You cannot delete a group if it's currently the primary group of any user.

Solution:

1. First delete the user (or change their primary group)

2. Then delete the group

Note: You CAN delete supplemental groups without issue

ls -l [filename] or ls -ld [directory]

• ls -l - Long listing (shows permissions, owner, group)

• ls -ld - Long listing for directory itself (not its contents)

Output example: -rw-r--r-- 1 barry ops 0 Jan 1 file.txt Shows: permissions, owner (barry), group (ops)

1. The file owner - Can change permissions (chmod) but not ownership

2. Root user (superuser) - Can change ANYTHING (permissions and ownership)

3. Users with sudo privileges - Can use sudo to act as root

Examples:

• Regular user: chmod 644 myfile.txt (only if they own it)

• With sudo: sudo chown root:root anyfile.txt (can change any file)

NO DIFFERENCE - They do the exact same thing!

chmod 644 file - Octal mode

• 6 = rw- (user)

• 4 = r-- (group)

• 4 = r-- (other)

chmod u=rw,g=r,o=r file - Symbolic mode

• u=rw (user gets read+write)

• g=r (group gets read)

• o=r (other gets read)

Both result in: -rw-r--r--

The file type:

• - = Regular file

• d = Directory

• l = Symbolic link (shortcut)

• c = Character device file

• b = Block device file

Examples:

• -rw-r--r-- = Regular file

• drwxr-xr-x = Directory

• lrwxrwxrwx = Symbolic link

Method 1 (Octal): chmod 755 file

• 7 (rwx) for user

• 5 (r-x) for group

• 5 (r-x) for other

Method 2 (Symbolic): chmod u=rwx,go=rx file

• u=rwx (user gets all)

• go=rx (group and other get read+execute)

Result: -rwxr-xr-x

Files: Usually 644 (rw-r--r--)

• Owner can read/write

• Group and others can only read

Directories: Usually 755 (rwxr-xr-x)

• Owner has full control

• Group and others can read and enter

These defaults are controlled by the umask setting

640 breaks down to:

• 6 (User) = rw- = Read and write (4+2)

• 4 (Group) = r-- = Read only (4)

• 0 (Other) = --- = No permissions

String representation: -rw-r-----

Meaning: Owner can edit, group can view, others have no access

You'll get a "read-only file" warning or "Permission denied" error.

In vim/text editors: Shows "[read-only]" and won't let you save changes With commands: Error message like "Permission denied"

Solution:

• Change permissions: chmod u+w file (if you own it)

• Use sudo: sudo vim file (if you have sudo rights)

Without -r: Only changes the directory itself With -r (recursive): Changes the directory AND everything inside it (all files and subdirectories)

Example scenario:

• Directory has 100 files owned by barry:ops

• chown -r clark:dev2 /directory/ changes ownership of all 100 files + the directory in one command

• Without -r, you'd only change the directory, files stay owned by barry

Critical for mass ownership changes!

chmod u+x,g+x file or chmod ug+x file

Breaking it down:

• u+x = Add execute for user

• g+x = Add execute for group

• Can combine as ug+x = Add execute for user AND group

Alternative: chmod +x file adds execute for EVERYONE (all three groups)

764

Calculation:

• User: rwx = 4+2+1 = 7

• Group: rw- = 4+2+0 = 6

• Other: r-- = 4+0+0 = 4

Command: chmod 764 file Result: -rwxrw-r--

chmod +x file: Adds execute for ALL (user, group, AND other)

• Same as chmod a+x (a = all)

chmod u+x file: Adds execute for user ONLY

• Group and other permissions unchanged

Example:

• Starting: -rw-r--r-- (644)

• chmod +x: -rwxr-xr-x (755)

• chmod u+x: -rwxr--r-- (744)