Understand The Role Of File Ownership And Permissions In Linux
Linux is a powerful multi-user system, and permissions are the gatekeepers that control who can access or modify files. This guide will break down everything about Linux permissions and how to manage them using
chmod– change file mode (permissions)chown– change file ownershipchgrp– change file group
Understanding Linux Permissions
Each file or directory has 3 types of permissions for 3 categories of users:
Categories:
u – user (owner)
g – group
o – others
a – all (u+g+o)
Permissions:
r – read (4)
w – write (2)
x – execute (1)
1.What is chmod?
The chmod (short for change mode) command in Linux is used to modify the permissions of files and directories. It helps control who can read, write, or execute a file.
Note: Only the file owner or a superuser (root) can change the file or directory permissions.
Two Ways to Use chmod
There are two main ways to change file/directory permissions with chmod:
Octal Number Representation
Symbolic Representation
1. Octal Number Representation
This is a numeric method of setting permissions using three digits:
Each digit represents permission for:
- Owner(user) , Group , Others
Each permission is assigned a number:
r(read) = 4 ,w(write) = 2 ,x(execute) = 1
Just add the numbers based on the permissions you want:
| Permission | Value |
| No permission | 0 |
| Execute only | 1 |
| Write only | 2 |
| Write + Execute | 3 |
| Read only | 4 |
| Read + Execute | 5 |
| Read + Write | 6 |
| All (rwx) | 7 |
Example:
chmod 755 myfile
This sets:
Owner (
7 = rwx) → Has full access:Group (
5 = r-x) → Can read and execute, but cannot modify the file.Others (
5 = r-x) → Same as the group: read and execute only.
If you need to apply permission to a file, you can use like this .
Step 1: Create a File and Check Its Permissions
Let’s say you have a file called file.txt default permissions (typically rw-r--r--, or 644
-rw-r--r--
These are divided into 3 groups:
User (owner) – can read and write (r+w) = 6
Group – can read (r)= 4
Others – can read (r)= 4
So the owner can edit it, but others can only read.
File Permissions: How to Restrict Access
You can control what each user can do (read, write, execute) using permission bits:
| Permission Code | Owner | Group | Others | Meaning |
777 | rwx | rwx | rwx | Full access to everyone |
755 | rwx | r-x | r-x | Only owner can write |
700 | rwx | --- | --- | Only owner has any access |
644 | rw- | r-- | r-- | Only owner can write |
444 | r-- | r-- | r-- | No one can write |
000 | --- | --- | --- | No access at all |
Step 2: Make it Read-Only for Everyone ( No one can write)
Let’s say you don’t want anyone (even yourself) to write to it.
chmod 444 file.txt
-r--r--r--
Owner: read-only
Group: read-only
Others: read-only
The -r--r--r-- permission setting ensures that everyone has read-only access to the file, meaning no one (not even the owner) can modify it.
Try to edit:
You’ll see: Permission denied ❌
This completely locks the file from being modified, even by the owner, unless they change the permissions again.
Step 3: Give Write Access Back to the Owner ( Only owner can write )
Now let’s say you want to be able to edit it again.
chmod 644 file.txt
This permission setting (-rw-r--r--) means:
-rw-r--r--
Owner has read and write (
rw-) permissions.Group has read-only (
r--) permissions.Others (everyone else) also has read-only (
r--) permissions.
Now (the owner) can write to it again, but others still can’t.
Step 4: What If You Remove Your Own Read Access?
Now the owner can only write, but not read. You might not even be able to open the file properly.
chmod 244 file.txt
The permission setting --w-r--r-- means:
Owner has write-only (
-w-) permissions.Group has read-only (
r--) permissions.Others (everyone else) also has read-only (
r--) permissions.
What happens:
You have write access, but you cannot read it (e.g., using
cat file.txtor opening it in a text editor).You’ll get a "Permission denied" error when trying to read
- This shows that even the owner must have permission to access the file.
Note : Permissions must be planned — changing one can impact access for everyone, even yourself. So if you change something, the entire access model can change, and you need to reassign them carefully.
Step 5: Running a Script File
Let’s say you a script: one.sh with default permissions (typically rw-r--r--, or 644), which means:
Read/write for the owner
Read-only for group and others
No execute permission for anyone
So when you try to run it with: ./one.sh, you get a "Permission denied" error because there are no execute permissions.
Step 6: Add Execute Permission
chmod 744 one.sh
7for user =r(4) +w(2) +x(1) → full permissions4for group =r(read only4for others =r(read only)
Now run it with: ./one.sh, and it will no longer show "Permission denied."
After changing the permission to
744, only the user (owner) can run the script. Group and others can only read it, not execute.If you want everyone (owner, group, and others) to read, write, and execute the script, you can change the permission to
777.Full access to everyone :
-rwxrwxrwx
**Note :**But be careful (777 ) this is not safe for important files.
Step 7 :Change All .txt Files at Once
Let’s say you want to make all text files in a folder fully accessible:
chmod 777 *.txt
This command changes all files ending in .txt to full access (read/write/execute) for everyone.
2. Symbolic Representation
In Unix-like systems, file permissions are represented using symbolic notation, which provides a more human-readable way to set and modify file permissions compared to numeric notation.
Understanding Symbolic Representation
Each file's permissions are divided into three groups:
Owner (u) – The user who owns the file.
Group (g) – Users who are part of the file’s group.
Others (o) – Everyone else.
All users (a) – Applies to owner, group, and others.
Each group can have the following permissions:
Read (
r) – Allows viewing the file contents.Write (
w) – Allows modifying the file.Execute (
x) – Allows executing the file.
1. How to Add Permissions
You can use the chmod command with symbolic notation to grant permissions:
Let's say you have a file named data.txt with default permissions (typically rw-r--r--, or 644).
- Add
execute (x)permission for the owner:
chmod u+x data.txt
The x (execute) permission has been added for the owner (rwx).
Add
write (w)permission for group :Grants write (
w) permission to the group, meaning members of the group can now modifydata.txt.
chmod g+w data.txt
Now the group has both read (r) and write (w) permissions.
Add
write (w)permission othergrants write (
w) permission to others, meaning everyone can now modifydata.txt.
chmod o+w data.txt
Now, everyone has both read (r) and write (w) permissions.
2. How to Remove Permissions
Similarly, you can revoke permissions using chmod:
Remove execute (x) permission for the owner:
chmod u-x data.txt
Removes the execute (x) permission from the owner, meaning they can no longer run the file as a program.
Remove read (r) permission for the group:
chmod g-r data.txt
removes read (r) permission for the group, meaning members of the group can no longer view the contents of data.txt.
Remove all permissions from others:
chmod o-rwx data.txt
removes all permissions (read r, write w, and execute x) from others, meaning they can no longer access data.txt in any way.
3. Setting Multiple Permissions at Once
You can combine multiple permissions:
- Grants read (
r) and execute (x) permissions to the owner, group, and others.
chmod ugo+rx data.txt
Now, the user and group have all permissions, while others have read and execute permissions for the file data.txt.
4. Understanding File Permission Modifiers in chmod
Using different modifiers in the chmod command helps manage file permissions effectively:
=(Equals) → Resets all permissions for the specified class and applies only the given permissions.+(Plus) → Adds the specified permissions without altering existing ones.-(Minus) → Removes the specified permissions but keeps the rest unchanged.
Using = in chmod is like erasing the old permissions for that class and writing only what you tell it.
chmod u=x,g=rw,o=w hello.sh
This overrides permissions for each class:
u=x → User gets only execute
g=rw → Group gets read and write
o=w → Others get write only
chmod u=rwx,o=w demo.txt
u=rwx → User gets read, write, and execute
o=w → Others get write-only
g (group) is not mentioned, so its permissions remain unchanged
= replaces all permissions for that class — it overrides, not just adds.
Example: chmod u=r hello.sh
First, it removes all existing user permissions and then sets the user’s permissions to read only. This means the write and execute permissions for the user are removed, while the group and others' permissions remain unchanged. Only the permissions you specify in the command are applied.
2. Linux File Ownership: How chown and chgrp Work
In Linux, every file and directory has an owner and a group. This is part of the Linux permission system that controls who can read, write, or execute a file.
Understanding and using chown and chgrp helps you manage permissions and security on your system properly.
What Are Owner and Group?
Each file or folder has:
Owner: A user who owns the file (usually the creator). By default, the user who creates a file or directory becomes its owner, and they have full control over it.
Group: A group of users who may also have access.. Managing users in a multi-user environment involves creating separate groups (e.g., dev team, QA team, sysadmin team). Group membership simplifies permission management.
To view all groups, check the contents of
/etc/group.
To View Owner and Group of a File or Directory
Use the
ls -lrthcommand:
1st
ec2-user1st is the owner2nd
ec2-useris the group
You Need sudo to Change Ownership
Only the root user or someone with sudo access can change the owner of a file.
Changing the group may also require sudo, depending on your permissions.
1. chown – Change Owner
sudo chown root filename
Changes the owner only.
sudo→ Run the command as superuser (required to change ownership to another user)chown→ Stands for change ownershiproot→ The new owner of the fileIt changes the ownership of the file from the current owner (e.g.,
ec2-user) to therootowner.
2. chgrp – Change Group Only
Basic Usage:
sudo chgrp root filename
Use this if you only want to change the group, not the owner
It changes the group ownership of the file from the current group (e.g., ec2-user) to the root group.
Before, we changed the owner, so now it shows group root and owner root.
3.Owner and Group Together:
sudo chown root:root filename
Changes both owner and group.
sudo→ You need superuser privileges to change ownership to another user or group.chown→ Change ownershiproot:root→ Set both owner and group toroot
Recursive (for directories):
sudo chown -R root:root devops123/
Changes ownership of the folder and all its contents.
sudoYou need superuser privileges to change ownership to another user or group.chownis the command used to change the ownership of files or directories.The
-Roption stands for "recursive", which means the command will apply not only to the directory itself (devops123/) but also to everything inside it — all subfolders and files.root:roottells the system to change both the owner and the group toroot.devops123/is the directory you are targeting.
The devops123/ folder and everything inside it was owned by ec2-user.
After using sudo chown -R root:root devops123/, the entire folder, its files, and all subdirectories were transferred to root.
This means only the root user can now make changes — regular users like ec2-user can read, but cannot write or delete unless they use sudo.
3.echo command
The echo command in Linux is used to display text or variables in the terminal. It’s commonly used in shell scripts and command-line operations.
Creating the file with the echo command
echo "Hello DevOps Team!" > greetings.txt
- This will create a file called
greetings.txtwith the content
To append to a file instead of overwriting, use >>
echo "Welcome to the project." >> greetings.txt
This adds "Another line" to the existing greethings.txt file.
4. diff Command
The diff command is used in Unix-like operating systems to compare two files line by line. It helps identify differences between them by displaying added, removed, or changed lines.
We'll make file1.txt and file2.txt with both matching and different lines.
Contents of file1.txt
Hello DevOps
Welcome to Linux
This is file one
We are learning shell scripting
Linux is powerful
Automation saves time
Docker is lightweight
End of file
Contents of file2.txt
Hello DevOps
Welcome to Linux world
This is file two
We are learning shell scripting
Linux is awesome
Automation saves time
Kubernetes manages containers
End of file
Now compare them:
diff file1.txt file2.txt
diff -y file1.txt file2.txt
What Does This Mean?
2,3c2,3
- Lines 2 and 3 in
file1.txtwere changed to become lines 2 and 3 infile2.txt.
From file1.txt:
Welcome to Linux
This is file one
To file2.txt:
Welcome to Linux world
This is file two
5c5
- Line 5 was changed.
From file1.txt:
Linux is powerful
To file2.txt:
Linux is awesome
7c7
- Line 7 was changed.
From file1.txt:
Docker is lightweight
To file2.txt:
Kubernetes manages containers
Summary:
The
diffcommand clearly shows what lines are different.You saw three changes: 2 lines together (2,3), then line 5, then line 7.
This is super useful for:
Code reviews
Configuration management
Debugging
Version comparison
diff -y file1.txt file2.txt
The diff -y file1.txt file2.txt command displays the differences between the two files side by side, making it easier to compare visually.
Lines with differences are marked with a
|in the middle.Identical lines appear unchanged.
This format helps you compare differences line by line with better readability.
