How to change permissions and ownership in Linux
Properly managing Linux file permissions and ownership is essential for safety, especially when multiple administrators manage one server. Moreover, using the correct settings ensures your server can run properly.
This article will explain how to change permissions and ownership in Linux. Before that, you will learn about the structure of item permissions and ownership on Linux operating systems.
Overview of changing Linux permissions
The commands for changing file and directory permissions are the same. Here are some of the most popular ones:
- chmod +rwx item – adds read, write, and execute permissions.
- chmod -rwx item – removes all permissions from an item.
- chmod +r item – grants the read permission over an item.
- chmod -x item – prevents all users from executing the item.
You can further fine-tune the permission settings for different users. We’ll explain it more in the following sections.
Important!
If you encounter an error message about privilege when modifying permissions or ownership, start your command with sudo.
Understanding the Linux permissions model
Users and groups
Linux operating systems have three classes to which you can grant permissions and ownership:
- owner – a user that possesses the file or folder.
- group – multiple users that belong to the same category.
- others – all users who are neither the owner nor the group member.
Permission types
In Linux, files and folders have three types of permissions, each with an initial. Here’s their explanation:
- read (r) – allows users to view the content of a file or directory.
- write (w) – lets users edit a file’s content. For directories, they can create, delete, and move files within the folder.
- execute (x) – enables users to run a file. Executable permissions over a folder mean users can open it and gain access to all its data.
Viewing current permissions
Since managing permissions requires commands, open your system’s command-line interface. Use Terminal for a local computer or connect via SSH if you use a remote system like a virtual private server (VPS).
Alternatively, if you use the Hostinger VPS platform, access your system’s CLI with one click using Browser terminal. Simply open your VPS management menu on hPanel and hit the button.
To view files and folders permission in your current working directory, run the following command:
ls -l
If you want to check only a specific item, enter this command
ls -l itemname
You should see the output looks similar to the following:
drwxrwxrwx 2 user1 admins 4096 Sep 12 04:33 config
This output contains various information. However, since we want to check the permissions and ownership, let’s focus on user1, admins, config, and drwxrw-r–.
The user1 placeholder specifies the item’s owner, while admins is the Linux group the user belongs to. The item name is located at the end, which is config.
The drwxrw-r– string tells you about the item’s permission settings. Let’s break it down:
- d – the first character of the string indicates the type of the item, which can be a directory (d), a regular file (–), or a symbolic link (l).
- rwx – the second part specifies the owner’s permissions. Since we have rwx, user1 can read, write, and execute the directory.
- rw- – the third part determines the group permissions over the item. A hyphen (–) means missing permission, so the admins group members can only read and write the directory.
- r– – the fourth part defines other users’ permissions. Since we only have an r and two hyphens, others can only read the directory.
Important
The permission naming structure and order will always remain the same.
Changing permissions with chmod
To change item permissions, use the chmod Linux command. The syntax looks like the following:
chmod [option] [mode] [file_folder_name]
Option is an additional flag that modifies your chmod command behavior. You can check the complete list on the chmod manual page.
Mode is the new permissions for the file or folder, which you can write in symbolic or numeric notation. Both work the same way but have particular benefits, which we will explain in the following sections.
Symbolic mode
The symbolic method in chmod uses a single character representing the user class, permissions, and operations. Here’s the list:
Symbol | Definition |
u | Owner |
g | Group |
o | Others |
a | All user classes (owner, group, and others) |
+ | Add permissions |
– | Remove permissions |
= | Set permissions to the specified values |
r, w, x | Permissions |
The symbolic mode is more flexible and descriptive. It gives you more control when changing permissions, as you can edit specific privileges of a user class. Consider this example:
chmod u+wx,g-x,o=r script.sh
Let’s break down the symbols to understand what it does:
- u+wx – adds (+) write (w) and execute (x) permissions to the item’s owner (u).
- g-x – removes (–) the execute (x) permission over the file from the group (g).
- o=r – sets (=) other users’ (o) permissions over the item to read-only (r).
For instance, if the file’s initial permissions show as -r–rwxrwx, it will become -rwxrw-r–.
Numeric (octal) mode
The numeric mode uses three-digit numbers to determine the new permissions. The first digit represents the owner’s permissions, the second is for the owner’s group, and the third is for other users.
Here are the numbers and their definitions:
Number | Definition |
4 | Read permission |
2 | Write permission |
1 | Execute permission |
0 | No permission |
To set multiple permissions, simply add the numbers. For example, 3 (1+2) makes an item executable and writable, while 7 (1+2+4) will grant full privileges over the item.
For example, this command will set the script.sh file’s permission to -rwxrw-r–:
chmod 764 script.sh
Numerical notation is more straightforward than symbolic. However, it is less flexible as you can’t add or remove a certain permission, making it suitable for applying specific settings quickly.
Let’s say an owner can read and write an item, but you want to make it executable. With symbolic, you can add the permission using u+x. Using numerical, you must add the existing privilege again using 7 instead of only 1.
Recursive permission changes
The chmod’s -R option enables the recursive mode, which lets you set new permissions to a folder and all its content using a single command.
For example, we have a script folder containing the subscript1 and subscript2 subdirectories, as well as several .sh files. The structure looks as follows:
script/ │ ├── subscript/ │ └── script1.sh │ ├──subscript2/ │ ├── script2.sh │ └── script3.sh
Using recursive chmod, we can change permissions of all items above by simply modifying the script folder like so:
chmod -R 777 script
Changing ownership with chown and chgrp
In Linux, if you create an item, you will be its owner by default. If you belong to a group, all other members will inherit the same permissions. You can change the ownership using the chown or chgrp command.
Chown is the more common command, which lets you change the ownership to both users and groups. The syntax looks as follows:
chown [options] [user:group] [item]
For example, if you want to change the ownership of script.sh to johndoe, who belongs to the admins group, use the following command:
chown johndoe:admins script.sh
To grant ownership to a new user while keeping the current group, simply omit the group name like so:
chown johndoe script.sh
Similarly, omit the user if you wish to change an item’s ownership to another group. However, ensure to start the group name with a colon (:) similar to this:
chown :admins script.sh
The chown command also lets you add the -R option to change the item ownership recursively:
chmod -R johndoe:admins scriptfolder
Unlike chown, chgrp only lets you change an item’s ownership to another group. Here’s an example command:
chgrp admins script.sh
Special permission bits
In addition to read, write, and execute, Linux has additional permissions that give you more control over items on your system. This section will explain what they are and how to set them up.
Setuid and setgid
Set user ID (setuid) permission lets you execute a file as the owner instead of the current user. You can add it using the s character of the symbolic notation like so:
chmod u+s script.sh
For example, if root is the owner of script.sh, executing the file will run it as root even if you are logged in as another user. This behavior is useful for launching a program as a specific user, especially during automation.
Important!
Your current user who will run the program must have the execute permission over the file. You can grant it by modifying the group or other user classes.
After adding the s permission, the file owner’s privilege should show as rws. It is essentially the same as rwx, but indicates that setuid is active. The correct setuid permission might look like this:
-rwsr-xr-x
Set group ID (setgid) is similar to setuid, except it runs files using the associated group’s permissions. To grant it, use the following command:
chmod g+s script.sh
Like setuid, the account that runs the file should have the execute permission as the owner or other users. Setgid permissions might look like this:
-rwxr-sr-x
When you create a new file inside a folder with setgid, the associated group will have ownership permission over it. Typically, your group will own the new file.
Sticky bit
By default, all users with write permissions over a folder can rename and delete files inside it. This behavior is risky since they might accidentally remove important items.
Sticky bit prevents this by disallowing users to delete or rename files unless they are the owner. Setting it up won’t revoke the write permission, meaning users can modify the file’s content.
To enable sticky bit on a folder, add the t permission using the chmod symbolic mode like so:
chmod +t folder
The t permission will replace other users’ execute privileges. Here’s an example of a folder’s permission with sticky bit enabled:
drwxrwxrwt
You can also add sticky bit recursively to all subfolders and files inside a folder by adding the -R option like so:
chmod -R +t folder
Conclusion
Setting the proper permissions and ownership of items is crucial for server security and functionality. In Linux, you can grant read, write, and execute permissions to three user classes: owner, group, and others.
To change permissions in Linux, use chmod followed by the settings and items you want to modify. For the setting, use symbolic notation if you want more flexibility in changing the permissions or numerical if you want a simpler command.
Meanwhile, use chown to change an item’s ownership to another user or group. To modify the group ownership, you can also use the chgrp command.
In addition to the three permissions, Linux also has special ones. For example, setuid and setgid let you run a file as the owner or associated group. You can also add them using the chmod command.
Change permissions Linux FAQ
What command is used to change permissions in Linux?
To change a file or folder’s permissions in Linux, use the chmod command. The syntax is chmod [option] [mode] [item]. Option modifies your command behavior, mode specifies the new permissions, while item refers to the file or folder you want to modify.
How do I view the current permissions of a file?
To view the current permissions of a file, run ls -l filename, with filename being the actual name of the file you want to check. You can also run ls -l to see permissions of all files and folders in the current directory.
What does chmod stand for in Linux?
In Linux, the chmod command stands for change mode. It lets you modify a file or folder’s permission, allowing different users to read, write, or execute it.
Comments
January 26 2018
Do you mind if I quote a few of your articles as long as I provide credit and sources back to your website? My blog site is in the exact same niche as yours and my users would truly benefit from some of the information you present here. Please let me know if this ok with you. Appreciate it!
February 15 2018
Sure! You're welcome to use our articles as a reference as long as your provide the necessary sources and credit! ;)
January 26 2018
Wonderful website. Lots of helpful information here. I'm sending it to some pals and additionally sharing in social media. And obviously, thank you for your effort!
January 27 2018
Excellent post. I was checking this blog and I'm impressed! Very useful info specially the last part :) I care for such information a lot. I was looking for this particular info for a long time. Thank you and best of luck.
February 15 2018
Awesome! I'm glad to hear that you found our tutorial useful! :)
July 23 2021
The operation is not permitted because its owned by root what should I do?
September 17 2021
Hi Ethan, please make sure you're connected as root user - it looks like you might not have the appropriate rights with the current user.
April 09 2023
Hi Domantas/Team, I see there was small typo/mistake under the "Using Options with chmod and chown Commands" title. it should be either "chown -R user /etc/myfiles" or "chmod -R 755 /etc/myfiles" but that has combination of both "chown -R 755 /etc/myfiles". Please take a look and change it.
April 14 2023
Hello! Thank you for noticing. I've updated the article.