How to change permissions and owners in Linux using the command line

A Linux virtual private server (VPS) lets you add multiple users to simplify collaborative system management.

However, users who have full access can modify essential files and folders that affect system functionality. You must manage file permissions properly to prevent server security risks.

Linux systems provide the chmod command to change permissions. It lets you fine-tune user privileges to improve your VPS security.

In this tutorial, we will explain how to change permissions and owners in Linux using the command line utility. You will also learn the benefits of modifying user privileges, its best practices, and common issues.

A brief overview of changing file permissions and ownership in Linux:

Required KnowledgeBasic Linux command line skills, understanding of file permissions
Privileges RequiredRoot access or sudo privileges for certain operations
DifficultyIntermediate
Main GoalUsing chmod and chown commands, understanding file permissions

Why change permissions and owners in Linux

In this section, we will explore several benefits of changing file and directory permissions and ownership in Linux.

Enhance security

Changing file ownership and permissions prevents unauthorized users from modifying files that may affect security. For example, they may make dangerous changes to the SSH keys or firewall configurations.

Allowing low-level users to access high-permission accounts’ files can also lead to security breaches. They may find the superuser or root credentials to take over the entire system.

Moreover, managing permissions helps prevent accidental file system removals that can compromise your server functionality.

Control access

Limiting permissions lets you fine-tune file access control in Linux. In addition to preventing mismanagement, it helps simplify auditing as you can quickly track user activities and determine the source of unauthorized actions.

Moreover, changing permissions and ownership in Linux helps improve isolation. Team members can only work and share specific files while keeping the others secure.

Maintain data confidentiality

In multi-user environments, managing file permissions ensures data confidentiality and privacy between accounts. Allowing all users to access others’ information can lead to a high risk of insider threats like data leaks.

Changing ownership helps limit the data exposure to non-authorized users. For instance, assign the product team as the sole owner of customer data to protect sensitive information.

Meet compliance and regulatory requirements

Changing permissions and file ownership in Linux systems lets you protect users’ personal data, especially if you run an internet service. It is crucial to adhere to various data privacy laws, like the European General Data Protection Regulation (GDPR).

Other regulations, like the Payment Card Industry Data Security Standard (PCI-DSS), also mandate user accountability. Granting specific users permissions helps you verify their responsibility in running the hosted service.

How to change Linux file permissions and ownership

This section will explain file ownership and permission levels in Linux and how to assign them using Linux commands.

Before proceeding, connect to your server using an SSH client like PuTTY or Terminal.

Pro Tip

If you encounter network issues when connecting to your VPS via SSH, use Hostinger’s Browser terminal feature. It allows you to run commands on your server when the SSH port is closed.

1. Understand file permission levels

Linux systems have three permission levels for files and directories – read, write, and execute. Here are their explanations:

  • read (r) – allows users to view the content of a file or directory.
  • write (w) – lets users edit a file’s content. For directories, they can create, delete, and move files within the folder.
  • execute (x) – enables users to run a file as a script or program. Granting executable permissions over folders allows them to switch the working directory and access its extended information.

Linux also has three user classes to which you can assign the permissions:

  • owner – an individual account possessing the file.
  • group – a collection of users with the same role.
  • others – all system-wide users who are neither the owner nor a group member.

To check Linux user groups, open the group file in the /etc directory using a text editor like Nano.

List of groups and their members in the Linux group configuration file

Linux’s command line interface shows the Unix file permissions as a string of characters like the following example:

-rwxrwxrwx

The string starts with a file type signifier. A hyphen () refers to a regular file, while d represents a directory. The three-character strings are the permissions for the owner, group, and others, respectively.

If a user class doesn’t have a specific permission, a hyphen will replace the corresponding character. Consider this example:

-rwxrw-r--

The string means the owner has full permissions, while the group members can read and write the file. Since others only have r, they can read the file but not write or execute.

2. View current permissions

To check current file and subfolder permissions, navigate to the desired directory using cd. Next, run the ls command with the -l option:

ls -l

Terminal will print all the folder’s content with various information, including its permissions. Here’s an example output:

drwxrwxrwx 2 user1 admins 4096 Sep 12 04:33 config

Here’s the syntax breakdown and each column’s explanation:

  • drwxrwxrwx – the folder or file’s permissions.
  • 2 – the number of hard links or aliases for the file or folder.
  • User1 – the owner of the file.
  • admins – the group associated with the file.
  • 4096 – the file or folder’s size in bytes.
  • Sep 12 04:33 – the file or folder’s latest modification date.
  • config – the file or folder name.

3. Change file permissions with the chmod command

To change file permissions in Linux, use the change mode or chmod command. Here’s the basic syntax:

chmod [option] [mode] [file_folder_name]

Options are parameters for modifying the command behavior. Check the chmod manual page to see the complete list. Some of the commonly used options are:

  • -R – change file permissions recursively.
  • -f – suppresses error messages.
  • -v – displays information about the command execution.
  • –help – shows the chmod manual.

The mode parameter sets the new permissions for the file or folder. Use the symbolic or octal mode – they work similarly and have the same outcome.

In addition to permissions, the chmod symbolic notation uses a single character denoting the user class and operation. Here’s the list:

SymbolDefinition
uOwner
gGroup
oOthers
aAll user classes (owner, group, and others)
+Add permissions
Remove permissions
=Set permissions to the specified values

You can modify multiple user class permissions simultaneously by listing the modes separated using commas. Consider the following example:

chmod u+wx,g-x,o=r script.sh

The chmod command grants the script.sh file owner the write and execute permissions. It also removes the executable group permission and turns the file read-only for other users.

Pro Tip

If you omit the user when using the symbolic mode, the chmod command will set the permissions for all users.

Also known as the absolute mode, the chmod octal notation uses the following numbers to determine the user’s desired permissions:

NumberDefinition
4Read permission
2Write permission
1Execute permission
0Revoke access or no permissions

Add the number together to set multiple permissions. For example, 3 will make the file writable and executable. Meanwhile, 7 grants the read, write, and execute permissions.

Unlike the symbolic method, the octal notation uses the numbers’ locations to determine owner, group, and others permission settings.

The following example allows the owner and group to read, write, and execute the file while revoking other users’ access:

chmod 770 script.sh

Enable the recursive mode to apply the same permissions to all files and subfolders within a directory. For example, this command grants all users write and execute permissions for the /etc/script directory contents:

chmod -R 777 /etc/script
Terminal lists a folder's files with identical permissions

Common use cases for the Linux chmod command include restricting access to a sensitive file that affects your system functionality. It also lets you make a script executable, resolving the bash: permission denied error.

Important! When changing folder permissions, grant the user access to parent directories.

4. Manage file ownership using the chown command

By default, an owner in Linux is a file or directory creator. If the owner belongs to a Linux group, all the other members will inherit the same permissions.

The default owner permissions differ depending on your Linux distribution. Generally, the creators can read and write their files but not execute them.

Use the chown command to change the owner of a file or folder. Here’s the syntax:

chown [new owner or group] [file or directory]

For groups, start their names with a colon (:) to allow the command to distinguish it from a user account. Carefully check the capitalization since the Linux chown command is case-sensitive. The following example sets the DevOps group as the owner of the file:

chown :DevOps deploy.sh
Terminal shows the bash script file's new group owner

Changing the group ownership lets you easily manage permissions for multiple users simultaneously. Instead of granting access individually, group permissions apply to all its members.

You can also change a file’s owner and group simultaneously. To do so, add the username before the colon:

chown user:DevOps deploy.sh

Changing file or directory permissions is commonly used to enhance isolation and access control. In addition, it is useful for transferring files between users during administrative migration.

Important! Since changing a file’s ownership requires the Linux superuser privileges, use sudo when running the chown command.

Best practices for managing permissions and ownership in Linux

This section will explore best practices for Linux permissions management to help improve server administration efficiency.

Use Hostinger’s AI assistant to Write File Permission Commands

Hostinger KVM VPS hosting plans offer various features that simplify access management in Linux. For example, you can enter simple prompts into our Kodee to generate file permission commands.

This feature helps save time and effort as you can directly copy and paste the commands into your Terminal or SSH client. Moreover, it helps beginners with minimal technical knowledge to manage their servers easily.

You can enter various AI prompts for VPS management to the assistant.

For example, enter: “Generate a chmod command with a symbolic mode that gives the deploy_script.sh file owner full permissions, the group owner the write permission, and other users no permissions.”

Hostinger VPS AI Assistant provides the user a chmod command for their task

Practice the Principle of Least Privilege (PoLP)

In computer security, the PoLP principle limits user or group permissions to a minimum. It helps reduce the potential attack surface, improving server security.

Users or groups only have the necessary privileges over essential files for their roles. For example, only grant write permissions if they need to modify the file.

Do not give users excessive access to files they don’t use to prevent abuse and exploitation. Log all access permissions activity to simplify security audits in case of breaches.

Use the find command for advanced permission changes

The Linux find command lets you search for files in a directory based on specific criteria, including their permissions.

For example, run the following to find a file that the owner can read and write:

find /path/to/search -type f -perm -o=rw

The -type parameter specifies whether the command searches for files or directories. You can use either symbolic or absolute mode and specify multiple permission filters like the following:

find /path/to/search -type f -perm -u+w,g+w
find /path/to/search -type f -perm /220
The output of a find command with permission filters in Terminal

The first example uses a hyphen () to search files with write permissions for the owner and group members. Meanwhile, we use a forward slash (/) in the second example to find a file with a write permission for either the owner or group.

To automatically change permissions and ownership, add the corresponding commands with the -exec parameter:

find /path/to/search -type f -perm -o+w -exec chmod o-w {} \;
find /path/to/search -type d -perm -u+w -exec chown newowner:newgroup {} \;

Use the first command to remove write permissions from the appropriate files. Meanwhile, the second example changes the folder’s owner with write access.

Set default permissions for new files and directories

The default file permissions in Linux are 666, while directories are 777. The umask command lets you change these settings by subtracting the default octal value with a custom number.

For example, most Linux distributions’ umask value is 022. Subtract the default value with the number. In this case, new files and directories will have the permissions 644 and 755.

You can use any unmask value. For instance, run the following command to set 554 as the default permission for a new directory:

umask 223

To check the current umask value in numeric mode, run the command without any additional parameters. Alternatively, add the -S option to output the value in symbolic notation.

Terminal outputs the current umask value in symbolic and octal notation

Leverage Wildcard Characters for Bulk Changes

Use wildcards to change permissions and ownership of multiple files inside a folder based on their names.

Warning! Be careful when using wildcards to set different permissions. You may accidentally modify important files or folders, like the home directory.

The question mark (?) wildcard represents a single character. For example, run the following to change the permissions of FileA.txt and FileB.txt in your current directory:

chmod 555 File?.txt

Use an asterisk (*) to replace zero or multiple characters. The following command example changes the ownership of Deploy_jenkins.txt and Deploy_lavarel.txt to the DevOps group:

chmod :DevOps Deploy_*.txt

Troubleshooting permissions issues in Linux

The chown and chmod commands are useful for troubleshooting file permission issues in your system. For example, you may encounter the “Permission denied” error when running a bash script or an executable file.

It happens when your current user doesn’t have the execute permission. To resolve this issue, grant the account the necessary privilege using the sudo command.

Another common issue is inadequate permissions, which hinders productivity as users can’t access essential files and directories for their tasks. This can also lead to automation script errors since it requires execution permissions to run properly.

Instead of finding and changing the file’s permissions manually, use the find command to simplify the task. Also, leverage wildcards and recursive mode to speed up the process.

Conclusion

Setting permissions in Linux lets you fine-tune system access control to improve virtual private server (VPS) security and avoid unauthorized modification. It also helps maintain user data confidentiality to comply with regulations.

Files and directories in Linux have three permissions – read, write, and execute. There are also three user classes – the file owner, a group of users, and others, which refer to those users who are neither the owner nor part of a group.

Use the ls -l command to check file permissions and ownership in a directory. To change them, use chmod and write the new rules in a symbolic or numeric mode. Meanwhile, run the chown utility as a superuser to switch the file ownership to another account or group.

Combine the find command with chown and chmod to help troubleshoot your system’s permission issues, like incorrect privileges or access denied errors. To improve efficiency, leverage Kodee to generate the commands using simple prompts.

Author
The author

Aris Sentika

Aris is a Content Writer specializing in Linux and WordPress development. He has a passion for networking, front-end web development, and server administration. By combining his IT and writing experience, Aris creates content that helps people easily understand complex technical topics to start their online journey. Follow him on LinkedIn.