In order to make it easier to manage user and group permissions on files and directories, linux provides some common commands that can assign and reclaim permissions to users and groups in a more standardized way.

Change the Owner or Group of One or More Files or Directories

With the chown command, we can assign an owner or group to a file or directory.

Change Owner, Group or Both of a File or Directory

If you just want to specify the owner:

1

chown user file_for_user    # This command will only specify the owner of the file file_for_user to user

If you just want to specify the group:

1

chown :user file_for_user    # This command will only specify the group of the file file_for_user to user

Let’s create the file with the privileges of the root user, and then use the chown command to change the owner and group of the file to user: 

1
2
3
4

touch file_for_user
ll file_for_user
chown user:user file_for_user    # To the left of the colon is the owner of the file, and to the right is the group to which the file belongs
ll file_for_user
img

Create a file and change the owner and group of the file to user

Recursively Change Group of a Directory and its Subdirectories and Files

With the -R parameter provided by chown command, we can iteratively assign the same group to the directory, subdirectory, and all files in the directory: 

1
2
3
4
5

mkdir -p a/b/c/d/e
tree a
ll a && ll a/b && ll a/b/c && ll a/b/c/d
chown -R :user a    # This is equivalent to chgrp -R user a
ll a && ll a/b && ll a/b/c && ll a/b/c/d
img

Create multilevel directories and recursively change the group of the directory, its subdirectories and files to user

Change the Group of One or More Files or Directories

We can specify only the group to which the file belongs through the chgrp command: 

1
2
3
4
5

mkdir -p 1/2/3/4/5
tree 1
ll 1 && ll 1/2 && ll 1/2/3 && ll 1/2/3/4
chgrp -R user 1    # This is equivalent to chown -R :user 1
ll 1 && ll 1/2 && ll 1/2/3 && ll 1/2/3/4
img

Create multilevel directories and recursively change the group of the directory, its subdirectories and files to user

Change the Mode Bits of One or More Files or Directories

We can append, remove, or assign permission to users, groups, other people, or everyone else to read, write, or execute files or directories through the chmod command.

Let’s create a file for demonstration:

1
2

touch file_permissions
ll file_permissions
img

Create a file and list it

Change Permissions With Symbolic Mode Bits

Here is the link to Symbolic Mode Bits: 43. File Permissions

Change User Permissions With rwx 

1
2
3
4
5
6
7

ll file_permission
chmod u+rwx file_permission    # This command appends the read, write and execute permissions to the owner of the file
ll file_permission
chmod u-w file_permission    # This command removes the write permission from the owner of the file
ll file_permission
chmod u=rw file_permission    # This command assigns the read and write permissions to the owner of the file
ll file_permission
img

Change Group Permissions with rwx 

1
2
3
4
5
6
7

ll file_permission
chmod g+rwx file_permission    # This command appends the read, write and execute permissions to the group of the file
ll file_permission
chmod g-w file_permission    # This command removes the write permission from the group of the file
ll file_permission
chmod g=r file_permission    # This command assigns the read permission to the group of the file
ll file_permission
img

Change Others Permissions with rwx 

1
2
3
4
5
6
7

ll file_permission
chmod o+rwx file_permission    # This command appends the read, write and execute permissions to others
ll file_permission
chmod o-w file_permission    # This command removes the write permission from others
ll file_permission
chmod o=r file_permission    # This command assigns the read permission to others
ll file_permission
img

Change All Permissions with rwx 

1
2
3
4
5
6
7

ll file_permission
chmod a+rwx file_permission    # This command appends the read, write and execute permissions to all
ll file_permission
chmod a-w file_permission    # This command removes the write permission from all
ll file_permission
chmod u=rw,go=r file_permission    # This command assigns the read and write permissions to owner, and only read permission to group and others
ll file_permission
img

Change Permissions with Numeric Mode Bits

Here is the link to Numeric Mode Bits: 43. File Permissions

Change All Users Permissions with 7654321 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

ll file_permission
chmod 777 file_permission    # This command assigns the read, write and execute permissions to the owner, group and others of the file
ll file_permission
chmod 666 file_permission    # This command assigns the read and write permissions to the owner, group and others of the file
ll file_permission
chmod 555 file_permission    # This command assigns the read and execute permissions to the owner, group and others of the file
ll file_permission
chmod 444 file_permission    # This command assigns the read permission to the owner, group and others of the file
ll file_permission
chmod 333 file_permission    # This command assigns the write and execute permissions to the owner, group and others of the file
ll file_permission
chmod 222 file_permission    # This command assigns the write permission to the owner, group and others of the file
ll file_permission
chmod 111 file_permission    # This command assigns the execute permission to the owner, group and others of the file
ll file_permission
chmod 644 file_permission    # This command assigns the read and write permissions to the owner, and read permission to the group and others
ll file_permission
img

umask

With the umask feature, we can preset permissions for new files. The permissions for a new file are obtained by subtracting the value of umask based on the maximum permission value of 0777.

Check umask in Numeric Value

The default output for umask is numeric mode bits:

1

umask
img

Check umask in Symbolic Value

By adding the -S parameter, we can see it in symbolic mode bits: 

1

umask -S
img

Change the Value Through Numeric Mode Bits

Give No Permission to Anyone - 0777 

1
2
3
4
5

umask 0777    # This is equivalent to 777 or ugo-rwx
umask
umask -S
touch new_file_without_any_permission_num
ll new_file_without_any_permission_num
img

The file’s permission is 0000(0+0+0,0+0+0,0+0+0,0+0+0), which happens to be the result of 0777 minus 0777.

Give All Permissions to Anyone - 0000 

1
2
3
4
5

umask 0000    # This is equivalent to 000 or ugo+rwx or ugo=rwx
umask
umask -S
touch new_file_with_every_permissions_num
ll new_file_with_every_permissions_num
img

The file’s permission is 0666(0+0+0,4+2+0,4+2+0,4+2+0), which happens to be the result of 0777 minus 0111 (execute permission from owner, group and others).

Because this is a non-executable file, it is not given execution permission.

Change the Value Through Symbolic Mode Bits

Give No Permission to Anyone - ugo-rwx 

1
2
3
4
5

umask ugo-rwx    # This is equivalent to 777 or 0777
umask
umask -S
touch new_file_without_any_permission_sym
ll new_file_without_any_permission_sym
img

The file’s permission is ‑‑‑‑‑‑‑‑‑(-+-+-,-+-+-,-+-+-,-+-+-), which happens to be the result of rwxrwxrwx minus rwxrwxrwx.

Give All Permissions to Anyone - ugo+rwx or ugo=rwx 

1
2
3
4
5

umask ugo+rwx    # This is equivalent to 000 or 0000 or ugo=rwx
umask
umask -S
touch new_file_with_every_permissions_sym
ll new_file_with_every_permissions_sym
img

The file’s permission is rw-rw-rw-(-+-+-,r+w+-,r+w+-,r+w+-), which happens to be the result of rwxrwxrwx minus ‑‑x‑‑x‑‑x (execute permission from owner, group and others).

Because this is a non-executable file, it is not given execution permission.

Restore the umask Value to the Initial Value 

1
2
3

umask 0022
umask
umask -S
img

Impact on Non-Executable Files

We can create non-executable files in a number of ways, the three simplest ways are: 

1
2
3

touch touch_non_executable_file
echo '' > echo_non_executable_file
printf '' > printf_non_executable_file
img

The file’s permission is 0644(0+0+0,4+2+0,4+0+0,4+0+0), which happens to be the result of 0777 minus 0022 and 0111 (execute permission from owner, group and others).

Impact on Executable Files

To create an executable file for demonstration, we need to install a compiler called gcc to compile the C language code: 

1

yum install gcc -y

Let’s create a file called test.c:

1
2
3
4
5
6
7
8

printf '%s\n' \
'#include <stdio.h>' \
'int main()' \
'{' \
'    printf("Test! \n");' \
'    return 0;' \
'}' > test.c
cat test.c
img

Print the C code into file test.c

Let’s compile the test.c file through gcc, run it and check its permissions: 

1
2
3

gcc test.c    # By default, the executable file compiled through the gcc compiler is called a.out
./a.out    # Execute the compiled binary file
ll a.out
img

Compile the C code, run the binary file and list the program with its permissions

The binary file’s permission is 0755(0+0+0,4+2+1,4+0+1,4+0+1), which happens to be the result of 0777 minus 0022.

If No User is Specified When Setting Symbolic Mode Bits on Non-Executable Files

If no user is specified when the mode bit is specified, the newly created non-executable file is also granted write permission from the umask: 

1
2
3
4

touch new_touch_file
ll new_touch_file
chmod +rwx new_touch_file
ll new_touch_file
img

Create a new file, specify mode bits without specifying any user and list the file with its permissions

The file’s permission is 0755(0+0+0,4+2+1,4+0+1,4+0+1), which happens to be the result of 0777 minus 0022.

References 13.1 chown: Change file owner and group, 13.2 chgrp: Change group ownership, 13.3 chmod: Change access permissions, umask

Buy me a coffeeBuy me a coffee