🛡️ Linux/Unix: chmod, chown, chgrp, umask – Control File Permissions and Ownership

🧲 Introduction – Why Learn chmod, chown, chgrp, and umask?

Linux/Unix systems are multi-user environments. Managing file access securely and effectively requires a solid understanding of permissions and ownership commands. Tools like chmod, chown, chgrp, and umask let you define who can read, write, or execute files—and under what defaults.

🎯 In this guide, you’ll learn:

• How to use chmod, chown, and chgrp to set permissions and ownership
• What umask is and how it sets default permissions
• Examples of how to control access in real-world scenarios

---

🛠️ chmod – Change File/Directory Permissions

✅ Syntax:

chmod [options] mode filename

📌 Description:

Modifies permissions for user (u), group (g), and others (o) using symbolic or numeric modes.

🔢 Numeric Examples:

chmod 755 script.sh        # rwxr-xr-x
chmod 644 file.txt         # rw-r--r--
chmod 700 private.sh       # rwx------

🧾 Symbolic Examples:

chmod u+x filename         # Add execute to user
chmod go-w file.txt        # Remove write from group and others
chmod a+r notes.md         # Add read permission for everyone

---

👤 chown – Change File Ownership

✅ Syntax:

chown [options] user[:group] filename

📌 Description:

Changes the owner and optionally the group of a file.

🧪 Examples:

chown john file.txt                # Change owner to john
chown john:devteam report.csv     # Change owner and group
sudo chown -R root:admin /opt/app # Change recursively

✅ Commonly used by admins for managing system/user-owned files.

---

👥 chgrp – Change Group Ownership

✅ Syntax:

chgrp [options] group filename

📌 Description:

Changes the group assigned to a file without changing the owner.

🧪 Examples:

chgrp developers code.c
sudo chgrp -R www-data /var/www/

🔍 Use ls -l to confirm changes.

---

🧰 umask – Set Default File Permissions

✅ Syntax:

umask [value]

📌 Description:

Defines default permission “masks” for new files and directories created by a user.

📋 Default Behavior:

File Type	Base Permission	Umask	Final Permission
File	666	022	644
Directory	777	022	755

🧪 View and Set Umask:

umask                 # Show current value
umask 027             # Set new umask

🧠 umask subtracts permissions—so 022 removes write from group/others.

---

🔐 Real-World Use Case

Scenario:

You want to ensure scripts in /scripts are:

• Owned by user admin
• Executable by everyone
• Group-owned by developers

🔧 Commands:

sudo chown admin scripts/myscript.sh
sudo chgrp developers scripts/myscript.sh
chmod 755 scripts/myscript.sh

---

📌 Summary – Recap & Next Steps

These commands give you full control over who owns a file and who can access it. Whether setting strict security or collaborating in a team, understanding chmod, chown, chgrp, and umask ensures safe and organized permission management.

🔍 Key Takeaways:

• chmod sets who can read, write, or execute files.
• chown changes the file owner; chgrp sets group ownership.
• umask controls the default permissions when new files are created.
• Use numeric (755) or symbolic (u+x) permission formats.

---

❓ FAQs

❓ What is the difference between chown and chgrp?
✅ chown changes the owner (and optionally the group). chgrp changes only the group.

❓ What are safe permission values for scripts?
✅ Use:

chmod 755 script.sh

This makes it executable for all, editable only by the owner.

❓ How do I change permissions recursively?
✅ Use:

chmod -R 755 /var/www

❓ What does a umask of 0022 mean?
✅ It means new files will get 644 and directories 755. Write is removed for group and others.

❓ Can I set permanent umask?
✅ Yes, add umask 027 to your shell’s config file like ~/.bashrc.

---

Share Now :