Linux/Unix: chmod, chown, chgrp, umask β Control File Permissions and Ownership
Introduction β Why Learn chmod, chown, chgrp, and umask?
Linux/Unix systems are multi-user environments. Managing file access securely and effectively requires a solid understanding of permissions and ownership commands. Tools like chmod, chown, chgrp, and umask let you define who can read, write, or execute filesβand under what defaults.
In this guide, youβll learn:
- How to use
chmod,chown, andchgrpto set permissions and ownership - What
umaskis and how it sets default permissions - Examples of how to control access in real-world scenarios
chmod β Change File/Directory Permissions
Syntax:
chmod [options] mode filename
Description:
Modifies permissions for user (u), group (g), and others (o) using symbolic or numeric modes.
Numeric Examples:
chmod 755 script.sh # rwxr-xr-x
chmod 644 file.txt # rw-r--r--
chmod 700 private.sh # rwx------
Symbolic Examples:
chmod u+x filename # Add execute to user
chmod go-w file.txt # Remove write from group and others
chmod a+r notes.md # Add read permission for everyone
chown β Change File Ownership
Syntax:
chown [options] user[:group] filename
Description:
Changes the owner and optionally the group of a file.
Examples:
chown john file.txt # Change owner to john
chown john:devteam report.csv # Change owner and group
sudo chown -R root:admin /opt/app # Change recursively
Commonly used by admins for managing system/user-owned files.
chgrp β Change Group Ownership
Syntax:
chgrp [options] group filename
Description:
Changes the group assigned to a file without changing the owner.
Examples:
chgrp developers code.c
sudo chgrp -R www-data /var/www/
Use ls -l to confirm changes.
umask β Set Default File Permissions
Syntax:
umask [value]
Description:
Defines default permission “masks” for new files and directories created by a user.
Default Behavior:
| File Type | Base Permission | Umask | Final Permission |
|---|---|---|---|
| File | 666 | 022 | 644 |
| Directory | 777 | 022 | 755 |
View and Set Umask:
umask # Show current value
umask 027 # Set new umask
umask subtracts permissionsβso 022 removes write from group/others.
Real-World Use Case
Scenario:
You want to ensure scripts in /scripts are:
- Owned by user
admin - Executable by everyone
- Group-owned by
developers
Commands:
sudo chown admin scripts/myscript.sh
sudo chgrp developers scripts/myscript.sh
chmod 755 scripts/myscript.sh
Summary β Recap & Next Steps
These commands give you full control over who owns a file and who can access it. Whether setting strict security or collaborating in a team, understanding chmod, chown, chgrp, and umask ensures safe and organized permission management.
Key Takeaways:
chmodsets who can read, write, or execute files.chownchanges the file owner;chgrpsets group ownership.umaskcontrols the default permissions when new files are created.- Use numeric (
755) or symbolic (u+x) permission formats.
FAQs
What is the difference between chown and chgrp?
chown changes the owner (and optionally the group). chgrp changes only the group.
What are safe permission values for scripts?
Use:
chmod 755 script.sh
This makes it executable for all, editable only by the owner.
How do I change permissions recursively?
Use:
chmod -R 755 /var/www
What does a umask of 0022 mean?
It means new files will get 644 and directories 755. Write is removed for group and others.
Can I set permanent umask?
Yes, add umask 027 to your shellβs config file like ~/.bashrc.
Share Now :
