How to Manage File Permissions in Linux (chmod, chown, umask)

🔐 Introduction: Why File Permissions Matter

In Linux, everything is a file — and file permissions control who can read, modify, or execute those files.
Without proper permissions, your system can become either insecure (too open) or unusable (too restricted).

That’s why understanding file permissions is one of the most important skills for every Linux user and administrator.

---

📋 Viewing File Permissions

To see permissions, use the long listing format with ls -l:

ls -l

Example output:

-rwxr-xr-- 1 wang developers 2048 Oct 10 script.sh

Let’s break it down:

Section	Meaning
-	File type (- = file, d = directory)
rwx	Owner permissions (read, write, execute)
r-x	Group permissions
r--	Others (everyone else)
wang	File owner
developers	Group name

So here, the owner can read, write, and execute, the group can read and execute, and others can only read.

---

🧰 Changing Permissions with chmod

The chmod command (change mode) lets you modify file or directory permissions.

🔹 Symbolic method:

chmod u+x script.sh # Add execute permission for the user
chmod g-w report.txt # Remove write permission for the group
chmod o+r notes.txt # Add read permission for others

🔹 Numeric method:

Each permission has a numeric value:

• r = 4
• w = 2
• x = 1

So for example:

• rwxr-xr-- = 754

chmod 754 script.sh

This sets:

• User: read/write/execute
• Group: read/execute
• Others: read

---

👑 Changing Ownership with chown

The chown command (change owner) is used to modify who owns a file or directory.

chown user file
chown user:group file

Examples:

chown root /var/log/syslog
chown wang:developers project/

To apply changes recursively to all files in a directory:

sudo chown -R wang:developers /home/wang/projects

---

⚙️ Default Permissions with umask

The umask (user mask) defines the default permissions for newly created files and directories.

To view your current umask:

umask

Typical output:

0022

This means:

• Files: default 666 - 022 = 644 → rw-r--r--
• Directories: default 777 - 022 = 755 → rwxr-xr-x

To temporarily change umask:

umask 002

Now new files will be writable by the group as well (664 instead of 644).

---

🧩 Combining chmod, chown, and umask

These three commands form the core of Linux file security:

Command	Purpose
chmod	Adjust file and directory permissions
chown	Change file owner and group
umask	Define default permissions for new files

---

💡 Quick Reference Table

Permission	Symbolic	Numeric	Meaning
Read	r	4	View file contents or list directory
Write	w	2	Modify file or directory contents
Execute	x	1	Run the file (if executable)
No permission	-	0	No access

---

🔒 Best Practices

1. Follow the Principle of Least Privilege:
   Only give the necessary permissions.
2. Never use 777 on system directories:
   It gives full access to everyone — a huge security risk.
3. Use groups for collaboration:
   Assign users to groups instead of manually giving write access to each user.
4. Regularly audit file ownership:
   Use find / -user root to detect files owned by root where it’s unnecessary.

---

🧠 Practical Exercise

Try this:

1. Create a file:touch demo.txt
   
2. Set permissions to owner-read/write only:chmod 600 demo.txt
   
3. Change ownership to another user:sudo chown testuser demo.txt
   
4. Check the new settings:ls -l demo.txt
   

You’ll instantly see how ownership and permissions interact.

---

🔄 Summary

• Use chmod to control access.
• Use chown to assign ownership.
• Use umask to define default rules.

Together, they give you fine-grained control over who can do what on your system — the essence of Linux security.

---

🧭 Next Steps

Continue your Linux learning journey:

• Understanding the Linux File System: A Beginner’s Guide
• Managing Users and Groups in Linux
• Firewall Configuration with UFW and iptables

Or explore our “Linux Security Basics” book available on dargslan.com.