File Permissions and Ownership (chmod, chown, umask)

Category: Linux Command Basics
Type: Linux Commands
Generated on: 2025-07-10 03:06:11
For: System Administration, Development & Technical Interviews

---

File Permissions and Ownership Cheatsheet (chmod, chown, umask)

This cheatsheet provides a comprehensive guide to managing file permissions and ownership in Linux using chmod, chown, and umask. It’s designed for both beginners and experienced sysadmins and developers.

1. Command Overview

• chmod (Change Mode): Modifies the permissions of files and directories, controlling who can read, write, and execute them.
• chown (Change Owner): Changes the owner and/or group ownership of files and directories. Essential for managing access control.
• umask (User Mask): Sets the default permissions for newly created files and directories. Controls the initial access rights.

2. Basic Syntax

chmod

chmod [options] mode file(s)

• mode: Permissions to set (numeric or symbolic).
• file(s): One or more files or directories to modify.

chown

chown [options] user[:group] file(s)

• user: The new owner.
• group: The new group (optional).
• file(s): One or more files or directories to modify.

umask

umask [options] [mask]

• mask: The octal mask value (000-777). Without an argument, umask displays the current mask.

3. Practical Examples

chmod

Example 1: Granting read and execute permissions to everyone on a script.

chmod a+rx myscript.sh

Example 2: Granting write permission to the group owner of a file.

chmod g+w myfile.txt

Example 3: Removing write permission from others for a directory.

chmod o-w mydirectory

Example 4: Using numeric mode to set specific permissions (755 - rwxr-xr-x).

chmod 755 myscript.sh

Example 5: Setting specific permissions recursively (use with CAUTION!).

chmod -R 777 /path/to/directory  # DANGEROUS - Avoid using 777 recursively in production!

Example 6: Give the owner full permission, the group read and execute, and others no permissions.

chmod 750 myfile.txt

chown

Example 1: Changing the owner of a file to john.

chown john myfile.txt

Example 2: Changing both the owner and group of a directory to john and developers, respectively.

chown john:developers mydirectory

Example 3: Changing only the group ownership to admins.

chown :admins myfile.txt

Example 4: Changing ownership recursively (use with CAUTION!).

chown -R john:developers /path/to/directory # DANGEROUS if used incorrectly

umask

Example 1: Displaying the current umask value.

umask
# Output (example): 0022

Example 2: Setting the umask to 0027 (Removes write permission for group and all permissions for others).

umask 0027

Example 3: Setting umask for the current session and future sessions (add to ~/.bashrc or /etc/profile):

echo "umask 0027" >> ~/.bashrc  # Sets umask for future sessions
source ~/.bashrc              # Applies the change to the current session.

4. Common Options

chmod

• -R, --recursive: Apply changes recursively to directories and their contents. USE WITH EXTREME CAUTION!
• -v, --verbose: Show diagnostic information for every processed file.
• --reference=RFILE: Use RFILE’s mode instead of MODE value.

chown

• -R, --recursive: Apply changes recursively to directories and their contents. USE WITH EXTREME CAUTION!
• -v, --verbose: Show diagnostic information for every processed file.
• --from=CURRENT_OWNER: Only change the owner if it matches the given value. Useful for scripts.
• --reference=RFILE: Use RFILE’s owner and group instead of OWNER:GROUP values.

umask

• -S, --symbolic: Output the mask in symbolic notation (e.g., u=rwx,g=rx,o=rx). Useful for understanding the mask’s effect.
• -p: Output the umask value in a format that can be reused as a command.

5. Advanced Usage

chmod

Example 1: Using --reference to copy permissions from one file to another.

chmod --reference=template.txt myfile.txt

Example 2: Combining symbolic and numeric modes (less common, but possible).

chmod u+s,770 myscript.sh  # Set the setuid bit for the user and set permissions to rwxrwx---

Example 3: Using find to change permissions on all files in a directory based on name.

find /path/to/directory -name "*.txt" -exec chmod 644 {} \;

chown

Example 1: Using --from to conditionally change ownership.

chown --from=root:root john:developers myfile.txt  # Only changes if owned by root:root

Example 2: Using --reference to copy ownership from one file to another.

chown --reference=template.txt myfile.txt

Example 3: Using find to change ownership of all files in a directory based on name.

find /path/to/directory -name "*.log" -exec chown john:admins {} \;

umask

Example 1: Understanding the umask’s effect.

If umask is 022:

• Default file permissions: 666 - 022 = 644 (rw-r—r—)
• Default directory permissions: 777 - 022 = 755 (rwxr-xr-x)

Example 2: Setting a more restrictive umask for increased security.

umask 077  # Creates files with mode 600 (rw-------) and directories with mode 700 (rwx------)

6. Tips & Tricks

• Use symbolic mode for chmod whenever possible. It’s more readable and less error-prone than numeric mode.
• Always be cautious when using the -R (recursive) option with chmod and chown. Double-check the path and permissions before executing. A mistake can break your system.
• Test commands in a non-production environment first. This is especially important when dealing with recursive changes or complex permission schemes.
• Use ls -l to verify permissions after making changes.
• Consider using Access Control Lists (ACLs) for more granular permission control. (See setfacl and getfacl).
• Understand the difference between the setuid (SUID), setgid (SGID), and sticky bits. They have special meanings for executables and directories.
• Document your permission changes. Keep a record of why you made specific changes, especially in shared environments.
• Use a script to automate complex permission setups. This ensures consistency and reduces errors.

7. Troubleshooting

• “Operation not permitted” error: You are trying to change permissions or ownership of a file that you don’t own or don’t have sufficient privileges to modify (usually requires sudo).
• Permissions not taking effect: Double-check the path, the command syntax, and the current permissions. Also, ensure you’re using the correct user when testing the permissions.
• Recursive chmod or chown gone wrong: If you accidentally set incorrect permissions recursively, you may need to manually revert the changes. Use find and chmod or chown carefully to correct the permissions. Consider restoring from a backup if the damage is extensive.
• umask not working: Make sure the umask is set in the correct startup file (~/.bashrc, /etc/profile, etc.) and that the file is being sourced. Also, be aware that some applications may override the umask.
• Files created with unexpected permissions: Ensure the application creating the files isn’t explicitly setting permissions. Also check the active umask.

8. Related Commands

• ls -l: List files with detailed information, including permissions, owner, and group.
• stat: Display detailed file or file system status. Provides more information than ls -l.
• chgrp: Change group ownership (similar to chown :group).
• setfacl: Set Access Control Lists (ACLs) for finer-grained permission control.
• getfacl: Get Access Control Lists (ACLs) for a file or directory.
• sudo: Execute commands with superuser privileges.
• su: Switch user.

This cheatsheet provides a solid foundation for understanding and managing file permissions and ownership in Linux. Remember to practice these commands in a safe environment and always double-check your work before applying changes to production systems.