7 Linux Commands to Manage File Permissions

7 Linux Commands to Easily Manage File Permissions

If you click our links and make a purchase, we may earn an affiliate commission. Learn more

Managing files on Linux isn’t just about adding or deleting them. Sometimes, you need to control who can access, modify, or execute those files—or identify who owns them. I will show you different tools and utilities that make managing permissions easy.

On Linux, file permissions can be managed using specific commands to change access rights, ownership, and defaults. Other commands can then be used to retrieve information from the files or directories.

There are 7 different commands that we’re going to take a look at together. I’ll give you some examples to help you understand how to use them in real cases. After reading this article, you’ll know how to apply them to your projects or situations.

If you need help with Linux, I’ve got something that can help you right away!
Download my free Linux commands cheat sheet – it’s a quick reference guide with all the essential commands you’ll need to get things done on your system. Click here to get it for free!

ls – Listing File Permissions and Ownership

This is one of the most fundamental tools on Linux, and you’ve likely used it at different times to view the content of a directory or check details from specific files. Whichever way you use it, for discovering directory content or inspecting files, ls is the solution for these tasks.

Besides those functionalities, ls (Listing Files) includes a special feature that earns its place on this list, it allows you to see who owns a file and what permissions are set for different users or group.

Using the option -l with ls will reveal additional details, you can see the file owner and the group it belongs to the user. Besides that, on the left side, the permissions of the file will be represented in different symbols:
ls -l

Now, you are probably wondering how you can understand all those symbols on the left side, and what they mean. You can observe this image, which depending on the order and place of the symbols will indicate to whom the permission is intended.

Check this: Yes, you can access your Pi from anywhere. Here's how.

The permissions are divided into 4 segments, the first denotes the file type, and the following ones for the owner, the group and other users. The absence of a symbol is represented by -, and the others by r (read), w (write) and x (execute).

It may be a little confusing at first, but as you use it more often, you will understand it more and your memory will do its job.

Always Forgetting Linux Commands?
Grab This Cheat Sheet!
I've compiled the must-know commands in a simple PDF for quick reference.
Download now

Related: File Permissions on Linux Explained for Absolute Beginners

Prefer reading without ads and popups?
Members get an ad-free version of every guide, plus exclusive project support.
Join the Community | Sign In

Tip: Command lines can be a pain to memorize. I put the essential Linux commands on a printable cheat sheet so you don't have to keep googling them. You can grab the PDF here if you want to save some time.

stat – Advanced view of file and directory permissions

As if that wasn’t enough, you can get more information than the command in the previous section could not provide, and in a more user-friendly way with stat. However, we can only use it to detail a specific file or folder and not globally in the directory.

The stat command is an advanced tool that allows you to analyze a file, obtaining information of our interest, such as permissions (in symbolic and octal form), ownership by user and group (in text and gid/uid code), all in a friendly and easy to read way.

You can use it simply by just using the command and specifying the file like this:
stat <file>

You might also like: Turn your Raspberry Pi into a money-making machine

Now, I’m sure you’re wondering, about the numbering next to the permissions, this is the absolute format to represent them, just like the symbolic mode, it is divided into three groups: Owner, Users, and Other. Let’s look at this table, to understand it better:

Absolute representationSymbolic equivalentDescription
7rwxRead, Write, Execute
6rw-Read, Write
5r-xRead, Execute
4r–Read Only
3-wxWrite, Execute
2-w-Write Only
1–xExecute Only
0No Permissions

So if you are looking for a more user-friendly alternative that can provide you with more information, stat is the best solution for what you are looking for.

chmod – Modify File and Directory Permissions

We can start changing file and directory permissions, starting with the cmod command. This tool allows you to control who can read, write or execute a file, making it the most essential from this list.

chmod (Change Mode) lets you modify permissions using two methods: symbolic mode, which is more intuitive, and absolute mode, which is more precise and used by advanced users.

Always Forgetting Linux Commands?
Grab This Cheat Sheet!
I've compiled the must-know commands in a simple PDF for quick reference.
Download now

Symbolic mode: This method uses letters like u, g and o to define permissions, + and – to define to add or remove and the permissions by itself. For example, if you want to only allow the users to execute a file, you can do it this way:

chmod u+x <file>

Absolute mode: Here you will have to use more advanced functions, using numeric values to assign permissions. For example, 664, indicates rw (read and write) for the owner and the group, and r (read) for other users:
chmod <absolute-value> <file>

Read next: 25 project ideas you can try at home with Raspberry Pi

Note: In both symbolic and absolute modes, the same order is maintained, that is: owner, group, and other.

Depending on what you need, you can use one or the other, but is mostly personal preference and convenience, absolute mode is more direct, but symbolic mode is more intuitive.

chown – Change User Ownership

Beyond modifying permissions, it is also important to manage who owns a file. Using ls or stat you can identify it, but you can also change it with chown to choose a different owner who can have control of the file.

chown (Change Ownership) is particularly useful for administrative tasks. It allows you to transfer the ownership of files or directories to a specific existing user.

Before you go any further, you might want to read the article about creating a user. It will come in handy because how will you transfer the ownership of a file if you don’t create the user you want first?

Now you can specify the user to transfer ownership to, but it is also important to use the sudo argument before the command:
sudo chown <user-to-set> <file>

If you want to change the owner of an entire folder, you can use the -R option to apply it to the entire folder including subdirectories of the folder:
sudo chown -R <user-to-set> <folder>

Always Forgetting Linux Commands?
Grab This Cheat Sheet!
I've compiled the must-know commands in a simple PDF for quick reference.
Download now

As I mentioned before, this command is useful if you are working on a server, and you need to transfer the ownership of a file to another person so he can manage it without problems. Remember, the permissions from a user and the owner could be different.

Read next: Yes, you can access your Pi from anywhere. Here's how.

chgrp – Change Group Ownership

Sometimes changing the user ownership isn’t enough—assigning a file or directory to a group can be important too. The chgrp command is the right tool for situations like this, allowing you to change the group ownership from a file or directory.

CHGRP (Change Group) allows you to assign files or directories to a specific group so several users can act as joint owners of the same file or directory specified.

The syntax is quite similar to the command we saw in the previous section, we only have to specify the group we want to transfer the ownership to:
sudo chgrp <group-to-set> <file>

Likewise, we can apply this same command to a folder with subdirectories, using:
chgrp -R <group-to-set> <file>

Now let’s imagine the case where you need to share a file not only with one person but with an entire development team, in these cases it is necessary to give ownership to an entire group so they can manage the file or directory as a team, in these situations CHGRP is needed.

ACL (Access Control Lists) – Advanced Permission Management

The standard way of assigning permissions may work well in most cases, but it might not be enough in more complex scenarios. This is where ACL comes in, allowing you to manage permissions for different users and groups, each one different.

ACLs (Access Control Lists) allow you to assign custom rules to specific users or groups, each of which can have a different permission than the others. This is especially useful in scenarios when users need different access levels to the same file or directory.

Also: Don't buy a new SD card until your read this.

Always Forgetting Linux Commands?
Grab This Cheat Sheet!
I've compiled the must-know commands in a simple PDF for quick reference.
Download now

You can view the current rules with getfacl, just pointing to the file or directory of your choice:
getfacl <file>

To add permissions, we have a certain structure to take into consideration. First, you must specify whether it is a user, group or owner, followed by the name of the user or group and finally the permissions you want to add or modify:
setfacl -m <u/g/o>:<user/group>:<permission> <file>

You may be in situations, where you are managing a shared resource, such as a file, where you need certain users to only be able to read the file while others can edit it, in these cases is where you can use this tool.


🛠 This tutorial doesn't work anymore? Report the issue here, so that I can update it!

Stuck on this project? Ask me or other Pi users in the RaspberryTips Community. We help each other out and you'll get answers quick. Join and fix it together.

umask – Default Permission Settings

We’ve already explored how to manage permissions and ownership for existing files, but what about files you’ll create in the future? This is where umask comes into play, ensuring that new files and directories have the correct permissions automatically by defautl.

umask (User Mask) is a command that helps you set default permissions for new files and folders on your system. It ensures that everything you create has the right level of access automatically, saving you the time and effort of adjusting permissions later.

Using only the command itself you can first see what the default umask value is, in other words, what permission is generated by default when creating a file. Keep in mind that this is in absolute mode:
umask

Then, to change the value it has, we must specify in absolute mode (numerical) the permissions we want the new files to have. Just like this:
umask <absolute-value>

Also: Are you sure your Pi is secure? Here are 17 simple tips to protect it.

This command is useful in situations where specific permissions are needed repeatedly. Instead of manually adjusting permissions each time, umask allows you to set default rules to ensure that all new files and directories automatically have the permissions you want.

Whenever you're ready, here are other ways I can help you:

Master Linux Commands: Overwhelmed with Linux commands? This book is your essential guide to mastering the terminal. It includes practical tips, real-world examples, and a bonus cheat sheet to keep by your side.

The RaspberryTips Community: Need help with Linux or want to chat with people who actually get it? Join the RaspberryTips Community and get access to private forums, exclusive lessons, and direct support.

You can also find all my recommendations for tools and hardware on this page.

I am a System Administrator (SysAdmin) passionate about Linux, always looking to learn something new. I am a writer for RaspberryTips.com focusing on Linux & IT stuff. I also have a degree in Telecommunications Engineering.

Similar Posts