User permission commands

In Linux, Everything is a file. Because Linux was built as a multi-user system from day one, it uses a strict permission model to ensure users can't accidentally (or maliciously) modify system files or access each other's data.

1. Reading Permissions

Before you change permissions, you must understand what you are looking at. The command ls -l (list long) reveals the permission mode.

Example Output:

-rwxr-xr-- 1 user group 4096 Jan 01 12:00 myfile.txt

The first string (-rwxr-xr--) is the key. It consists of 10 characters broken into four parts:

Position	Char	Meaning	Description
1st Char	-	File Type	- = Regular File, d = Directory, l = Symbolic Link.
Next 3	rwx	User (u)	Permissions for the Owner of the file.
Next 3	r-x	Group (g)	Permissions for the Group assigned to the file.
Last 3	r--	Others (o)	Permissions for Everyone else (the public).

Files vs. Directories

A common confusion is that r, w, and x mean slightly different things depending on whether they are applied to a file or a folder.

Permission	Effect on FILE	Effect on DIRECTORY
Read (r)	View file contents (cat, nano).	List files inside (ls).
Write (w)	Modify or delete content.	Create, delete, or rename files inside the folder.
Execute (x)	Run file as a script/program.	Enter the folder (cd) and access metadata.

2. Changing Permissions

The chmod (Change Mode) command modifies the access rights. You can use Symbolic Mode (letters) or Numeric Mode (numbers).

Method A: Symbolic Mode (Human Readable)

Best for targeted tweaks (e.g., "Add execute to the group").

Syntax: chmod [who][operator][permission] filename

Who: u (user), g (group), o (others), a (all).
Operator: + (add), - (remove), = (set exactly).
Permission: r, w, x.

Method B: Numeric (Octal) Mode

Best for setting absolute permissions quickly. Each permission adds a value to a total score.

4 = Read (r)
2 = Write (w)
1 = Execute (x)
0 = No Permission

You calculate a 3-digit number (User-Group-Others). Example: rwx (4+2+1 = 7) | r-x (4+0+1 = 5) | r-- (4+0+0 = 4) -> 755

Standard codes:

Code	String	U	G	O	Use Case
777	rwxrwxrwx	7	7	7	DANGER. Everyone can write/delete. Only use for temporary testing.
755	rwxr-xr-x	7	5	5	Standard for Scripts/Dirs. Owner can edit; everyone else can read/run.
644	rw-r--r--	6	4	4	Standard for Files. Owner can edit; everyone else can read.
600	rw-------	6	0	0	Private. Only the owner can read/write (e.g., SSH keys).
400	r--------	4	0	0	Read-Only Private. Even the owner cannot accidentally edit it.

3. Changing Ownership

Every file has an owner and a group. chown (Change Owner) updates this. This is essential when you move files between users (e.g., uploading a website as 'root' but needing it owned by 'www-data').

Syntax:

sudo chown [new_owner]:[new_group] filename

Note: You almost always need sudo to give files away).

4. Changing Group Only

chgrp is a specialized subset of chown. It allows you to change only the group ownership.

Why use it? Regular users cannot use chown (you can't "give away" files to others for security reasons). However, regular users can use chgrp to change a file's group to another group they belong to.

Example: You are working on a file project.c. By default, your primary group owns it. You want to share it with the dev-team group.

chgrp dev-team project.c

(No sudo needed if you are a member of dev-team and own the file).

5. Special Permissions (SUID, SGID, Sticky Bit)

To be a true expert, you must know the "4th digit" in permissions (e.g., chmod 4755).

Type	Bit	Symbol	Function
SUID	4	s (User)	Run as Owner. When executed, the program runs with the file owner's permissions, not the user's. (e.g., passwd command needs root rights to update passwords).
SGID	2	s (Group)	Inherit Group. Used on directories. New files created inside will inherit the directory's group, not the creator's primary group. Essential for shared team folders.
Sticky	1	t (Others)	Restricted Deletion. Used on shared folders (like /tmp). Users can create files, but only the owner can delete their own files. Prevents users from deleting each other's work.