Understanding Linux File Permissions: A Guide to chmod, chown, and chgrp

Managing file permissions is one of the most important skills for Linux and DevOps engineers.
Incorrect permissions = broken deployments, security issues, and Permission denied errors.

In this guide, you’ll learn:

• What Linux permissions mean
• How to read permission notation
• How to use chmod, chown, and chgrp with real examples

What Are Linux File Permissions?

Every file in Linux has three types of access:

And permissions apply to three owner levels:

How to View Permissions

ls -l

Example output:

-rwxr-x--x 1 ubuntu devops 1024 Jan 10 script.sh

Breakdown:

chmod — Change File Permissions

Symbolic mode (u/g/o + add/remove = ±)

chmod u+x script.sh         # give execute to owner
chmod g-w app.log           # remove write from group
chmod o-r secrets.env       # prevent others from reading
chmod ug+r config.yaml      # allow owner & group to read

Numeric Mode (octal notation)

r = 4 w = 2 x = 1

Example:

chmod 755 script.sh   # Owner rwx, group r-x, others r-x
chmod 600 id_rsa      # Only owner can read/write (secure SSH key)

Recursive apply

chmod -R 755 /var/www/app   # apply to all files/subfolders

chown — Change File Owner & Group

Change owner only:

chown ubuntu script.sh   # set user as owner

Change owner & group:

chown ubuntu:devops script.sh

Recursive owner change:

chown -R www-data:www-data /var/www/app

Commonly used for web servers (nginx / apache)

chgrp — Change Group Ownership

chgrp devops file.txt         # assign group to file
chgrp -R devops /data         # apply recursively

Useful when multiple users share same project directory.

Quick Security Tips

✔ Restrict sensitive files ✔ Avoid chmod 777 🚫 (full access to everyone — dangerous!) ✔ Use groups for shared access ✔ Always check permissions before production deploys