When to Use chmod vs chown
Chmod and chown are two of the most important commands when it comes to Linux and Unix file permissions. In addition to being an important part of IT security, they appear on multiple IT certification exams.
However, it isn't always easy to understand how they work. Reading help pages for *nix commands is useful, but is often challenging for beginners. To help you hit the ground running with these two popular GNU Core Utilities, we've put together this crash course on chmod vs. chown.
chmod vs. chown: The Short Version
chmod (or “change mode”) dictates what the user/group that owns a file can do with that file. Specifically, chmod details read, write, and execute permissions on the *nix command line, and it's also something you'll need to know to earn CompTIA Network+ certification.
chown (or “change owner”) dictates who owns a file. Specifically, chown controls what user and what group owns a given file or set of files.
If you want to change what users can do with a file, you probably want chmod.
If you want to change the owner of a file, you probably want chown.
With that in mind, we can dive into the nuts and bolts of these two commands.
File Permissions: How to Use rwx
The next step in our journey to understanding chmod and chown is looking at the output of "ls -l" after creating a file. Here, we'll use "touch learningnotes.txt" to create a text file in an empty directory. Then we'll use "ls -l" to check out the file size, last modified time, file name, and file permissions.
:~$ ls -l -rw-rw-rw- 1 cooluser cooluser 0 Jun 7 19:47 learningnotes.txt
In the context of file permissions, "-rw-rw-rw-" and "cooluser cooluser" are the areas we need to focus on. Here are the component parts of the ls -l output:
Here’s the key to what each part of the ls -l output means:
1. The “-” tells us the file is a regular file type. Other common types include: “d” for directories and “l” for symlinks. 2. These are the permissions for the file, and there are three parts: user (first rw-), group (second rw-) and all users & groups (third rw-). Here’s a further breakdown of the permission component:
3. Number of links to the file. 4. Name of the user that owns the file. 5. Name of the group that owns the file. 6. The size of the file in bytes. 7. The date and time that the file was created or last modified. 8. File name
Given that, we can see that "cooluser," the "cooluser" group, and all other users and groups have "read" and "write" permissions on learningnotes.txt.
Those characters that represent read, write, and execute permissions are also expressed numerically as decimal and binary numbers (this becomes important with chmod). Here is the breakdown:
No permission (—)
Execute only (–x)
Write only (-w-)
Read only (r–)
Write and execute (-wx)
Read and execute (r-x)
Read and write (rw-)
Read, write, and execute (rwx)
Don't worry too much about memorizing this table for now, it will come with time and practice. Just remember read = 4, write = 2, and execute = 1.
What Read, Write, and Execute Mean
You will see the terms read, write, and execute thrown around a lot when it comes to Linux file permissions. So let's review what they mean for both files and directories.
Meaning for files
Meaning for directories
Read the content of the file
Read a list of file names in a directory
Edit/modify the file
Create, rename, delete, or modify files in the directory. Can also change the directory's attributes.
Can run executable files.
Access the directory/make it your working directory. Generally, read and execute together for entering a directory.
For simplicity, we'll focus on regular files from here on out. Just keep in mind that other file types (like directories) are affected by chmod and chown as well.
chmod is an abbreviation of “change mode”, which should tell you something. It’s different than chown, which is short for “change owner”. In the most common use case, changing the mode means changing permissions, which we’ll show below.
Working with chmod requires putting together two of the concepts we learned above.
read = 4, write = 2, and execute = 1 (this is sometimes referred to as an octal representation of permissions)
The first set of 3 rwx characters is for the user that owns a file, the second set of 3 rwx characters is for the group that owns a file, and the file set of 3 rwx characters is for everyone else.
To change file permissions, we can simply input a command in the format:
The octal representation of permissions.
Path to file. Remember to use absolute paths if you didn’t “cd” into a new directory.
chmod Examples: 600, 400, 664
For example, to change our "learningnotes.txt" file so only the owner has read and write permissions and everyone else has no permissions, we can execute the command "chmod 600 learningnotes.txt"
:~$ chmod 600 learningnotes.txt :~$ ls -l -rw——- 1 cooluser cooluser 0 Jun 7 19:47 learningnotes.txt
As expected, after the command the permissions on the file change to rw——-. Which makes sense. The first "rw" tells us the file owner had read and write privileges. The 7 "-" characters after that tell us the owner does not have execute permissions and no one else has any permissions.
Suppose we wanted to change it the owner can only read, but not write to, the file. In that case, "chmod 400 learningnotes.txt" will do the trick.
:~$ chmod 400 learningnotes.txt :~$ ls -l -r——– 1 cooluser cooluser 0 Jun 7 19:47 learningnotes.txt
Again, the "ls -l" output updates as we expect. "r——–" tells us the user that owns the file has read privileges and no one else has any privileges.
If we want to give the user and group that owns the file read and write permissions, and everyone else read-only permissions, that is achieved using "chmod 664 learningnotes.txt." The first 6 gives read and write permissions to the user that owns the file, the second 6 gives read and write permissions to the group that owns the file, and the 4 gives read only permissions to everyone else.
:~$ chmod 664 learningnotes.txt :~$ ls -l -rw-rw-r– 1 cooluser cooluser 0 Jun 7 19:47 learningnotes.txt
The "rw-rw-r–" lines up with exactly what we wanted.
Remember: In the above examples, we just used "learningnotes.txt" because we're working in the same directory as the file. To use chmod on files in other directories, be sure to include the path to the files (e.g. /path/to/the/file.name).
Other Ways to Use chmod
Those basic examples using octal permissions should be enough for you to get started with chmod. In fact, understanding how those work will likely be enough for many real-world applications. However, there are other ways to use chmod as well.
For example, symbolic representation of permissions using letters and + – characters is another approach. Here is a quick breakdown of the more common supported characters for symbolic representation with chmod:
User that owns the file
Group that owns the file
All other users and groups
All users and groups
Make permissions exactly this
With symbolic representation, chmod commands will follow this general format:
Here’s the breakdown of a chmod user command with symbolic representation:
Select one character: u, a, g, or o. These are the single character commands you can use to change ownership of a file or directory. See chart above.
Select one character: +, -, or =. These are the add, remove, or “make exact” permissions. See chart above.
Select read, write, execute permissions.
Path to file.
For example, if we start with our "learningnotes.txt" file set to rw-rw-r–, we can give all other users and groups write permissions with "chmod o+w learningnotes.txt."
:~$ chmod 664 learningnotes.txt :~$ ls -l -rw-rw-r– 1 cooluser cooluser 0 Jun 7 20:56 learningnotes.txt :~$ chmod o+w learningnotes.txt :~$ ls-l -rw-rw-rw- 1 cooluser cooluser 0 Jun 7 20:56 learningnotes.txt
Here are a few examples to help you understand symbolic chmod commands:
chmod +x /path/to/your/file.name
Makes file.name executable
chmod u=rwx,g=rx,o=rx /path/to/your/file.name
Give the user that owns /path/to/your/file.name read, write, and execute permissions. Everyone else gets read and execute. Equivalent to chmod 755 /path/to/your/file.name
chmod -x /path/to/your/file.name
Remove executable permissions from /path/to/your/file.name
chmod o+w /path/to/your/file.name
Give non-owners write permissions on /path/to/your/file.name
chown is an abbreviation for “changing owner”, which is pretty self-explanatory. While chmod handles what users can do with a file once they have access to it, chown assigns ownership.
As you may have noticed, none of the chmod commands we discussed above changed who owns the files we're working with. That's where chown comes in. Compared to chmod, chown has fewer basics to cover to get started.
The basic chown command format boils down to:
sudo allows you to access the file by entering a password.
The username of the new file owner, which is represented as user, user:, user:group, or :group. See chart below.
Path to the file.
It's important to note that chown generally requires sudo/root permissions. Owning the file alone is not enough to be able to change the owner.
The basic format for [new owner] is user:group. There are 4 common ways to use this format:
Format for new owner
Changes only the user that owns the file.
Changes the user that owns the file and changes the group to that user's group.
Changes both the user and group that own the file.
Changes only the group that owns the file.
Let's use our "learningnotes.txt" file to walk through a few examples.
To change the user that owns "learningnotes.txt" to "someotheruser" but leave the group unchanged, we'll use "sudo chown someotheruser learningnotes.txt":
:~$ ls -l -rw-rw-rw- 1 cooluser cooluser 0 Jun 7 20:56 learningnotes.txt :~$ sudo chown someotheruser learningnotes.txt :~$ ls-l -rw-rw-r– 1 someotheruser cooluser 0 Jun 7 20:56 learningnotes.txt
We can see the permissions and group stayed the same, but the user that owns the file changed.
To change the group to "othergroup" we can use "sudo chown :othergroup learningnotes.txt":
:~$ ls -l -rw-rw-rw- 1 someotheruser cooluser 0 Jun 7 20:56 learningnotes.txt :~$ sudo chown :othergroup learningnotes.txt :~$ ls-l -rw-rw-rw- 1 someotheruser othergroup 0 Jun 7 20:56 learningnotes.txt
Here, we can see group ownership changed.
Finally, to change the user and the group back to "cooluser" we can use "sudo chown cooluser: learningnotes.txt" (cooluser's group is "cooluser"):
:~$ ls -l -rw-rw-rw- 1 someotheruser cooluser 0 Jun 7 20:56 learningnotes.txt :~$ sudo chown cooluser: learningnotes.txt :~$ ls-l -rw-rw-rw- 1 cooluser cooluser 0 Jun 7 20:56 learningnotes.txt
And now, as expected, we're back to where we started.
Now that you understand chmod vs. chown, you can combine the two to achieve specific goals. For example, want only root to have read and write permission on a file? Think about what "chmod 600 /path/to/your/file.name" and "sudo chown root: /path/to/your/file.name" will do.
Of course, there are plenty of other examples and iterations where you can combine these two commands. That's where things get interesting, applying the knowledge to address real-world requirements. In that way, and a few others, understanding Linux/Unix file permissions is like learning IPv4 subnetting. There is some binary math, there's a good chance you're tackling it as part of studying for an IT cert, and it can be intimidating at first. Fortunately, both get easier to understand with a little practice and understanding of the basics.
This overview of chmod and chown should help you hit the ground running in both real-world projects and *nix-related certification studies. However, there's still plenty more to learn after this. Working with directories, multiple files, flags like setuid, setgid, & sticky, and tools like umask come next. Once you're comfortable with the basics, move on to those and keep going.
delivered to your inbox.