When to Use chmod vs chown
| technology | system admin - David Zomaya

When to Use chmod vs chown

Chmod and chown are two of the most important commands when it comes to Linux and Unix file permissions. In addition to being an important part of IT security, they appear on multiple IT certification exams.

However, it isn’t always easy to understand how they work. Reading help pages for *nix commands is useful, but is often challenging for beginners. To help you hit the ground running with these two popular GNU Core Utilities, we’ve put together this crash course on chmod vs. chown.

chmod vs. chown: The Short Version

chmod (or “change mode”) dictates what the user/group that owns a file can do with that file. Specifically, chmod details read, write, and execute permissions on the *nix command line, and it’s also something you’ll need to know to earn CompTIA Network+ certification.

chown (or “change owner”) dictates who owns a file. Specifically, chown controls what user and what group owns a given file or set of files.

Worded differently:

  • If you want to change what users can do with a file, you probably want chmod.
  • If you want to change the owner of a file, you probably want chown.

With that in mind, we can dive into the nuts and bolts of these two commands.

File Permissions: How to Use rwx

The next step in our journey to understanding chmod and chown is looking at the output of “ls -l” after creating a file. Here, we’ll use “touch learningnotes.txt” to create a text file in an empty directory. Then we’ll use “ls -l” to check out the file size, last modified time, file name, and file permissions.

:~$ ls -l
-rw-rw-rw- 1 cooluser cooluser 0 Jun 7 19:47 learningnotes.txt

In the context of file permissions, “-rw-rw-rw-“ and  “cooluser cooluser” are the areas we need to focus on.  Here are the component parts of the ls -l output:Here’s the key to what each part of the ls -l output means:

  1. The “-” tells us the file is a regular file type. Other common types include: “d” for directories and “l” for symlinks.
  2. These are the permissions for the file, and there are three parts: user (first rw-), group (second rw-) and all users & groups (third rw-). Here’s a further breakdown of the permission component:
  3. Number of links to the file.
  4. Name of the user that owns the file.
  5. Name of the group that owns the file.
  6. The size of the file in bytes.
  7. The date and time that the file was created or last modified.
  8.  File name

Given that, we can see that “cooluser,” the “cooluser” group, and all other users and groups have “read” and “write” permissions on learningnotes.txt.

 

Those characters that represent read, write, and execute permissions are also expressed numerically as decimal and binary numbers (this becomes important with chmod). Here is the breakdown:

Permission Binary value Decimal value
No permission (—) 000 0
Execute only (–x) 001 1
Write only (-w-) 010 2
Read only (r–) 100 4
Write and execute (-wx) 011 3
Read and execute (r-x) 101 5
Read and write (rw-) 110 6
Read, write, and execute (rwx) 111 7

 

Don’t worry too much about memorizing this table for now, it will come with time and practice. Just remember read = 4, write = 2, and execute = 1.

What Read, Write, and Execute Mean

You will see the terms read, write, and execute thrown around a lot when it comes to Linux file permissions. So let’s review what they mean for both files and directories.

Term Meaning for files Meaning for directories
Read Read the content of the file Read a list of file names in a directory
Write Edit/modify the file Create, rename, delete, or modify files in the directory. Can also change the directory’s attributes.
Execute Can run executable files. Access the directory/make it your working directory. Generally, read and execute together for entering a directory.

 

For simplicity, we’ll focus on regular files from here on out. Just keep in mind that other file types (like directories) are affected by chmod and chown as well.

chmod Explained

chmod is an abbreviation of “change mode”, which should tell you something. It’s different than chown, which is short for “change owner”. In the most common use case, changing the mode means changing permissions, which we’ll show below.

Working with chmod requires putting together two of the concepts we learned above.

  • read = 4, write = 2, and execute = 1 (this is sometimes referred to as an octal representation of permissions)
  • The first set of 3 rwx characters is for the user that owns a file, the second set of 3 rwx characters is for the group that owns a file, and the file set of 3 rwx characters is for everyone else.

To change file permissions, we can simply input a command in the format:

  1. chmod command
  2. The octal representation of permissions.
  3. Path to file. Remember to use absolute paths if you didn’t “cd” into a new directory.

chmod Examples: 600, 400, 664

For example, to change our “learningnotes.txt” file so only the owner has read and write permissions and everyone else has no permissions, we can execute the command “chmod 600 learningnotes.txt”

:~$ chmod 600 learningnotes.txt
:~$ ls -l
-rw——- 1 cooluser cooluser 0 Jun 7 19:47 learningnotes.txt

As expected, after the command the permissions on the file change to rw——-. Which makes sense. The first “rw” tells us the file owner had read and write privileges. The 7 “-” characters after that tell us the owner does not have execute permissions and no one else has any permissions.

Suppose we wanted to change it the owner can only read, but not write to, the file. In that case, “chmod 400 learningnotes.txt” will do the trick.

:~$ chmod 400 learningnotes.txt
:~$ ls -l
-r——– 1 cooluser cooluser 0 Jun 7 19:47 learningnotes.txt

Again, the “ls -l” output updates as we expect. “r——–” tells us the user that owns the file has read privileges and no one else has any privileges.

If we want to give the user and group that owns the file read and write permissions, and everyone else read-only permissions, that is achieved using “chmod 664 learningnotes.txt.” The first 6 gives read and write permissions to the user that owns the file, the second 6 gives read and write permissions to the group that owns the file, and the 4 gives read only permissions to everyone else.

:~$ chmod 664 learningnotes.txt
:~$ ls -l
-rw-rw-r– 1 cooluser cooluser 0 Jun 7 19:47 learningnotes.txt

The “rw-rw-r–” lines up with exactly what we wanted.

Remember: In the above examples, we just used “learningnotes.txt” because we’re working in the same directory as the file. To use chmod on files in other directories, be sure to include the path to the files (e.g. /path/to/the/file.name).

Other Ways to Use chmod

Those basic examples using octal permissions should be enough for you to get started with chmod. In fact, understanding how those work will likely be enough for many real-world applications. However, there are other ways to use chmod as well.

For example, symbolic representation of permissions using letters and + – characters is another approach. Here is a quick breakdown of the more common supported characters for symbolic representation with chmod:

Character Explanation
u User that owns the file
g Group that owns the file
o All other users and groups
a All users and groups
r Read permission
w Write permission
x Execute permission
Remove permission
+ Add permission
= Make permissions exactly this

With symbolic representation, chmod commands will follow this general format:

Here’s the breakdown of a chmod user command with symbolic representation:

  1. chmod command
  2. Select one character: u, a, g, or o. These are the single character commands you can use to change ownership of a file or directory. See chart above.
  3. Select one character: +, -, or =. These are the add, remove, or “make exact” permissions. See chart above.
  4. Select read, write, execute permissions.
  5. Path to file.

For example, if we start with our “learningnotes.txt” file set to rw-rw-r–, we can give all other users and groups write permissions with “chmod o+w learningnotes.txt.”

:~$ chmod 664 learningnotes.txt
:~$ ls -l
-rw-rw-r– 1 cooluser cooluser 0 Jun 7 20:56 learningnotes.txt
:~$ chmod o+w learningnotes.txt
:~$ ls-l
-rw-rw-rw- 1 cooluser cooluser 0 Jun 7 20:56 learningnotes.txt

Here are a few examples to help you understand symbolic chmod commands:

Command Explanation
chmod +x /path/to/your/file.name Makes file.name executable
chmod u=rwx,g=rx,o=rx /path/to/your/file.name Give the user that owns /path/to/your/file.name read, write, and execute permissions. Everyone else gets read and execute. Equivalent to chmod 755 /path/to/your/file.name
chmod -x /path/to/your/file.name Remove executable permissions from /path/to/your/file.name
chmod o+w /path/to/your/file.name Give non-owners write permissions on /path/to/your/file.name

chown Explained

chown is an abbreviation for “changing owner”, which is pretty self-explanatory. While chmod handles what users can do with a file once they have access to it, chown assigns ownership.

As you may have noticed, none of the chmod commands we discussed above changed who owns the files we’re working with. That’s where chown comes in. Compared to chmod, chown has fewer basics to cover to get started.

The basic chown command format boils down to:

  1. sudo allows you to access the file by entering a password.
  2. chown command
  3. The username of the new file owner, which is represented as user, user:, user:group, or :group. See chart below.
  4. Path to the file.

It’s important to note that chown generally requires sudo/root permissions. Owning the file alone is not enough to be able to change the owner.

The basic format for [new owner] is user:group. There are 4 common ways to use this format:

Format for new owner Explanation
user Changes only the user that owns the file.
user: Changes the user that owns the file and changes the group to that user’s group.
user:group Changes both the user and group that own the file.
:group Changes only the group that owns the file.

 

Let’s use our “learningnotes.txt” file to walk through a few examples.

To change the user that owns “learningnotes.txt” to “someotheruser” but leave the group unchanged, we’ll use “sudo chown someotheruser learningnotes.txt”:

:~$ ls -l
-rw-rw-rw- 1 cooluser cooluser 0 Jun 7 20:56 learningnotes.txt
:~$ sudo chown someotheruser learningnotes.txt
:~$ ls-l
-rw-rw-r– 1 someotheruser cooluser 0 Jun 7 20:56 learningnotes.txt

We can see the permissions and group stayed the same, but the user that owns the file changed.

To change the group to “othergroup” we can use “sudo chown :othergroup learningnotes.txt”:

:~$ ls -l
-rw-rw-rw- 1 someotheruser cooluser 0 Jun 7 20:56 learningnotes.txt
:~$ sudo chown :othergroup learningnotes.txt
:~$ ls-l
-rw-rw-rw- 1 someotheruser othergroup 0 Jun 7 20:56 learningnotes.txt

Here, we can see group ownership changed.

Finally, to change the user and the group back to “cooluser” we can use “sudo chown cooluser: learningnotes.txt” (cooluser’s group is “cooluser”):

:~$ ls -l
-rw-rw-rw- 1 someotheruser cooluser 0 Jun 7 20:56 learningnotes.txt
:~$ sudo chown cooluser: learningnotes.txt
:~$ ls-l
-rw-rw-rw- 1 cooluser cooluser 0 Jun 7 20:56 learningnotes.txt

And now, as expected, we’re back to where we started.

Wrapping Up

Now that you understand chmod vs. chown, you can combine the two to achieve specific goals. For example, want only root to have read and write permission on a file? Think about what “chmod 600 /path/to/your/file.name” and “sudo chown root: /path/to/your/file.name” will do.

Of course, there are plenty of other examples and iterations where you can combine these two commands. That’s where things get interesting, applying the knowledge to address real-world requirements. In that way, and a few others, understanding Linux/Unix file permissions is like learning IPv4 subnetting. There is some binary math, there’s a good chance you’re tackling it as part of studying for an IT cert, and it can be intimidating at first. Fortunately, both get easier to understand with a little practice and understanding of the basics.

This overview of chmod and chown should help you hit the ground running in both real-world projects and *nix-related certification studies. However, there’s still plenty more to learn after this. Working with directories, multiple files, flags like setuid, setgid, & sticky, and tools like umask come next. Once you’re comfortable with the basics, move on to those and keep going.

Download

Download

Ultimate Networking Cert Guide

A 97-page guide to every Cisco, Juniper, F5, and NetApp certification, and how they fit into your career.

I have read and understood the privacy policy, and am able to consent to it.