File ownership and permissions

Each file and directory belongs to a specific user ID and group ID, and has a set of permissions (also referred to as modes) associated with it.

You can use these utilities to control ownership and permissions:

To: Use:
Specify the permissions for a file or directory chmod
Change the owner (and optionally the group) for a file or directory chown
Change the group for a file or directory chgrp

For details, see the Utilities Reference.

Note: You can change the permissions and ownership for a file or directory only if you're its owner or you're logged in as root. If you want to change both the permissions and the ownership, change the permissions first. Once you've assigned the ownership to another user, you can't change the permissions.

Permissions are divided into these categories:

u
Permissions for the user (i.e., the owner).
g
Permissions for the group.
o
Permissions for others (i.e., everyone who isn't in the group).

Each set of permissions includes:

r
Read permission. For a directory, this is permission to list the directory.
w
Write permission.
x
Execute permission. For a directory, this is permission to search the directory.
s or S
Setuid or setgid (see below).
t or T
Sticky bit (see below).

If you have read, but not search, permission for a directory, you can see the files in the directory, but you can't read or modify the contents of the files. If you have search, but not read, permission for a directory (say dir) and read permission on a subdirectory (say dir/subdir), then you can't list the contents of dir to see subdir, but if you—somehow—know that dir/subdir exists, you can list the contents of dir/subdir if you specify its path directly.

If you list your home directory (using ls -al), you might get output like this:

total 94286
drwxr-xr-x 18 barney    techies        6144 Sep 26 06:37 ./
drwxrwxr-x  3 root      root           2048 Jul 15 07:09 ../
-rw-rw-r--  1 barney    techies         320 Nov 11  2013 .kshrc
-rw-rw-r--  1 barney    techies           0 Aug 08 09:17 .lastlogin
-rw-r--r--  1 barney    techies         254 Nov 11  2013 .profile
-rw-rw-r--  1 barney    techies        3585 Jul 31  1993 123.html
-rw-rw-r--  1 barney    techies         185 Aug 08  2014 Some_file
drwx------  2 barney    techies        4096 Jul 04 11:17 bin/
-rw-------  1 barney    techies          34 Jul 05  2002 cmd.txt
drwxr-xr-x  2 barney    techies        2048 Feb 26  2014 interesting_stuff/
drwxrwxr-x  3 barney    techies        2048 Oct 17  2002 more_stuff/
drwxrwxr-x  2 barney    techies        4096 Jul 04 09:06 workspace/

The first column is the set of permissions. A leading d indicates that the item is a directory; see Types of files,” earlier in this chapter.

Note: If the permissions are followed by a plus sign (+), the file or directory has an access control list that further specifies the permissions. For more information, see Access Control Lists (ACLs),” below.

You can also use octal numbers to indicate the modes; see chmod in the Utilities Reference.