File Permissions and Ownership in Red Hat Linux

Understanding file permissions and ownership is a core skill for any Red Hat Enterprise Linux (RHEL) administrator. This lesson covers the basics of permission types, how to change file ownership, and how to manage access using commands like chmod, chown, and chgrp. By mastering these concepts, administrators can ensure secure and efficient system operations.

Managing file permissions and ownership in Red Hat Enterprise Linux (RHEL) is essential for system security and proper access control. Every file and directory in Linux has specific rules that determine who can read, write, or execute it. This lesson will walk through standard permissions, ownership, special permission bits, and advanced Access Control Lists (ACLs).

By the end, you should be able to interpret permissions, modify them, and apply special controls to meet real-world security needs.


Reviewing Permissions and Their Meaning

When you list files and folders with ls -l, you’ll see permissions displayed like this:

-rwxr-x--- 1 root root 1234 Aug 20 example.txt
  • The first character ( – ) indicates the file type
    • – = file
    • d = directory
    • 1 = symlink
  • The next nine characters are grouped in three sets:
    • User (owner) → rwx
      • The user who owns the file/folder.
    • Group → r-x
      • The group who is placed on the file/folder.
    • Other → —
      • All others who are not listed in the user or group section.

Meaning of each letter:

  • r → Read Permission
  • w → Write Permission
  • x → Execute Permission
  • – → No Permission

Numerical Equivalents

Permissions also map to the following numbers:

  • r = 4
  • w = 2
  • x = 1
  • 0 = No permissions

For example:

  • rwxr-x-r– = 754
  • rw-r—– = 640


Setting File Permissions

Permissions are changed with the chmod command.

Symbolic Mode

chmod u+x script.sh   #Add execute for user/owner
chmod g-w file.txt    #Remove write for group
chmod o-r file.txt    #Remove read for others

Numeric Mode

chmod 755 script.sh   # owner=rwx, group=rx, others=rx
chmod 640 file.txt    # owner=rw, group=r, others=none

Tip: Use ls -l or ll for short to verify your changes after setting permissions. The use of -R will recursively affect all files and folders when running chmod.


File Ownership Managemnet

Each file has a user owner and a group owner. Multiple users or groups cannot be set by default in Linux and must be done through the use of extended ACL’s (discussed later).

Changing File Owner

chown jdoe file.txt  # Changes owner to jdoe

Changing Group Ownership

chgrp developers file.txt  # Changes group to developers

Combined Example

chown jdoe:developers file.txt  # Changes owner to jdoe and group to developers

Tip: Use ls -l or ll for short to verify your changes after setting ownership. The use of -R will recursively affect all files and folders when running chown and chgrp.


Special Permissions: Setuid, Setgid, and Sticky Bit

Special permission bits give extra control:

Setuid (s on user)

Files with execute bit set will run with the file owner’s permissions instead of the user’s.

chmod u+s script.sh

Setgid (s on group)

On files: executes with the group’s permissions. On directories: new files will inherit the directory’s group instead of the user’s default group.

chmod g+s directory/

Sticky Bit (t on others)

On directories, the sticky bit will prevent users from deleting files they don’t own. Commonly used on the tmp directory.

chmod +t /shared/folder


Extended ACLs and Inheritance

Access Control Lists (ACLs) provide finer-grained access beyond standard owner/group/other permissions.

Viewing Current ACLs

getfacl file.txt

Setting ACLs

setfacl -m u:jdoe:rx script.sh   # Grants jdoe read-execute of script.sh
setfacl -Rm g:admins:rw dir/ # Grants admins read/write recursively of dir/

Default (Inherited) ACLs on Directories

The following example will ensure that all new files and folders in the directory will automatically inherit the user or group permissions.

setfacl -d -Rm u:jdoe:r folder/ # Grants jdoe read recursively over folder/
setfacl -d -m g:admins:rwx dir/ # Grants rwx to admins group over dir/, not recursively.
setfacl -d -m g::rwx dir/ # Ensures default group has rwx for all new files/folders


Practice Exercises

Try the following in a test environment to reinforce your knowledge:

  1. Create a test file and give it rw-r–r– permissions. Verify with ls -l.
  2. Add write access for group and users using both symbolic and numeric chmod.
  3. Create a directory shared/ and apply the sticky bit. Test by trying to delete a file as another user.
  4. Use chown to transfer ownership of a file to another user.
  5. Create a directory with a default ACL that ensures all new files are group-writable. Assign a secondary group with read-execute permissions.

Prev Next