BestHub
Sign in
Operations 8 min read

Master Linux File Permissions: UGO, ACL, and chmod/chown Commands Explained

This guide explains Linux’s UGO permission model, the meaning of read/write/execute bits for files and directories, and demonstrates how to manage permissions using chmod, chown, chgrp, as well as advanced ACL techniques including mask and default settings.

Raymond Ops
Raymond Ops
Raymond Ops
Master Linux File Permissions: UGO, ACL, and chmod/chown Commands Explained

Basic UGO Permissions

In Linux, permissions are assigned to three categories of users: U (owner), G (group), and O (others). Each category can have three basic rights: r (read, value 4), w (write, value 2), and x (execute, value 1).

Permission symbols

r--

: read‑only -w-: write‑only --x: execute‑only rw-: read and write r-x: read and execute -wx: write and execute rwx: read, write, and execute ---: no permissions

File vs. directory semantics

For files, r allows reading the content, w permits modifying the content, and x is generally irrelevant except for executable binaries. For directories, r lets you list entries, w lets you create or delete entries, and x allows you to enter the directory and access its contents.

Changing permissions with chmod

chmod [options] <mode> <file...>

Examples:

chmod ugo+r a.conf
chmod u+rwx c.sh
chmod a+rw b.xml
chmod -R a+rw *
chmod 777 file   # equivalent to u=rwx,g=rwx,o=rwx
chmod 600 file   # owner read/write, others none

Changing ownership with chown

chown [options] user[:group] file...

Example (requires root):

chown tom:users d.key e.scrt
chown -R James:users *

Changing group with chgrp

chown user1 f1   # change group ownership

Access Control Lists (ACL)

ACL extends the traditional UGO model, allowing fine‑grained permissions for individual users or groups.

Basic ACL commands

View ACL: getfacl /home/test.txt Set ACL entry:

setfacl -m u:alice:rw /home/test.txt

Mask permission

The mask defines the maximum effective permissions for ACL entries. It can be set with -m:

setfacl -m m::rw- file

Default permission

Default ACL entries are inherited by newly created files or sub‑directories within a directory. They are set with the -d option:

setfacl -d d::rw- directory

Important notes

Both mask and default entries use the :: syntax.

Permissions can be expressed numerically or symbolically.

Values must be within the range - to rwx.

Practical uses of file permissions

Control user access to files.

Prevent execution of malicious programs.

Protect the integrity and confidentiality of data.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxACLchmodFile PermissionsUGO
Raymond Ops
Written by

Raymond Ops

Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment