BestHub
Sign in
Operations 8 min read

Master Linux File Permissions: UGO, ACL, and chmod/chown Commands Explained

This guide explains Linux’s UGO permission model, the meaning of read/write/execute bits for files and directories, and demonstrates how to manage permissions using chmod, chown, chgrp, as well as advanced ACL techniques including mask and default settings.

Raymond Ops
Raymond Ops
Raymond Ops
Master Linux File Permissions: UGO, ACL, and chmod/chown Commands Explained

Basic UGO Permissions

In Linux, permissions are assigned to three categories of users: U (owner), G (group), and O (others). Each category can have three basic rights: r (read, value 4), w (write, value 2), and x (execute, value 1).

Permission symbols

r--

: read‑only

-w-

: write‑only

--x

: execute‑only

rw-

: read and write

r-x

: read and execute

-wx

: write and execute

rwx

: read, write, and execute

---

: no permissions

File vs. directory semantics

For files,

r

allows reading the content,

w

permits modifying the content, and

x

is generally irrelevant except for executable binaries. For directories,

r

lets you list entries,

w

lets you create or delete entries, and

x

allows you to enter the directory and access its contents.

Changing permissions with chmod

<code>chmod [options] &lt;mode&gt; &lt;file...&gt;</code>

Examples:

<code>chmod ugo+r a.conf
chmod u+rwx c.sh
chmod a+rw b.xml
chmod -R a+rw *
chmod 777 file   # equivalent to u=rwx,g=rwx,o=rwx
chmod 600 file   # owner read/write, others none</code>

Changing ownership with chown

<code>chown [options] user[:group] file...</code>

Example (requires root):

<code>chown tom:users d.key e.scrt
chown -R James:users *</code>

Changing group with chgrp

<code>chown user1 f1   # change group ownership</code>

Access Control Lists (ACL)

ACL extends the traditional UGO model, allowing fine‑grained permissions for individual users or groups.

Basic ACL commands

View ACL:

<code>getfacl /home/test.txt</code>

Set ACL entry:

<code>setfacl -m u:alice:rw /home/test.txt</code>

Mask permission

The mask defines the maximum effective permissions for ACL entries. It can be set with

-m

:

<code>setfacl -m m::rw- file</code>

Default permission

Default ACL entries are inherited by newly created files or sub‑directories within a directory. They are set with the

-d

option:

<code>setfacl -d d::rw- directory</code>

Important notes

Both mask and default entries use the

::

syntax.

Permissions can be expressed numerically or symbolically.

Values must be within the range

-

to

rwx

.

Practical uses of file permissions

Control user access to files.

Prevent execution of malicious programs.

Protect the integrity and confidentiality of data.

LinuxACLchmodFile PermissionsUGO
Raymond Ops
Written by

Raymond Ops

Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment