# Managing File Permissions with chmod and chown: Essential Unix Commands > Master Unix file permissions using chmod and chown. Learn to manage read, write, and execute access for users and groups. Essential commands for secure file management. - Repository: [Joshua Levy/the-art-of-command-line](https://github.com/jlevy/the-art-of-command-line) - Tags: - Published: 2026-02-24 --- **The `chmod` and `chown` commands are the primary Unix utilities for modifying file access rights and ownership, directly updating inode metadata to control read, write, and execute permissions across users and groups.** The jlevy/the-art-of-command-line repository identifies managing file permissions with chmod and chown as fundamental primitives for any Unix-like system administrator. Both commands operate on the same underlying inode metadata that the kernel uses to enforce access control, updating permission fields that subsequent system calls like `open()`, `read()`, or `execute()` check against. ## How chmod Modifies Permission Bits The `chmod` command changes a file’s *mode*—the read, write, and execute bits for the owner, group, and others. According to the source documentation in [`README.md`](https://github.com/jlevy/the-art-of-command-line/blob/main/README.md) at line 68, knowing the octal representation (e.g., `chmod 755`) is often more reliable than parsing symbolic output from `ls -l`. You can specify permissions using two formats: **Octal notation** uses three digits representing owner, group, and others (4=read, 2=write, 1=execute): ```bash # Owner: read/write (6), Group: read (4), Others: no access (0) chmod 640 /path/to/config.file ``` **Symbolic notation** uses letters (`u` for user/owner, `g` for group, `o` for others, `a` for all) and operators (`+`, `-`, `=`): ```bash # Equivalent to 640: owner gets read/write, group gets read, others get nothing chmod u=rw,g=r,o= /path/to/config.file ``` ## How chown Changes File Ownership While `chmod` controls what can be done, `chown` controls who can do it by modifying the file’s owner and group IDs stored in the inode. The standard syntax uses a colon to separate user and group: ```bash # Change owner to 'alice' and group to 'developers' chown alice:developers /path/to/project.file ``` This is essential when moving files into user home directories or aligning group ownership for collaborative project directories. ## Recursive Permission Management Both commands accept the `-R` flag to walk directory trees, which the guide recommends for setting up project skeletons or tightening security on legacy directories. ```bash # Recursively make a directory readable only by its owner chmod -R go= /secure/dir chown -R alice:alice /secure/dir ``` For targeted changes across file types, combine `find` with `chmod` rather than making everything executable: ```bash # Make only shell scripts executable, recursively find /my/scripts -name '*.sh' -exec chmod +x {} + ``` ## Verifying Permission Changes The repository recommends using `stat` for precise verification of both symbolic and octal representations: ```bash # Display permissions in human-readable (%A) and octal (%a) formats stat -c '%A %a %n' /path/to/file ``` This outputs something like `-rw-r----- 640 filename`, confirming that `chmod 640` applied correctly. ## Key Source Files in the-art-of-command-line The following files contain the canonical documentation for these commands: - **[`README.md`](https://github.com/jlevy/the-art-of-command-line/blob/main/README.md)** (line 68): Primary English documentation listing `chmod` and `chown` as essential basic file-management tools. - **[`README-zh.md`](https://github.com/jlevy/the-art-of-command-line/blob/main/README-zh.md)** (line 66): Chinese translation providing the same permission management guidance for non-English readers. - **[`CONTRIBUTING.md`](https://github.com/jlevy/the-art-of-command-line/blob/main/CONTRIBUTING.md)**: Guidelines for adding OS-specific permission notes or clarifying edge cases. - **[`AUTHORS.md`](https://github.com/jlevy/the-art-of-command-line/blob/main/AUTHORS.md)**: Demonstrates the collaborative nature of the guide, where contributors add platform-specific variations of these commands. ## Summary - **`chmod`** updates permission bits (read/write/execute) using either octal notation (e.g., `640`) or symbolic mode (e.g., `u=rw,g=r,o=`). - **`chown`** modifies the user and group ownership of files and directories using the `user:group` syntax. - Both utilities operate directly on inode metadata and support recursive operation via the `-R` flag for directory trees. - Use `stat -c '%A %a %n'` to verify permissions in both human-readable and numeric formats. - The jlevy/the-art-of-command-line repository documents these as essential primitives in its basic file management section. ## Frequently Asked Questions ### What is the difference between chmod and chown? **`chmod`** changes what actions (read, write, execute) can be performed on a file by the owner, group, or others, while **`chown`** changes which user and group actually own the file. You use `chmod` to adjust access rights within the current ownership structure, and `chown` when you need to transfer custody of the file to a different user or group entirely. ### When should I use octal notation versus symbolic mode for chmod? Use **octal notation** (e.g., `chmod 755`) when you need to set absolute permissions quickly and reliably, as recommended in the source documentation. Use **symbolic mode** (e.g., `chmod u+x`) when you need to modify specific bits relative to current permissions—such as adding execute rights for the owner without changing group or other permissions. ### How do I recursively change permissions for an entire directory tree? Append the `-R` flag to either command to apply changes recursively. For example, `chmod -R 750 /path/to/dir` sets permissions for all files and subdirectories, while `chown -R user:group /path/to/dir` transfers ownership of the entire tree. Always verify the scope with `find` first to avoid unintended changes to sensitive files. ### Can I change file ownership without sudo or root access? **No.** Changing a file’s owner (the first field in `user:group`) requires superuser privileges because it involves modifying the inode’s UID field, which affects security boundaries. However, you can change the group to any group you belong to without elevated privileges, using `chown :newgroup file` or the `chgrp` command.