granular permissions

What GNU/Linux commands can be used to change permissions granularly?

In GNU/Linux, there are several commands and utilities that can be used to change permissions granularly. These commands allow you to modify permissions on files and directories with fine control. Here are a few commands that provide granular permission control:

  1. chmod: The chmod command allows you to change permissions for files and directories using both numeric and symbolic representations. It provides fine-grained control over read, write, and execute permissions for the owner, group, and others.

    Example (using symbolic notation):

    chmod u+x,g-w,o=r file.txt


    • u+x: Adds execute permission for the owner.
    • g-w: Removes write permission for the group.
    • o=r: Sets read permission for others.
  2. chown: The chown command is used to change the ownership of files and directories. It's useful for transferring ownership between users or changing the group ownership.

    Example (changing owner and group):

    chown newowner:newgroup file.txt
  3. chgrp: The chgrp command changes the group ownership of files and directories.

    Example (changing group ownership):

    chgrp newgroup file.txt
  4. setfacl: The setfacl command allows you to set Access Control Lists (ACLs) for files and directories. ACLs provide more advanced permission management by allowing you to specify permissions for specific users and groups beyond the basic owner, group, and others.

    Example (adding ACL entry):

    setfacl -m u:username:rwx file.txt


    • -m: Modifies the ACL.
    • u:username:rwx: Grants read, write, and execute permissions to the specified user.
  5. getfacl: The getfacl command displays the ACL information for files and directories, showing both the traditional UNIX permissions and any extended ACL entries.

    Example (viewing ACL):

    getfacl file.txt
  6. chmod with Numeric Representation: As mentioned earlier, the chmod command can be used with numeric representation to set precise permissions. Each permission (read, write, execute) is assigned a value, and these values are combined to define the permission set.


    chmod 640 file.txt


    • 6: Owner has read and write permissions.
    • 4: Group has read permission.
    • 0: Others have no permissions.

These commands provide various ways to control permissions on a granular level, giving you the flexibility to manage access to files and directories according to your needs. Always make sure to use these commands carefully to avoid unintentional changes to your system's permissions.

You should also read: