{
  "id": "file-permissions",
  "title": "File Ownership & Permissions",
  "category": "sysadmin",
  "tags": ["chown", "chmod", "permissions", "ownership", "ls"],
  "updated": "2025-10-07",
  "summary": "Understanding and fixing file ownership and permission bits.",
  "sections": [
    {
      "heading": "Reading the Permission String",
      "body": "<p>Run <code>ls -l</code> to see permissions. The first column looks like <code>-rwxr-xr--</code>.</p><ul><li>First character: <code>-</code> file, <code>d</code> directory, <code>l</code> symlink</li><li>Next three: owner read/write/execute</li><li>Next three: group read/write/execute</li><li>Last three: others read/write/execute</li></ul><p><code>r</code>=4, <code>w</code>=2, <code>x</code>=1. Add them up for octal notation: <code>rwx</code>=7, <code>rw-</code>=6, <code>r--</code>=4.</p>"
    },
    {
      "heading": "chown — Changing Ownership",
      "body": "<p>Change the owner and/or group of a file or directory.</p>",
      "code": "chown user file               # change owner only\nchown user:group file         # change owner and group\nchown :group file             # change group only\n\n# Recursive — change everything under a directory\nchown -R user:group /path/to/dir"
    },
    {
      "heading": "chmod — Changing Permissions",
      "body": "",
      "code": "chmod 644 file.txt            # rw-r--r-- (typical for files)\nchmod 755 /usr/local/bin/app  # rwxr-xr-x (typical for executables)\nchmod 700 ~/.ssh              # rwx------ (private directory)\nchmod 600 ~/.ssh/authorized_keys  # rw------- (private file)\n\n# Recursive\nchmod -R 755 /var/www/html\n\n# Symbolic form (add execute for owner only)\nchmod u+x script.sh"
    },
    {
      "heading": "Common Patterns",
      "body": "<table><tr><th>Mode</th><th>Numeric</th><th>Typical use</th></tr><tr><td><code>rw-r--r--</code></td><td>644</td><td>Regular files, config files</td></tr><tr><td><code>rwxr-xr-x</code></td><td>755</td><td>Directories, executables</td></tr><tr><td><code>rwx------</code></td><td>700</td><td>Private directories (e.g. ~/.ssh)</td></tr><tr><td><code>rw-------</code></td><td>600</td><td>Private files (e.g. private keys, authorized_keys)</td></tr><tr><td><code>rwxrwxr-x</code></td><td>775</td><td>Shared directories where the group needs write access</td></tr></table>"
    },
    {
      "heading": "Checking Who Owns What",
      "body": "",
      "code": "ls -la /var/www/html          # list with ownership\nstat file.txt                 # detailed file metadata\nfind /path -user root         # find files owned by root\nfind /path -not -user deploy  # find files NOT owned by deploy"
    },
    {
      "heading": "A Note on Recursive chown",
      "body": "<p>When you run <code>chown -R</code>, it changes <em>everything</em> under the path—including files and subdirectories that may have intentionally different ownership. Know what you are targeting before running it on a live system. Check with <code>ls -laR</code> or <code>find</code> first.</p>"
    }
  ]
}