Linux file permissions use three distinct categories to control who can read, write, or execute your files. If you are new to Linux, understanding what are the basic linux file permissions is the first step to managing security on your system. These permissions are the core of how Linux keeps your data safe from unauthorized access.
Think of permissions like locks on doors. Each file and directory has a set of locks that determine who can open them. Without this knowledge, you might accidentally give everyone access to your private files. Let’s break it down simply.
Understanding The Permission Model
Every file in Linux belongs to an owner and a group. The system then applies permissions to three distinct sets of users. This is the foundation of everything you will learn about file security.
Three User Categories
The first thing to grasp is who the permissions apply to. There are exactly three categories:
- Owner (u): The user who created the file. This person has the most control by default.
- Group (g): A set of users who share the same group name. Multiple users can be in the same group.
- Others (o): Everyone else on the system who is not the owner and not in the group.
These categories are often abbreviated as u, g, and o in commands. You will see these letters when you start changing permissions.
Three Permission Types
For each category, there are three basic actions you can allow or deny. These are the actual permissions:
- Read (r): Allows viewing the contents of a file. For directories, it allows listing the files inside.
- Write (w): Allows modifying or deleting a file. For directories, it allows adding or removing files.
- Execute (x): Allows running a file as a program. For directories, it allows entering the directory with the cd command.
Each permission type is represented by a single letter. When a permission is denied, you will see a dash (-) in its place.
What Are The Basic Linux File Permissions In Practice
Now that you know the theory, let’s see how it looks on an actual system. This is where you will start recognizing patterns.
Viewing Permissions With Ls -L
The most common way to see permissions is using the ls -l command. Open your terminal and type it in any directory. You will see output similar to this:
-rwxr-xr-- 1 user group 1024 Jan 1 12:00 example.txtThe first ten characters are the permission string. Let’s decode it step by step:
- First character: Indicates the file type. A dash (-) means a regular file. A ‘d’ means a directory.
- Next three characters: Permissions for the owner (rwx in this example).
- Next three characters: Permissions for the group (r-x here).
- Last three characters: Permissions for others (r– here).
So -rwxr-xr-- means the owner can read, write, and execute. The group can read and execute but not write. Others can only read.
Understanding The Permission String
Every permission string follows the same structure. You will see three groups of three characters. Each group represents one user category in order: owner, group, others.
For a directory, the string starts with ‘d’ instead of ‘-‘. For example:
drwxr-xr-x 2 user group 4096 Jan 1 12:00 myfolderThis means the owner has full access to the directory. The group and others can list files and enter the directory, but cannot create or delete files.
Changing Permissions With Chmod
The chmod command is how you modify permissions. You can use either symbolic mode (letters) or numeric mode (numbers). Both methods work, but numeric is often faster once you learn it.
Symbolic Mode
In symbolic mode, you specify the user category, the operation, and the permission. The basic syntax is:
chmod [who][operator][permission] filenameHere is how it works:
- Who: u (owner), g (group), o (others), a (all).
- Operator: + (add), – (remove), = (set exactly).
- Permission: r, w, x.
Example commands:
chmod u+x script.sh– Adds execute permission for the owner.chmod g-w file.txt– Removes write permission for the group.chmod o=r file.txt– Sets others to read-only.chmod a+rx folder– Adds read and execute for everyone.
You can combine multiple changes in one command. For instance, chmod u+rwx,g+rx,o+r file sets different permissions for each category at once.
Numeric Mode (Octal)
Numeric mode uses a three-digit number to represent permissions. Each digit is a sum of values for read, write, and execute:
- Read (r) = 4
- Write (w) = 2
- Execute (x) = 1
To calculate a permission set, add the values together. For example:
- rwx = 4+2+1 = 7
- r-x = 4+0+1 = 5
- r– = 4+0+0 = 4
- — = 0+0+0 = 0
The three digits correspond to owner, group, and others. So chmod 755 file sets owner to 7 (rwx), group to 5 (r-x), and others to 5 (r-x). This is a very common permission set for executable files.
Common numeric permissions include:
- 777: Everyone can do everything. Very insecure. Avoid unless necessary.
- 755: Owner has full access; others can read and execute. Standard for programs.
- 700: Only owner has full access. Good for private scripts.
- 644: Owner can read and write; others can only read. Standard for text files.
- 600: Only owner can read and write. Used for sensitive files like SSH keys.
Special Permissions: Setuid, Setgid, And Sticky Bit
Beyond the basic three, Linux has three special permissions that add extra control. These are less common but important to know.
Setuid (Set User Id)
When set on an executable file, it runs with the permissions of the file’s owner, not the user who runs it. This is represented by an ‘s’ in the owner’s execute position. For example, -rwsr-xr-x. Use chmod u+s filename to set it.
Setgid (Set Group Id)
On a file, it runs with the group of the file. On a directory, new files created inside inherit the directory’s group. This is shown as an ‘s’ in the group’s execute position. Use chmod g+s directory.
Sticky Bit
Mostly used on directories like /tmp. It prevents users from deleting files they do not own, even if they have write permission on the directory. It appears as a ‘t’ in the others’ execute position. Use chmod +t directory.
Changing Owner And Group With Chown And Chgrp
Sometimes you need to change who owns a file. The chown command changes the owner, and chgrp changes the group. You need root privileges for most of these operations.
Using Chown
The basic syntax is:
sudo chown newowner filenameTo change both owner and group at once:
sudo chown newowner:newgroup filenameFor example, sudo chown alice:developers project.sh sets the owner to alice and the group to developers.
Using Chgrp
If you only need to change the group, use:
sudo chgrp newgroup filenameThis is simpler than chown when the owner stays the same.
Default Permissions With Umask
When you create a new file or directory, Linux assigns default permissions based on the umask value. The umask subtracts permissions from the base value of 666 for files and 777 for directories.
How Umask Works
The umask is a three-digit number that specifies which permissions to remove. For example, a umask of 022 means write permission is removed for group and others.
- File base: 666 – 022 = 644 (rw-r–r–)
- Directory base: 777 – 022 = 755 (rwxr-xr-x)
To view your current umask, type umask in the terminal. To change it temporarily, use umask 027. To make it permanent, add the command to your shell configuration file like .bashrc or .profile.
Common umask values:
- 022: Default on many systems. Group and others can read but not write.
- 027: Group can read but not write; others have no access.
- 077: Only owner has any access. Very restrictive.
Practical Examples For Everyday Use
Let’s apply what you have learned to real scenarios. These examples will help you remember the commands.
Making A Script Executable
You wrote a bash script called backup.sh. To run it, you need execute permission:
chmod +x backup.sh
./backup.shThis adds execute for everyone. For better security, use chmod 755 backup.sh or chmod u+x backup.sh to only allow the owner to execute.
Protecting A Private File
You have a file with passwords. Only you should see it:
chmod 600 secrets.txtNow only the owner can read or write. Group and others have no access.
Sharing A Directory With A Group
You want your team to collaborate in a folder. Set the group and permissions:
sudo chgrp developers shared_folder
chmod 770 shared_folderNow owner and group have full access. Others are locked out.
Using Recursive Changes
To apply permissions to a directory and all its contents, use the -R option:
chmod -R 755 myproject/Be careful with recursive changes. They can break your system if used on critical directories.
Common Mistakes And How To Avoid Them
Even experienced users make errors with permissions. Here are the most frequent pitfalls.
Using 777 Unnecessarily
Setting permissions to 777 is rarely needed. It gives everyone full control, which is a security risk. Instead, determine the minimum permissions required. For a web server, 755 or 644 is usually enough.
Forgetting The Execute Bit On Directories
Without execute permission on a directory, you cannot enter it with cd. Even if you have read permission, you cannot list files without execute. Always include x for directories you want to access.
Changing Permissions On System Files
Never run chmod on system directories like /etc, /bin, or /usr unless you know exactly what you are doing. A wrong command can break your operating system.
Ignoring The Umask
If your new files always have wrong permissions, check your umask. A restrictive umask like 077 can prevent other users from accessing files you intend to share.
Checking Permissions On A File
Besides ls -l, you can use the stat command for detailed information:
stat filenameThis shows the file’s permissions in both symbolic and numeric form, along with owner, group, and timestamps. It is useful for scripting or when you need exact values.
Permissions And Security Best Practices
Good permission management is essential for a secure Linux system. Follow these guidelines:
- Always use the principle of least privilege. Give only the permissions needed.
- Regularly audit important directories with
ls -lorfindcommands. - Never set executable permissions on files that are not programs.
- Use groups to manage access for multiple users instead of changing individual permissions.
- Set restrictive umask for sensitive environments like servers.
- Backup permission settings before making large changes.
Frequently Asked Questions
What Is The Difference Between Chmod And Chown?
Chmod changes the permissions (read, write, execute) on a file or directory. Chown changes the owner and group of the file. You use chmod to control what actions are allowed, and chown to control who owns the file.
How Do I Set Permissions For Multiple Files At Once?
Use wildcards with chmod. For example, chmod 644 *.txt sets all text files to 644. You can also use the find command for more complex patterns, like find . -type f -name "*.sh" -exec chmod 755 {} \;.
Why Can’t I Run A Script Even Though It Has Execute Permission?
Check if the script has a proper shebang line at the top, like #!/bin/bash. Also ensure the file system is not mounted with the noexec option. Run mount to check mount options.
What Does The ‘S’ In Permissions Mean?
The ‘s’ indicates a special permission. In the owner’s position, it means setuid. In the group’s position, it means setgid. These allow the file to run with elevated privileges. Use them sparingly due to security risks.
How Do I Restore Default Permissions On A File?
There is no single “default” command. You need to know the intended permissions. For most user files, 644 is standard. For directories, 755. You can also copy permissions from another file using chmod --reference=sourcefile targetfile.
Final Thoughts On Mastering Permissions
Understanding what are the basic linux file permissions gives you control over your system’s security. Start by practicing with test files in a safe directory. Use ls -l to check your work after every change. Over time, the numeric codes will become second nature.
Remember that permissions are not just about restrictions. They enable collaboration and protect sensitive data. A well-configured permission system makes your Linux experience smoother and safer. Keep experimenting, and soon you will manage permissions without thinking twice.