Understanding and Managing Linux File Permissions

Linux file permissions govern how users interact with files and directories—determining whether they can view, change, or run them. By carefully assigning permissions, system administrators enhance both security and access control, minimizing the risk of unauthorized access to important data.

This guide provides a practical overview of how to handle file and directory permissions in Linux. You’ll learn how permission modes work and how to apply changes using the chmod and chown commands.

Overview of Linux Permission Types

Permissions in Linux fall into three categories: read, write, and execute (abbreviated as RWX). These modes define the level of interaction allowed for files or directories. Here’s what each means:

  • Read (r): Grants visibility into file content or directory listings.
  • Write (w): Allows content editing, file creation or deletion, and renaming within a directory.
  • Execute (x): Permits running a file or traversing a directory’s structure.

Linux permissions apply to three types of users:

  • Owner: The file or directory creator.
  • Group: The user group tied to the file or directory.
  • Others: All other users on the system.

Note: When a user is both the owner and a group member, the owner’s permission settings take priority. For example, if the owner has only read access, they cannot edit or execute the file—even if the group has full access rights.

To assign group privileges to a user, use the usermod or gpasswd command to add them to the appropriate group.

How Linux Displays Permission Strings

Each file or directory’s permission status is shown as a 10-character string. You can view these permissions by running the following command:

The output begins with a character that identifies the file type, followed by three sets of three characters each—representing access for the owner, group, and others:

  • : Standard file
  • d: Directory
  • l: Symbolic link
  • b: Block device (e.g., disk drives)
  • c: Character device (e.g., terminals)
  • p: Named pipe
  • s: Socket
  • D: Door

The remaining nine characters detail permissions in this order:

  • Owner: First three characters
  • Group: Middle three characters
  • Others: Last three characters

Take the following example:

Here’s how to interpret it:

  • d: Indicates that “example.com” is a directory.
  • rwx: The owner has full rights—can read, write, and access the directory.
  • rw-: The group can read and write but not execute.
  • r–: Others can only view the directory’s contents.

How to Calculate File Permissions in Linux

In Linux, file and directory permissions are represented using binary values. Each permission type is mapped to a specific binary code and numerical value:

Permission Binary Value
Read (r) 100 4
Write (w) 010 2
Execute (x) 001 1
None (-) 000 0

Examples of combined permissions:

  • Read + Write: 4 + 2 = 6 (binary: 110, symbol: rw-)
  • Read + Execute: 4 + 1 = 5 (binary: 101, symbol: r-x)
  • Write + Execute: 2 + 1 = 3 (binary: 011, symbol: -wx)
  • All Permissions: 4 + 2 + 1 = 7 (binary: 111, symbol: rwx)

Typical Linux Permission Settings

644 Permission Breakdown

Permission Type Read (r) Write (w) Execute (x) None (-) Total Value
Owner (u) 4 2 0 0 6
Group (g) 4 0 0 0 4
Others (o) 4 0 0 0 4

With 644 permissions, the owner can read and modify the file, while group members and others are restricted to read-only access.

755 Permission Breakdown

Permission Type Read (r) Write (w) Execute (x) None (-) Total Value
Owner (u) 4 2 1 0 7
Group (g) 4 0 1 0 5
Others (o) 4 0 1 0 5

Permissions set to 755 give the owner full access, while group and other users can only read and execute the file.

777 Permission Breakdown

Permission Type Read (r) Write (w) Execute (x) None (-) Total Value
Owner (u) 4 2 1 0 7
Group (g) 4 2 1 0 7
Others (o) 4 2 1 0 7

The 777 setting enables complete access—read, write, and execute—for everyone: owner, group, and others.

Note on Root Access

The root user can bypass all standard permission restrictions. By using sudo when accessing a file or running a command, root privileges are applied—effectively ignoring the set permissions.

How to View Permissions for Files and Directories in Linux

Using the ls -l command in Linux provides a detailed view of a file or directory’s permissions, owner, group, file size, and the last modified timestamp. To display permission details of a directory itself instead of its contents, the -d option can be used.

Follow these steps to check file and directory permissions with the ls command:

Create Sample File and Directory

Start by creating a test file and directory, such as file.txt and /var/www/html:

$ touch file.txt && sudo mkdir /var/www/html

Check File Permissions

To review permissions for the file, run the following command:

The output might resemble this:

-rwxr-xr-x 1 user group 1024 Jan 1 12:00 file.txt

Explanation of the output:

  • : Indicates that file.txt is a regular file.
  • rwx: The owner has read, write, and execute permissions.
  • r-x: The group has read and execute permissions.
  • r-x: All other users also have read and execute permissions.

Check Directory Permissions

Use the ls -ld command to view permissions for the directory instead of listing its contents:

Example output:

drwxr-xr-x 2 user group 4096 Jan 1 12:30 /var/www/html

Explanation of the output:

  • d: Shows that /var/www/html is a directory.
  • rwx: The owner has full directory access (read, write, and execute).
  • r-x: The group has read and execute rights.
  • r-x: Other users also have read and execute rights.

How to Modify File and Directory Permissions in Linux

The chmod command is used to change permissions on Linux systems. It supports two modes: numeric and symbolic. Below are step-by-step instructions for using both approaches to adjust file and directory permissions.

chmod Command Syntax

The general format for using the chmod command is as follows:

$ chmod [permissions] [file or directory]

Changing Permissions with Numeric Mode

In numeric mode, permissions are set using a three-digit number, where each digit reflects the permissions for the owner, group, and others. Each digit is calculated by adding values for read (4), write (2), and execute (1):

  • Read (r): 4
  • Write (w): 2
  • Execute (x): 1
  • No access (-): 0

Examples:

Set file.txt to permission mode 755:

This sets the file so that the owner has full access, while group members and other users can read and execute the file.

Set /var/www/html directory to permission mode 755:

$ sudo chmod 755 /var/www/html

This command gives the directory full access to the owner, and read/execute access to others.

Apply permissions recursively to all contents within the directory:

$ sudo chmod -R 755 /var/www/html

All files and subdirectories under /var/www/html will inherit 755 permissions—allowing read and execute access for everyone, while only the owner can modify content.

Changing Permissions with Symbolic Mode

Symbolic mode uses letters to represent permission categories:

  • u: File or directory owner
  • g: Associated group
  • o: Other users
  • a: All users (owner, group, and others)

Operators define the action to take:

  • +: Add permission
  • -: Remove permission
  • =: Set exact permission (overwrites existing ones)

Symbolic mode syntax:

$ chmod [userclass][operator][permissions] [filename or directory]

Examples:

Grant the owner full permissions on file.txt:

Remove execute permission from the group on /var/www/html:

$ sudo chmod g-x /var/www/html

Enable read access for all users on file.txt:

Set the owner’s permissions to read-only:

Apply read and execute permissions for all users recursively to a directory:

$ sudo chmod -R a+rx /var/www/html

This sets read and execute rights for all users on /var/www/html and its contents.

Modify owner and group permissions simultaneously:

This grants read and write access to both the file owner and group members.

Set various permissions for different user classes in one command:

$ chmod u+rwx,g+w,o+x file.txt

This provides full access to the owner, write access to the group, and execute access to all others for file.txt.

How to Set Special Permissions in Linux: Sticky Bit, SUID, and SGID

Special permission bits—Sticky Bit, Set User ID (SUID), and Set Group ID (SGID)—are essential for managing secure file and directory access in multi-user environments. These permissions allow administrators to enforce additional restrictions beyond standard read, write, and execute modes.

Sticky Bit for Directory Control

The Sticky Bit is applied only to directories. When active, it ensures that only the file owner can delete, move, or rename files within the directory. It can be enabled using either symbolic or numeric notation.

To activate the Sticky Bit using symbolic mode, run the following:

$ sudo chmod +t /var/www/html

To enable Sticky Bit along with 755 permissions using numeric mode:

$ sudo chmod 1755 /var/www/html

Explanation:

  • 1: Activates the Sticky Bit
  • 7: Grants full permissions to the owner
  • 5: Grants read and execute permissions to both group and others

To confirm the Sticky Bit is set, check the directory permissions:

Sample output:

drwxr-xr-t 2 user group 4096 Jan 1 12:00 /var/www/html

The trailing t confirms the Sticky Bit is active on the directory.

Using SUID to Run Files with Owner Privileges

SUID allows a file to be executed with the file owner’s privileges, regardless of which user launches it. This is often used for scripts or programs requiring elevated rights.

Create a sample script file:

To enable SUID with symbolic mode:

To enable SUID using numeric mode:

Explanation:

  • 4: Activates the SUID bit
  • 7: Owner has read, write, and execute permissions
  • 5: Group and others can read and execute

Verify the SUID flag:

Sample output:

-rwsr-xr-x 1 root root 1024 Jan 15 20:43 hello.sh

The s in place of the owner’s execute bit confirms the SUID is active.

Using SGID to Run Files with Group Privileges

SGID allows a file or directory to be executed with the permissions of its group. For directories, files created within will inherit the parent’s group ID.

To apply SGID to the hello.sh file:

Apply SGID to a directory:

$ sudo chmod g+s /var/www/html

To use numeric mode and apply both SGID and 755 permissions to a file:

$ sudo chmod 2755 hello.sh

Explanation:

  • 2: Activates SGID
  • 7: Full owner access
  • 5: Read and execute access for group and others

Check the script’s permissions to confirm SGID is enabled:

Sample output:

-rwxr-sr-x 1 user group 123456 Jan 1 12:00 hello.sh

The s in the group section indicates the SGID bit is active.

To verify SGID on the /var/www/html directory:

Sample output:

drwxr-sr-x 2 user group 4096 Jan 1 12:00 /var/www/html

The group section r-s confirms SGID is active on the directory.

How to Change File and Directory Ownership in Linux

Use the chown command in Linux to change ownership of files and directories. This command allows you to set or update the user and group assigned to a resource. Follow the steps below to manage ownership permissions on your Linux system.

Basic Syntax of chown

The general format for changing user and group ownership is:

$ chown [options] user:group [filename/directory]

Examples of Changing Ownership

Assign ownership of file.txt to linuxuser without modifying the group ownership:

$ sudo chown linuxuser file.txt

Change only the group ownership of /var/www/html to www-data:

$ sudo chown :www-data /var/www/html

Update both user and group ownership of /var/www/html to www-data:

$ sudo chown www-data:www-data /var/www/html

Apply ownership changes recursively to the directory and all its contents:

$ sudo chown -R www-data:www-data /var/www/html

Copy ownership from an existing directory to another file using the --reference flag:

$ sudo chown --reference=/var/www/html file.txt

Verify Ownership Settings

Check the current ownership for both file.txt and the /var/www/html directory:

$ ls -l file.txt && ls -ld /var/www/html

Example output:

-rwxr-xr-- 1 www-data www-data 1024 Jan 1 12:00 file.txt
drwxr-xr-x 2 www-data www-data 4096 Jan 1 12:30 /var/www/html

Conclusion

By using chmod and chown, you’ve gained control over file and directory access on your Linux machine. Permissions define how users interact with files and directories—whether reading, modifying, or executing. For more advanced options or clarification, consult the manual pages using the following commands:


Source: vultr.com

Create a Free Account

Register now and get access to our Cloud Services.

Posts you might be interested in:

Moderne Hosting Services mit Cloud Server, Managed Server und skalierbarem Cloud Hosting für professionelle IT-Infrastrukturen

Apache Airflow on Ubuntu 24.04 with Nginx and SSL

Apache, Tutorial

This guide provides step-by-step instructions for installing and configuring the Cohere Toolkit on Ubuntu 24.04. It includes environment preparation, dependency setup, and key commands to run language models and implement Retrieval-Augmented Generation (RAG) workflows. Ideal for developers building AI applications or integrating large language models into their existing projects.

Moderne Hosting Services mit Cloud Server, Managed Server und skalierbarem Cloud Hosting für professionelle IT-Infrastrukturen

Install Ruby on Rails on Debian 12 – Complete Guide

This guide provides step-by-step instructions for installing and configuring the Cohere Toolkit on Ubuntu 24.04. It includes environment preparation, dependency setup, and key commands to run language models and implement Retrieval-Augmented Generation (RAG) workflows. Ideal for developers building AI applications or integrating large language models into their existing projects.

Moderne Hosting Services mit Cloud Server, Managed Server und skalierbarem Cloud Hosting für professionelle IT-Infrastrukturen

Install VeraCrypt on Ubuntu 24.04 for Secure Encryption

Security, Tutorial

This guide provides step-by-step instructions for installing and configuring the Cohere Toolkit on Ubuntu 24.04. It includes environment preparation, dependency setup, and key commands to run language models and implement Retrieval-Augmented Generation (RAG) workflows. Ideal for developers building AI applications or integrating large language models into their existing projects.