Back to Blog
Linux

Linux File Permissions Demystified: A Complete Guide

Vajo Lukic
February 20, 2024
7 min read
Linux File Permissions Demystified: A Complete Guide

If you've ever seen "Permission denied" on Linux, you've encountered the permission system. Understanding Linux file permissions is crucial for security, collaboration, and avoiding frustrating errors.

After helping countless developers debug permission issues, I've created this complete guide to demystify Linux permissions once and for all.

Understanding the Permission Model

Linux uses a simple but powerful permission system with three types of users and three types of permissions:

Three Types of Users:

  1. Owner (u) - The user who owns the file
  2. Group (g) - Users in the file's group
  3. Others (o) - Everyone else

Three Types of Permissions:

  1. Read (r) - View file contents or list directory
  2. Write (w) - Modify file or add/remove files in directory
  3. Execute (x) - Run file as program or access directory

Reading Permission Strings

When you run ls -l, you see something like this:

-rw-r--r--  1 user group  1024 Jan 15 10:30 document.txt
drwxr-xr-x  2 user group  4096 Jan 15 10:31 scripts/
-rwxr-xr-x  1 user group  2048 Jan 15 10:32 app.sh

Let's decode -rw-r--r--:

-        rw-      r--      r--
│         │        │        │
│         │        │        └─ Others: read only
│         │        └────────── Group: read only
│         └─────────────────── Owner: read + write
└───────────────────────────── File type (- = file, d = directory)

File Type Indicators:

  • - Regular file
  • d Directory
  • l Symbolic link
  • c Character device
  • b Block device

Changing Permissions with chmod

The chmod (change mode) command modifies permissions. You can use symbolic or numeric notation.

Symbolic Notation (Human-Readable)

# Add execute permission for owner
chmod u+x script.sh

# Remove write permission for group
chmod g-w file.txt

# Set exact permissions for others (read only)
chmod o=r document.txt

# Add execute for everyone
chmod a+x program.sh

# Multiple changes at once
chmod u+rw,g+r,o-rwx sensitive.txt

Numeric Notation (Faster)

Each permission has a value:

  • Read (r) = 4
  • Write (w) = 2
  • Execute (x) = 1

Add them up for each user type:

chmod 755 script.sh
       │││
       ││└─ Others: 5 (4+1) = read + execute
       │└── Group: 5 (4+1) = read + execute
       └─── Owner: 7 (4+2+1) = read + write + execute

Common Permission Patterns:

Mode Permissions Use Case
644 rw-r--r-- Regular files (docs, configs)
755 rwxr-xr-x Executable scripts and programs
700 rwx------ Private files (only owner access)
666 rw-rw-rw- Files editable by everyone
777 rwxrwxrwx Full access (⚠️ dangerous, avoid)

Real-World Examples

Making a Script Executable

# Create script
echo '#!/bin/bash
echo "Hello, World!"' > hello.sh

# Try to run (fails)
./hello.sh
# bash: ./hello.sh: Permission denied

# Make executable
chmod +x hello.sh

# Now it works
./hello.sh
# Hello, World!

Securing Sensitive Files

# SSH private key must be readable only by owner
chmod 600 ~/.ssh/id_rsa

# Configuration files
chmod 640 /etc/app/config.ini

# Web server files
chmod 644 /var/www/html/index.html
chmod 755 /var/www/html/cgi-bin/*.cgi

Team Collaboration

# Create shared project directory
mkdir /opt/project
chmod 775 /opt/project

# Files readable by team, writable by owner
chmod 664 /opt/project/*.txt

# Scripts executable by team
chmod 775 /opt/project/scripts/*.sh

Changing Ownership with chown

The chown (change owner) command changes file ownership:

# Change owner
chown newuser file.txt

# Change owner and group
chown newuser:newgroup file.txt

# Change only group
chown :newgroup file.txt
# or
chgrp newgroup file.txt

# Recursive change
chown -R user:group directory/

Practical Examples:

# Fix web server permissions
sudo chown -R www-data:www-data /var/www/html

# Transfer ownership of home directory
sudo chown -R newuser:newuser /home/newuser

# Give file to different user
sudo chown alice document.txt

Special Permissions

Beyond basic permissions, Linux has three special permission bits:

1. Setuid (4000)

When set on executable, runs with owner's permissions:

# View setuid programs
ls -l /usr/bin/passwd
# -rwsr-xr-x ... (notice 's' instead of 'x')

# Set setuid
chmod u+s program
chmod 4755 program

2. Setgid (2000)

Files created in directory inherit directory's group:

# Set setgid on directory
chmod g+s /shared/project
chmod 2775 /shared/project

3. Sticky Bit (1000)

Only file owner can delete files in directory:

# Commonly on /tmp
ls -ld /tmp
# drwxrwxrwt ... (notice 't' at end)

# Set sticky bit
chmod +t /shared/temp
chmod 1777 /shared/temp

Default Permissions with umask

The umask sets default permissions for new files:

# Check current umask
umask
# 0022

# Set new umask
umask 0027

# Files created will be 640 (666-027)
# Directories created will be 750 (777-027)

Common umask Values:

umask File Directory Use Case
0022 644 755 Default (open)
0027 640 750 Group-readable
0077 600 700 Private (secure)

Troubleshooting Permission Issues

"Permission denied" when running script:

# Check permissions
ls -l script.sh

# Fix
chmod +x script.sh

Can't modify file you own:

# Check permissions
ls -l file.txt
# -r--r--r-- ... (no write permission!)

# Fix
chmod u+w file.txt

Directory issues:

# Can't cd into directory
chmod +x directory/

# Can't list directory
chmod +r directory/

# Can't create files in directory
chmod +w directory/

Security Best Practices

  1. Principle of Least Privilege: Give minimum permissions needed
  2. Avoid 777: Never use unless absolutely necessary (and you're sure why)
  3. Protect SSH Keys: Always chmod 600 ~/.ssh/id_rsa
  4. Secure Configs: Keep sensitive configs 640 or 600
  5. Regular Audits: Periodically review permissions on critical files

Find Risky Permissions:

# Find world-writable files (dangerous)
find / -type f -perm -002 2>/dev/null

# Find setuid files (potential security risk)
find / -type f -perm -4000 2>/dev/null

# Find files with no owner
find / -nouser -o -nogroup 2>/dev/null

Quick Reference Cheat Sheet

# View permissions
ls -l file.txt

# Symbolic changes
chmod u+x file        # Add execute for owner
chmod g-w file        # Remove write for group
chmod o=r file        # Set others to read-only
chmod a+r file        # Add read for all

# Numeric changes
chmod 644 file        # rw-r--r--
chmod 755 file        # rwxr-xr-x
chmod 600 file        # rw-------
chmod 700 file        # rwx------

# Ownership
chown user file       # Change owner
chown user:group file # Change owner and group
chown -R user dir/    # Recursive change

# Special permissions
chmod u+s file        # Setuid
chmod g+s dir         # Setgid
chmod +t dir          # Sticky bit

Master Linux Permissions and More

Understanding permissions is just one piece of Linux mastery. The Practical Linux Handbook covers this topic in depth along with 70+ essential commands, file operations, process management, and system administration.

What You'll Learn:

  • Complete permission system breakdown
  • File and directory operations
  • User and group management
  • System security best practices
  • Real-world troubleshooting scenarios

Get The Book | Read Sample Chapter | Learn More


About the Author

Vajo Lukic is a software developer and Linux enthusiast who has been working with Linux systems for over a decade. Author of The Practical Linux Handbook, he specializes in making complex technical concepts accessible. Connect on Twitter or LinkedIn.


Related Posts


What permission challenge are you facing? Drop a comment and let's solve it together.

#linux#permissions#security#chmod#chown#system-administration#file-system

Enjoyed this article? Share it!

About the Author

VL

Vajo Lukic

Vajo Lukic is a technology leader with 20+ years of experience in software development and system administration. Author of The Practical Linux Handbook, he shares practical, field-tested knowledge to help developers and IT professionals master Linux fundamentals.

Read more about Vajo

Related Articles

Linux File Permissions: The Complete Beginner's Guide (chmod, chown, umask)

Linux File Permissions: The Complete Beginner's Guide (chmod, chown, umask)

Learn Linux file permissions from scratch. Understand rwx, chmod numbers, chown, and umask with clear examples that make the permission system click.

Read more →
Linux Process Management: A Complete Guide to ps, top, kill, and htop

Linux Process Management: A Complete Guide to ps, top, kill, and htop

Learn to list, monitor, and control Linux processes with ps, top, htop, and kill. Fix runaway processes, manage background jobs, and understand process states.

Read more →
Linux System Monitoring: top, htop, vmstat, and iostat Explained

Linux System Monitoring: top, htop, vmstat, and iostat Explained

Learn to monitor Linux systems with top, htop, vmstat, iostat, and free. Diagnose CPU, memory, disk, and network bottlenecks before they become outages.

Read more →

Ready to Transform Your Life?

Get the complete guide to personal transformation and start your journey today.

Get the Book