Linux File Permissions Demystified: A Complete Guide

If you've ever seen "Permission denied" on Linux, you've encountered the permission system. Understanding Linux file permissions is crucial for security, collaboration, and avoiding frustrating errors.
After helping countless developers debug permission issues, I've created this complete guide to demystify Linux permissions once and for all.
Understanding the Permission Model
Linux uses a simple but powerful permission system with three types of users and three types of permissions:
Three Types of Users:
- Owner (u) - The user who owns the file
- Group (g) - Users in the file's group
- Others (o) - Everyone else
Three Types of Permissions:
- Read (r) - View file contents or list directory
- Write (w) - Modify file or add/remove files in directory
- Execute (x) - Run file as program or access directory
Reading Permission Strings
When you run ls -l, you see something like this:
-rw-r--r-- 1 user group 1024 Jan 15 10:30 document.txt
drwxr-xr-x 2 user group 4096 Jan 15 10:31 scripts/
-rwxr-xr-x 1 user group 2048 Jan 15 10:32 app.sh
Let's decode -rw-r--r--:
- rw- r-- r--
│ │ │ │
│ │ │ └─ Others: read only
│ │ └────────── Group: read only
│ └─────────────────── Owner: read + write
└───────────────────────────── File type (- = file, d = directory)
File Type Indicators:
-Regular filedDirectorylSymbolic linkcCharacter devicebBlock device
Changing Permissions with chmod
The chmod (change mode) command modifies permissions. You can use symbolic or numeric notation.
Symbolic Notation (Human-Readable)
# Add execute permission for owner
chmod u+x script.sh
# Remove write permission for group
chmod g-w file.txt
# Set exact permissions for others (read only)
chmod o=r document.txt
# Add execute for everyone
chmod a+x program.sh
# Multiple changes at once
chmod u+rw,g+r,o-rwx sensitive.txt
Numeric Notation (Faster)
Each permission has a value:
- Read (r) = 4
- Write (w) = 2
- Execute (x) = 1
Add them up for each user type:
chmod 755 script.sh
│││
││└─ Others: 5 (4+1) = read + execute
│└── Group: 5 (4+1) = read + execute
└─── Owner: 7 (4+2+1) = read + write + execute
Common Permission Patterns:
| Mode | Permissions | Use Case |
|---|---|---|
| 644 | rw-r--r-- | Regular files (docs, configs) |
| 755 | rwxr-xr-x | Executable scripts and programs |
| 700 | rwx------ | Private files (only owner access) |
| 666 | rw-rw-rw- | Files editable by everyone |
| 777 | rwxrwxrwx | Full access (⚠️ dangerous, avoid) |
Real-World Examples
Making a Script Executable
# Create script
echo '#!/bin/bash
echo "Hello, World!"' > hello.sh
# Try to run (fails)
./hello.sh
# bash: ./hello.sh: Permission denied
# Make executable
chmod +x hello.sh
# Now it works
./hello.sh
# Hello, World!
Securing Sensitive Files
# SSH private key must be readable only by owner
chmod 600 ~/.ssh/id_rsa
# Configuration files
chmod 640 /etc/app/config.ini
# Web server files
chmod 644 /var/www/html/index.html
chmod 755 /var/www/html/cgi-bin/*.cgi
Team Collaboration
# Create shared project directory
mkdir /opt/project
chmod 775 /opt/project
# Files readable by team, writable by owner
chmod 664 /opt/project/*.txt
# Scripts executable by team
chmod 775 /opt/project/scripts/*.sh
Changing Ownership with chown
The chown (change owner) command changes file ownership:
# Change owner
chown newuser file.txt
# Change owner and group
chown newuser:newgroup file.txt
# Change only group
chown :newgroup file.txt
# or
chgrp newgroup file.txt
# Recursive change
chown -R user:group directory/
Practical Examples:
# Fix web server permissions
sudo chown -R www-data:www-data /var/www/html
# Transfer ownership of home directory
sudo chown -R newuser:newuser /home/newuser
# Give file to different user
sudo chown alice document.txt
Special Permissions
Beyond basic permissions, Linux has three special permission bits:
1. Setuid (4000)
When set on executable, runs with owner's permissions:
# View setuid programs
ls -l /usr/bin/passwd
# -rwsr-xr-x ... (notice 's' instead of 'x')
# Set setuid
chmod u+s program
chmod 4755 program
2. Setgid (2000)
Files created in directory inherit directory's group:
# Set setgid on directory
chmod g+s /shared/project
chmod 2775 /shared/project
3. Sticky Bit (1000)
Only file owner can delete files in directory:
# Commonly on /tmp
ls -ld /tmp
# drwxrwxrwt ... (notice 't' at end)
# Set sticky bit
chmod +t /shared/temp
chmod 1777 /shared/temp
Default Permissions with umask
The umask sets default permissions for new files:
# Check current umask
umask
# 0022
# Set new umask
umask 0027
# Files created will be 640 (666-027)
# Directories created will be 750 (777-027)
Common umask Values:
| umask | File | Directory | Use Case |
|---|---|---|---|
| 0022 | 644 | 755 | Default (open) |
| 0027 | 640 | 750 | Group-readable |
| 0077 | 600 | 700 | Private (secure) |
Troubleshooting Permission Issues
"Permission denied" when running script:
# Check permissions
ls -l script.sh
# Fix
chmod +x script.sh
Can't modify file you own:
# Check permissions
ls -l file.txt
# -r--r--r-- ... (no write permission!)
# Fix
chmod u+w file.txt
Directory issues:
# Can't cd into directory
chmod +x directory/
# Can't list directory
chmod +r directory/
# Can't create files in directory
chmod +w directory/
Security Best Practices
- Principle of Least Privilege: Give minimum permissions needed
- Avoid 777: Never use unless absolutely necessary (and you're sure why)
- Protect SSH Keys: Always
chmod 600 ~/.ssh/id_rsa - Secure Configs: Keep sensitive configs 640 or 600
- Regular Audits: Periodically review permissions on critical files
Find Risky Permissions:
# Find world-writable files (dangerous)
find / -type f -perm -002 2>/dev/null
# Find setuid files (potential security risk)
find / -type f -perm -4000 2>/dev/null
# Find files with no owner
find / -nouser -o -nogroup 2>/dev/null
Quick Reference Cheat Sheet
# View permissions
ls -l file.txt
# Symbolic changes
chmod u+x file # Add execute for owner
chmod g-w file # Remove write for group
chmod o=r file # Set others to read-only
chmod a+r file # Add read for all
# Numeric changes
chmod 644 file # rw-r--r--
chmod 755 file # rwxr-xr-x
chmod 600 file # rw-------
chmod 700 file # rwx------
# Ownership
chown user file # Change owner
chown user:group file # Change owner and group
chown -R user dir/ # Recursive change
# Special permissions
chmod u+s file # Setuid
chmod g+s dir # Setgid
chmod +t dir # Sticky bit
Master Linux Permissions and More
Understanding permissions is just one piece of Linux mastery. The Practical Linux Handbook covers this topic in depth along with 70+ essential commands, file operations, process management, and system administration.
What You'll Learn:
- Complete permission system breakdown
- File and directory operations
- User and group management
- System security best practices
- Real-world troubleshooting scenarios
Get The Book | Read Sample Chapter | Learn More
About the Author
Vajo Lukic is a software developer and Linux enthusiast who has been working with Linux systems for over a decade. Author of The Practical Linux Handbook, he specializes in making complex technical concepts accessible. Connect on Twitter or LinkedIn.
Related Posts
- Linux File Permissions Guide: chmod, chown & umask Complete Reference — the full command reference with real-world scenarios
- Linux File Permissions: The Complete Beginner's Guide — start here if you're new to permissions
- 10 Essential Linux Commands Every Developer Should Master
- Mastering the Linux Terminal: From Beginner to Power User
What permission challenge are you facing? Drop a comment and let's solve it together.
Enjoyed this article? Share it!
About the Author
Vajo Lukic
Vajo Lukic is a technology leader with 20+ years of experience in software development and system administration. Author of The Practical Linux Handbook, he shares practical, field-tested knowledge to help developers and IT professionals master Linux fundamentals.
Read more about VajoRelated Articles

Linux File Permissions: The Complete Beginner's Guide (chmod, chown, umask)
Learn Linux file permissions from scratch. Understand rwx, chmod numbers, chown, and umask with clear examples that make the permission system click.
Read more →
Linux Process Management: A Complete Guide to ps, top, kill, and htop
Learn to list, monitor, and control Linux processes with ps, top, htop, and kill. Fix runaway processes, manage background jobs, and understand process states.
Read more →
Linux System Monitoring: top, htop, vmstat, and iostat Explained
Learn to monitor Linux systems with top, htop, vmstat, iostat, and free. Diagnose CPU, memory, disk, and network bottlenecks before they become outages.
Read more →Ready to Transform Your Life?
Get the complete guide to personal transformation and start your journey today.
Get the Book