Back to Blog
Linux

Linux File Permissions: The Complete Beginner's Guide (chmod, chown, umask)

Vajo Lukic
June 20, 2026
7 min read
Linux File Permissions: The Complete Beginner's Guide (chmod, chown, umask)

Linux file permissions control who can read, write, and execute every file and directory on your system. Once you understand how they work, you can fix "Permission denied" errors, secure your files, and stop guessing at chmod numbers.

This guide covers everything from the basics to the commands you'll actually use every day.

How Linux File Permissions Work

Linux assigns permissions to three groups of users:

  • Owner (u) — the user who created or owns the file
  • Group (g) — a set of users that share access
  • Others (o) — everyone else on the system

For each group, three types of access can be granted:

  • Read (r) — view file contents, or list a directory
  • Write (w) — modify a file, or add/remove files in a directory
  • Execute (x) — run a file as a program, or enter a directory

Reading the Permission String

Run ls -l to see permissions:

-rw-r--r--  1  alice  staff  4096  Jun 20  notes.txt
drwxr-xr-x  2  alice  staff   128  Jun 20  projects/

The first 10 characters are the permission string. Break it down:

- rw- r-- r--
│  │   │   └─ others: read only
│  │   └───── group: read only
│  └───────── owner: read and write
└──────────── file type: - = file, d = directory, l = symlink

What the letters mean in practice

Symbol On a file On a directory
r Can read file contents Can list contents with ls
w Can edit or delete the file Can create/delete files inside
x Can run it as a program Can cd into it
- Permission not granted Permission not granted

The chmod Command

chmod changes permissions. It has two modes: symbolic and numeric.

Symbolic Mode

chmod u+x script.sh      # add execute for owner
chmod g-w shared.txt     # remove write from group
chmod o=r public.html    # set others to read-only
chmod a+r readme.txt     # add read for all (owner, group, others)

The letters: u = user/owner, g = group, o = others, a = all three. The operators: + adds, - removes, = sets exactly.

Numeric (Octal) Mode

Each permission has a number: read = 4, write = 2, execute = 1. Add them up for each group.

Value Permissions Symbolic
7 read + write + execute rwx
6 read + write rw-
5 read + execute r-x
4 read only r--
0 no permissions ---

Common permission patterns:

chmod 755 script.sh    # owner: rwx, group: r-x, others: r-x
chmod 644 config.txt   # owner: rw-, group: r--, others: r--
chmod 600 private.key  # owner: rw-, group: ---, others: ---
chmod 700 secrets/     # owner: rwx, group: ---, others: ---

The most common mistake: using chmod 777 (all permissions for everyone). This is almost never the right answer — it opens your files to any user on the system.

Recursive chmod

To change permissions on a directory and everything inside it:

chmod -R 755 /var/www/html/

Use -R with care — it changes every file and subdirectory.

The chown Command

chown changes who owns a file. You typically need sudo to change ownership.

sudo chown alice notes.txt          # change owner to alice
sudo chown alice:developers proj/   # change owner and group
sudo chown -R www-data /var/www/    # change ownership recursively
sudo chown :staff shared.txt        # change group only (same as chgrp)

Check current ownership with ls -l — the third and fourth columns show owner and group.

The chgrp Command

chgrp changes the group associated with a file:

sudo chgrp developers project/
sudo chgrp -R www-data /var/www/

This is equivalent to sudo chown :developers project/ — both work.

Understanding umask

When you create a new file, its starting permissions are set by umask. The umask is a value that's subtracted from the maximum permissions (666 for files, 777 for directories).

Check your current umask:

umask
# 0022

With umask 0022:

  • New files get 666 - 022 = 644 (rw-r--r--)
  • New directories get 777 - 022 = 755 (rwxr-xr-x)

Common umask values:

umask New files New directories Use case
0022 644 755 Standard — others can read, not write
0027 640 750 Stricter — group can read, others get nothing
0077 600 700 Private — only owner can access

Set umask in your shell session:

umask 0027

To make it permanent, add it to ~/.bashrc or ~/.zshrc.

Special Permissions: SUID, SGID, Sticky Bit

Three less common permissions appear in specific situations:

SUID (Set User ID) — mode 4000

When set on an executable, it runs with the owner's permissions instead of the caller's. This is how passwd lets regular users change their own password (the /usr/bin/passwd binary is owned by root with SUID).

ls -l /usr/bin/passwd
# -rwsr-xr-x  1  root  root  ...
#    ^ 's' here = SUID

SGID (Set Group ID) — mode 2000

On a directory, files created inside inherit the directory's group instead of the creator's default group. Useful for shared project directories.

chmod g+s /shared/project/

Sticky Bit — mode 1000

On a directory, only the file's owner (or root) can delete it, even if others have write permission. This is how /tmp works — everyone can write to it, but only each user can delete their own files.

ls -ld /tmp
# drwxrwxrwt  ...
#          ^ 't' = sticky bit

Practical Examples

Make a script executable

chmod +x deploy.sh
./deploy.sh

Secure a private key file

SSH refuses to use key files that are too open:

chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 700 ~/.ssh/

Set up a shared directory

sudo chown :developers /shared/code/
sudo chmod 775 /shared/code/
sudo chmod g+s /shared/code/    # new files inherit the group

Fix a "Permission denied" error

ls -l filename       # check current permissions
whoami               # check who you are
ls -l /path/to/dir   # check directory permissions too

If you own the file, chmod fixes it. If someone else owns it, you need sudo or to ask an admin.

Quick Reference

chmod 755 file     # standard executable: rwxr-xr-x
chmod 644 file     # standard readable: rw-r--r--
chmod 600 file     # private: rw-------
chmod 700 dir/     # private directory: rwx------
chmod +x file      # add execute for owner
chmod -R 755 dir/  # apply recursively
chown user file    # change owner
chown user:group file  # change owner and group
umask              # show current umask

Next Step

File permissions are one piece of the Linux security model. The full picture includes users and groups, sudo access, and SSH key management — all covered in The Practical Linux Handbook.

For the complete reference on permissions with real-world scenarios, see the Linux File Permissions Guide.

Get The Practical Linux Handbook
Read a free sample
All Linux topics

#linux#permissions#chmod#chown#umask#file-system#security#beginners

Enjoyed this article? Share it!

About the Author

VL

Vajo Lukic

Vajo Lukic is a technology leader with 20+ years of experience in software development and system administration. Author of The Practical Linux Handbook, he shares practical, field-tested knowledge to help developers and IT professionals master Linux fundamentals.

Read more about Vajo

Related Articles

Linux File Permissions Demystified: A Complete Guide

Linux File Permissions Demystified: A Complete Guide

Confused by Linux file permissions? This comprehensive guide breaks down chmod, chown, and permission modes with practical examples that make everything crystal clear.

Read more →
SSH Remote Access: Step-by-Step Guide for Linux Beginners

SSH Remote Access: Step-by-Step Guide for Linux Beginners

Learn to connect to Linux systems remotely with SSH. From your first ssh command to key-based authentication, port forwarding, and secure configuration.

Read more →
Linux Shell Scripting for Beginners: From Zero to Your First Script

Linux Shell Scripting for Beginners: From Zero to Your First Script

Learn Linux shell scripting from scratch. Variables, conditionals, loops, and functions explained with practical examples you can use immediately.

Read more →

Ready to Transform Your Life?

Get the complete guide to personal transformation and start your journey today.

Get the Book