Linux File Permissions Simplified | A Complete Guide With Examples

0 min read

Linux is a powerful and versatile multi-user operating system that is widely used by multiple businesses and individuals around the world. One of the key features of Linux is its advanced file permission system, which provides users with a high degree of control over how files are accessed, modified, and shared.

It is safe to say that Linux's powerful file permission system is a cornerstone of its security and multi-user capabilities. Understanding how to manage these permissions is essential for safeguarding data and ensuring proper access controls. In this article, we will discuss file permissions in Linux in detail, including types of permissions, how to change them, and more, offering clear explanations and practical examples. By the end of it, you will confidently navigate and configure file access in your system.

What Are Linux File Permissions?

In Linux, file permissions are a fundamental component of the system's security model. They determine who can access, modify, or execute files and directories, ensuring that only authorized users can perform specific actions.​

Why Are File Permissions Important?

Linux is a multi-user operating system, meaning multiple users can operate on the same system simultaneously. Without a robust permission system, any user could potentially access or modify another user's files, leading to security breaches or data loss. File permissions help in:​

• Protecting Sensitive Data: Ensuring that only authorized users can access confidential files.
• Maintaining System Integrity: Preventing unauthorized modifications to system files that could compromise the OS.
• Facilitating Collaboration: Allowing controlled access to shared resources among groups.​

By setting appropriate permissions, administrators can enforce the principle of least privilege, granting users only the access necessary for their tasks.

Types Of Linux File Permissions & Ownership Groups

Linux permissions are a set of attributes that determine who can access a file or directory and what they can do with it. In this section, we will discuss the basic permissions, the various ownership groups, and how to read the file permissions in Linux.

1. Basic File Permissions

The Linux file permissions are designed to provide security by preventing unauthorized access to sensitive files and directories. There are three types of permissions and each of these is represented by a single letter, as follows:

• r (read): This permission authorizes a user to read file content. For directories, it permits listing the names of files within the directory.
• w (write): This permission grants the ability to change/modify or delete the file details and content. For directories, this enables the creation, deletion, or renaming of files within the directory.
• x (execute): This permission allows a user to execute a file as a script or a program. For directories, this permits entering the directory and accessing its contents.

2. User Categories (Permission Groups)

Each file and directory in Linux has permissions assigned to three distinct user categories:​

• Owner: This refers to the user who created the file or directory. By default, this user has full permissions, i.e., the ability to modify and delete them.
• Group: A group is a collection of users who have been granted access to a set of files or directories. Permissions assigned to the group apply to all its members.
• Others: All other users who are neither the owner nor part of the group fall in this category. 

This categorization allows for flexible permission settings, enabling collaborative environments while maintaining security.

How To Read Linux File Permissions?

In Linux, file permissions are displayed in a specific format that conveys the access rights associated with a file or directory. Understanding this format is crucial for managing system security and ensuring appropriate access controls.​

Interpreting the Permission String: When examining file permissions, you'll encounter a string of characters that represent the file type and the permissions for the owner, group, and others. This string typically looks like:​

-rwxr-xr--

Let's break down this string:​

File Type Indicator (First Character):

• - : Regular file
• d : Directory
• l : Symbolic link
• c : Character device file
• b : Block device file​

Permission Sets (Next Nine Characters):

• Owner Permissions (Characters 2-4): Indicate the permissions for the file's owner.
• Group Permissions (Characters 5-7): Indicate the permissions for the group associated with the file.
• Others Permissions (Characters 8-10): Indicate the permissions for all other users.

Each set uses the following characters:

• r: Read permission
• w: Write permission
• x: Execute permission
• -: Permission not granted (That is, if a user isn’t granted specific permission from rwx, then that spot will be filled with ‘–’ instead of the permission character).

Let’s look at the example above for a better understanding:

-rwxr-xr–

Here,

• -: Regular file
• rwx: Owner has read, write, and execute permissions.
• r-x: Group has read and execute permissions.
• r--: Others have read-only permission.

What Are Octal Values In Linux File Permissions?

In Linux file permissions, octal values are a shorthand representation of file permission modes that simplify the process of setting permissions. In other words, in Linux, file permissions can be represented using octal (base-8) notation, providing a concise method to define access rights for the owner, group, and others.

This means that octal values use the numbers 0 to 7 to represent different combinations of file permissions. Each number corresponds to the read, write, and execute permissions for the owner, group, and others, respectively. The numbers are calculated by adding the values of the permissions you want to set.

Understanding Octal Notation

Each permission type is assigned a numerical value:

• Read (r) = 4
• Write (w) = 2
• Execute (x) = 1

To calculate the octal value for a set of file permissions, you add the values of the permissions that are granted. For example:

• rwx (read, write, and execute permissions) has an octal value of 7 (4 + 2 + 1 = 7)
• rw- (read and write permissions, no execute permission) has an octal value of 6 (4 + 2 + 0 = 6)
• r-- (read permission, no write or execute permission) has an octal value of 4 (4 + 0 + 0 = 4)
• --- (no read, write, or execute permission) has an octal value of 0 (0 + 0 + 0 = 0)

Overall, octal values are a useful shorthand method for representing Linux file permissions, and they can simplify the process of setting file permissions. However, it is important to understand how they work and what values correspond to different combinations of file permissions. We will discuss how to change file permissions using octal values with chmod in a later section.

Quick Knowledge Check!

How To Check Linux File Permissions (ls-l, namei, stat)?

Understanding and verifying file permissions is essential for maintaining system security and ensuring proper access controls. Linux provides several commands to inspect file and directory permissions. Below are the most commonly used methods:

1. Using ls -l (List Directory Contents)

The ls -l command displays detailed information about files and directories, including their permissions.

Syntax:

ls -l [file_or_directory]

Example:

ls -l example.txt

Sample Output:

-rw-r--r-- 1 user group 1024 May 8 10:00 example.txt

Explanation:

• -rw-r--r--: Permission string
• -: Indicates a regular file
• rw-: Owner has read and write permissions
• r--: Group has read permission
• r--: Others have read permission
• 1: Number of hard links
• user: Owner of the file
• group: Group associated with the file
• 1024: File size in bytes
• May 8 10:00: Last modification date and time
• example.txt: File name

This method provides a quick overview of file permissions and associated metadata.

2. Using namei (Analyze Path Components)

The namei command breaks down a file path and displays the permissions for each component in the path. This is particularly useful for diagnosing permission issues in nested directories.

Syntax:

namei -l /path/to/your/file

Example:

namei -l /home/user/documents/report.txt

Sample Output:

f: /home/user/documents/report.txt
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-xr-x user user user
drwxr-xr-x user user documents
-rw-r--r-- user user report.txt

Explanation:

• f:: Indicates the file path being analyzed
• d / -: Denotes directory (d) or file (-)
• rwxr-xr-x: Permissions for each component
• root / user: Owner and group of each component

By examining each component, namei helps identify where permission issues may exist along a path.

3. Using stat (Display File Status)

The stat command provides detailed information about a file or directory, including permissions in both symbolic and octal formats.

Syntax:

stat [file_or_directory]

Example:

stat example.txt

Sample Output:

 File: example.txt
  Size: 1024       Blocks: 8          IO Block: 4096   regular file
Device: 802h/2050d Inode: 1234567     Links: 1
Access: 2025-05-08 10:00:00.000000000 +0530
Modify: 2025-05-08 09:50:00.000000000 +0530
Change: 2025-05-08 09:55:00.000000000 +0530
 Birth: -

Explanation:

• File: Name of the file
• Size: Size of the file in bytes
• Blocks: Number of blocks allocated
• IO Block: Optimal block size for I/O
• regular file: File type
• Device: Device number
• Inode: Inode number
• Links: Number of hard links
• Access: Last access time
• Modify: Last modification time
• Change: Last status change time

To display permissions in a concise format, use:

stat -c '%A %a %n' example.txt

Sample Output:

-rw-r--r-- 644 example.txt

Explanation:

• -rw-r--r--: Symbolic representation of permissions
• 644: Octal representation of permissions
• example.txt: File name

The stat command is valuable for obtaining comprehensive file information, especially when scripting or automating tasks.

How To Set/Change Linux File Permissions?

In Linux, file permissions are crucial for system security and proper user access control. Modifying these permissions ensures that users have the appropriate level of access to files and directories, preventing unauthorized actions and maintaining system integrity.

Methods To Change File Permissions

File and directory permissions are modified or changed using the chmod command. The chmod command is a basic command that allows you to modify the permissions of a file or directory. There are several methods to change file permissions in Linux:

1. Using chmod with Octal Notation (Absolute Mode)
2. Using chmod with Symbolic Notation (Symbolic Mode)
3. Applying permissions recursively using chmod

Using chmod With Octal Values (Absolute Mode)

To use octal values to set file permissions, you use the chmod command with a three-digit octal value. The first digit represents the permissions for the owner, the second digit represents the permissions for the group, and the third digit represents the permissions for others.

Example 1: Using chmod to set read, write, and execute permissions for the owner, and read-execute permission for groups, and no permission for others. Here is the command:

chmod 750 filename

This is equivalent to setting the permission rwxr-x---. In this command, the first digit (7) represents the permissions for the owner (read, write, and execute), the second digit (5) represents the permissions for the group (read and execute), and the third digit (0) represents the permissions for others (no permission).

Example 2: Another common chmod command used with the octal values to set permissions is:

chmod 644 filename 

This command sets permissions to rw-r--r–, i.e., owner: read, write, group: read, others: read.

Example 3: to set read and write permissions for the file owner, read-only permission for the group, and no permission for others, you would use the following basic command:

chmod 640 file.txt

In this command, the first digit (6) represents the owner permission, which is read and write (4 + 2 = 6). The second digit (4) represents the permissions for the group, which is read-only (4 + 0 = 4). The third digit (0) represents the permissions on files, which is no permission (0 + 0 + 0 = 0).

Using chmod With Symbolic Notation (Symbolic Mode)

The chmod command allows users to change file and directory permissions using symbolic notation, which is structured as:

chmod [user_class][operator][permissions] filename

Components:

• User Classes:
  • u: User (file owner)
  • g: Group
  • o: Others
  • a: All (user, group, and others)
• Operators:
  • +: Adds specified permissions
  • -: Removes specified permissions
  • =: Sets exact permissions, replacing existing ones
• Permissions:
  • r: Read
  • w: Write
  • x: Execute

Examples Of Using chmod To Modify Linux File Permissions

Symbolic notation is particularly useful when you want to modify specific permissions without altering others, providing precise control over access rights.

3. Applying Permissions Recursively

The recursive mode can also be used for the chmod command to change the permissions of a directory and all of its contents. To do this, use the "-R" option with the chmod command.

In other words, to change permissions for a directory and all its contents, use the -R (recursive) option with chmod:

chmod -R 755 /path/to/directory

Explanation:

• -R: Applies changes recursively to all files and subdirectories within the specified directory.
• 755: Sets permissions to rwxr-xr-x, meaning:
• Owner: read, write, execute
• Group: read, execute
• Others: read, execute

This command is useful for setting consistent permissions across a directory tree.

Another example, to set read and write permissions for the owner, read-only permission for the group, and no permission for others for all files in the "mydir" directory, you can use the following command:

chmod -R 640 mydir

This command sets the permissions for all files and directories in "mydir" recursively.

Quick Knowledge Check!

Linux File Permissions To Change Group & File Ownership

In this section, we will discuss how you can change groups in Linux files and directories, as well as how to change the ownership of a file or directory.

Changing Group Ownership With chgrp

The chgrp (change group) command modifies the group ownership of files and directories. This is particularly useful when multiple users belong to the same group and need shared access to specific resources. Syntax:

chgrp [OPTIONS] GROUP FILE…

Here,

• GROUP: The new group name or GID (Group ID).
• FILE: One or more files or directories whose group ownership you want to change.

Common Options:

• -R: Recursively change group ownership for directories and their contents.
• -v: Display verbose output, showing the files processed.
• -f: Suppress most error messages.

Examples:

Changing File Ownership With chown

The chown (change owner) command alters the ownership of files and directories, allowing you to change the user and/or group associated with them. This is essential when transferring file ownership between users or adjusting group associations. Syntax:

chown [OPTIONS] [OWNER][:[GROUP]] FILE…

Here,

• OWNER: The new owner's username or UID (User ID).
• GROUP: The new group's name or GID.
• FILE: One or more files or directories to change ownership.

Common Options

• -R: Recursively change ownership for directories and their contents.
• -v: Display verbose output, showing the files processed.
• --reference=RFILE: Change ownership to match that of the reference file RFILE.

Examples:

By effectively using chgrp and chown, you can manage file and directory ownership, ensuring that users have appropriate access rights and maintaining the security and integrity of your Linux system.

Managing File Permissions In Linux: Recap

Managing file permissions in Linux is an important part of maintaining system security and controlling access to files and directories. There are several tools and techniques you can use to manage file permissions in Linux, including the following:

• chmod: You can use chmod to grant or revoke read, write, and execute permissions for the owner, group, and others. The syntax for using chmod is-

chmod [permissions] [file or directory]

• chown: You can use chown to transfer ownership of a file or directory to another user or group. The syntax for using chown is-
  

chown [owner]:[group] [file or directory]

• chgrp: You can use chgrp to assign a file or directory to a different group. The syntax for using chgrp is-
  

chgrp [group] [file or directory]

• umask: The umask command is used to set the default permissions for new files and directories. You can use umask to specify which permissions are removed by default when new files and directories are created. The syntax for using umask is-
  

umask [permissions]

These are some of the most common tools and techniques used to manage file permissions in Linux. By using these commands, you can control access to files and directories, transfer ownership of files, and set default permissions for new files and directories. With careful management of file permissions, you can help ensure the security and integrity of your Linux system.

Special Linux File Permissions

Beyond the standard read (r), write (w), and execute (x) permissions, Linux provides three special permission bits:

1. Setuid (Set User ID)
2. Setgid (Set Group ID)
3. Sticky Bit

These special permissions modify the default behavior of executables and directories, enabling specific access controls.

1. Setuid (Set User ID)

Purpose: When the setuid bit is set on an executable file, users executing that file temporarily acquire the file owner's privileges during execution. This is particularly useful for programs that require elevated privileges to perform specific tasks.

Example:

chmod u+s /usr/bin/example

Explanation:

• chmod u+s sets the setuid bit on the executable.
• When a user runs /usr/bin/example, the process runs with the file owner's (often root's) privileges, not the user's.

Use Case: The passwd command allows users to change their passwords. Since it modifies /etc/shadow, which is writable only by root, passwd is setuid root to grant necessary privileges during execution.

2. Setgid (Set Group ID)

Purpose: The setgid bit serves dual purposes:

• On Executables: When set on an executable, it ensures the process runs with the file group's privileges.
• On Directories: When set on a directory, new files and subdirectories inherit the directory's group, promoting collaborative workflows.

Examples:

Use Case: In a shared project directory, setting the setgid bit ensures all new files belong to the project's group, facilitating seamless collaboration among team members.

3. Sticky Bit

Purpose: The sticky bit, when set on a directory, restricts file deletion within that directory. Only the file owner, directory owner, or root can delete or rename files, regardless of write permissions.

Example:

chmod +t /var/public

Explanation:

• chmod +t sets the sticky bit on the directory.
• Users can create files in /var/public, but only the file owner, directory owner, or root can delete or rename them.

Use Case: The /tmp directory is a classic example. It's world-writable, allowing all users to create temporary files. The sticky bit ensures users can't delete or rename each other's files, maintaining a secure environment.

Note on Representation:

In symbolic notation (e.g., output from ls -l), special permissions are represented as follows:

• Setuid: An s or S in the owner's execute position.
• Setgid: An s or S in the group's execute position.
• Sticky Bit: A t or T in the others' execute position.

In octal notation, special permissions are represented by a fourth digit at the beginning:

• Setuid: 4
• Setgid: 2
• Sticky Bit: 1

For example, chmod 4755 filename sets the setuid bit and standard permissions to rwsr-xr-x. Understanding and appropriately setting these special permissions is crucial for maintaining system security and facilitating collaborative workflows in multi-user environments.

Also read: 50 Most-Asked Linux Interview Questions (Basic & Advanced)

Conclusion

Understanding and managing file permissions in Linux is fundamental to maintaining a secure and efficient system. By mastering tools like chmod, chown, chgrp, and umask, users can precisely control access to files and directories, ensuring that only authorized individuals have the appropriate levels of access. Additionally, grasping the concepts of special permissions–such as setuid, setgid, and the sticky bit–further enhances security and functionality, particularly in multi-user environments.

Whether you're a system administrator or a casual user, a solid understanding of these permissions empowers you to safeguard your data, collaborate effectively, and navigate the Linux environment with confidence. Regularly reviewing and adjusting permissions as needed will help maintain the integrity and security of your system.

Frequently Asked Questions

Q1. What does chmod 750 do in Linux?

The command chmod 750 filename sets the following permissions:

• Owner (User): Read, Write, Execute (rwx)
• Group: Read, Execute (r-x)
• Others: No permissions (---)

This configuration is commonly used for directories where the owner needs full access, the group requires read and execute permissions, and others should have no access.

Q2. How does octal notation work in chmod?

In octal notation, permissions are represented by a three-digit number, where each digit corresponds to a specific user class (Owner, Group, Others):

• Read (r) = 4
• Write (w) = 2
• Execute (x) = 1

The sum of these values determines the permissions:

• 7 = rwx (4+2+1)
• 6 = rw- (4+2)
• 5 = r-x (4+1)
• 4 = r-- (4)
• 3 = wx- (2+1)
• 2 = w-- (2)
• 1 = x-- (1)
• 0 = --- (0)

For example, chmod 640 filename grants read and write permissions to the owner, read-only to the group, and no permissions to others.

Q3. What does chmod 640 represent?

The command chmod 640 filename sets the following permissions:

• Owner: Read, Write (rw-)
• Group: Read (r--)
• Others: No permissions (---)

This setting is often used for files where the owner needs to read and modify the content, the group requires read access, and others should have no access.

Q4. What does a permission level of 750 for a user represent?

A permission level of 750 means:

• Owner: Read, Write, Execute (rwx)
• Group: Read, Execute (r-x)
• Others: No permissions (---)

This configuration is suitable for directories where the owner needs full access, the group requires read and execute permissions, and others should have no access.

Q5. What are the rwx values in Linux permissions?

In Linux, file permissions are represented by a 10-character string, such as -rwxr-xr--:

• First character: File type (- for regular file, d for directory)
• Next three characters: Owner permissions (rwx)
• Next three characters: Group permissions (r-x)
• Last three characters: Others permissions (r–)

Each character represents a specific permission:

• r = Read
• w = Write
• x = Execute
• - = No permission

For example, -rwxr-xr-- means the owner can read, write, and execute; the group can read and execute; and others can read.

This compiles our discussion on Linux file permissions. Also, check the following out:

1. How To Delete A File In Linux | How To Remove A Directory
2. Most Important Linux Commands And Their Syntax (With Examples)
3. How To Unzip A File In Linux | Unzip Syntax | 8 Unzip Commands
4. How To Copy A File in Linux | Linux cp Command | Syntax & Options
5. How To Open A File In Linux Using 3 Different Approaches