DevOps Journey
Linux

File Permissions

Understanding and managing file permissions in Linux

File Permissions

Linux file permissions control who can read, write, and execute files and directories.

Understanding Permissions

Each file has three types of permissions for three categories:

Permission Types:

  • r (read) - Can read file contents or list directory
  • w (write) - Can modify file or create/delete files in directory
  • x (execute) - Can run file as program or access directory

User Categories:

  • u (owner/user) - The file owner
  • g (group) - Members of the file's group
  • o (others) - Everyone else
  • a (all) - Everyone

Permission Notation

Symbolic Notation

-rw-r--r-- user group filename
^ read, write, execute
  • First character: - (file), d (directory), l (symlink)
  • Next 9 characters: permissions (rwx for user, group, others)

Example:

drwxr-xr-x = directory, owner can read/write/execute, group and others can read/execute

Numeric Notation

r = 4, w = 2, x = 1

Examples:

  • 755 = rwxr-xr-x (7=rwx, 5=r-x, 5=r-x)
  • 644 = rw-r--r-- (6=rw-, 4=r--, 4=r--)
  • 777 = rwxrwxrwx (full permissions)
  • 700 = rwx------ (owner only)

Changing Permissions

# Using chmod with symbolic notation
chmod u+x file.sh # Add execute for owner
chmod g-w file # Remove write for group
chmod o-r file # Remove read for others
chmod a+r file # Add read for all

# Using chmod with numeric notation
chmod 755 script.sh # rwxr-xr-x
chmod 644 document.txt # rw-r--r--

# Recursive change
chmod -R 755 directory/

Changing Ownership

# Change owner
chown newuser file

# Change owner and group
chown newuser:newgroup file

# Change group only
chgrp newgroup file

# Recursive change
chown -R user:group directory/

Default Permissions

Default permissions are determined by umask:

  • Default file permissions: 666 - umask
  • Default directory permissions: 777 - umask
# View current umask
umask

# Set umask temporarily
umask 0022 # results in 644 for files, 755 for directories

Special Permissions

SUID (Set User ID - 4):

chmod u+s file # or chmod 4755 file

File executes with owner's privileges.

SGID (Set Group ID - 2):

chmod g+s file # or chmod 2755 file

File executes with group's privileges.

Sticky Bit (1):

chmod o+t directory # or chmod 1777 directory

Only owner can delete files in directory.

Viewing Permissions

# List with permissions
ls -l

# Show permissions only
stat file

# Check specific user permissions
getfacl file

Best Practices

  • Never set permissions to 777
  • Use 644 for regular files, 755 for directories
  • Executables should have 755
  • Configuration files should be 600 or 640
  • Use SUID/SGID sparingly for security
  • Regularly audit file permissions

File Structure

Linux filesystem hierarchy and organization

Users and Groups

User and group management in Linux

On this page

File PermissionsUnderstanding PermissionsPermission NotationSymbolic NotationNumeric NotationChanging PermissionsChanging OwnershipDefault PermissionsSpecial PermissionsViewing PermissionsBest Practices