Permissions
Understanding Linux File Permissions
Each file and directory in Linux has an associated owner, group, and others. The permissions define who can do what.
Permission Structure
Each file has three permission types:
r
Read
4
View file contents
w
Write
2
Modify file contents
x
Execute
1
Run file as a program
These permissions apply to three categories:
u
User
The owner of the file
g
Group
Users in the file’s group
o
Others
All other users
Example: Viewing File Permissions
Run the ls -l command to see file permissions.
bashCopyEditls -lExample output:
csharpCopyEdit-rwxr-xr-- 1 user group 1234 Jan 1 12:00 script.shBreaking Down the Output
csharpCopyEdit-rwxr-xr-- 1 user group 1234 Jan 1 12:00 script.sh-rwxr-xr--→ Permissions1→ Number of hard linksuser→ Owner of the filegroup→ Group of the file1234→ File size (in bytes)Jan 1 12:00→ Last modified datescript.sh→ Filename
Explaining the Permissions (-rwxr-xr--)
-
Regular file (d for directories)
rwx
Owner (User) can read, write, and execute
r-x
Group can read and execute, but not write
r--
Others can only read
Changing File Permissions
Using chmod (Change Mode)
chmod (Change Mode)Symbolic Method
To add, remove, or set permissions using letters:
bashCopyEditchmod u+x script.sh # Add execute (x) for the user (u)
chmod g-w script.sh # Remove write (w) for the group (g)
chmod o=r script.sh # Set read-only for others (o)Numeric Method
Each permission set is represented by a 3-digit number:
rwx = 7 (
4+2+1)rw- = 6 (
4+2)r-- = 4 (
4)
Example:
bashCopyEditchmod 755 script.shBreakdown of 755
7557
5
5
rwx
r-x
r-x
Changing Ownership
Use chown to change file owner and chgrp to change file group.
bashCopyEditchown newuser script.sh # Change owner
chgrp newgroup script.sh # Change group
chown newuser:newgroup script.sh # Change both owner and groupDirectory Permissions
Permissions work similarly for directories:
r→ List files (ls)w→ Create/delete filesx→ Enter the directory (cd)
Example:
bashCopyEditls -ld mydir
drwxr-x--- 1 user group 4096 Jan 1 12:00 mydirTo allow everyone to enter:
bashCopyEditchmod o+x mydirSpecial Permissions
s
SetUID
Files
Run file as the owner
s
SetGID
Files/Dirs
Run file as the group; inherit group
t
Sticky Bit
Directories
Only the owner can delete files
Example:
bashCopyEditchmod u+s script.sh # SetUID (User runs as file owner)
chmod g+s shared_dir # SetGID (New files inherit group)
chmod +t /tmp # Sticky Bit (Only owner can delete files)Visual Representation of Linux Permissions
pgsqlCopyEditOwner Group Others
rwx r-x r--Permission Breakdown Example
makefileCopyEditFile: script.sh
Permissions: -rwxr-xr--pgsqlCopyEditUser : rwx (read, write, execute)
Group : r-x (read, execute)
Others: r-- (read)Illustration of Numeric Representation
luaCopyEdit7 5 4
rwx r-x r--777
rwx
rwx
rwx
755
rwx
r-x
r-x
644
rw-
r--
r--
A Real-World Example
Scenario: Securing a Web Directory
Let's say you have a web directory in /var/www/html and want:
The owner (
www-data) to have full control (rwx).The group (
developers) to read and write (rw-).Others should only read (
r--).
Commands:
bashCopyEditchown www-data:developers /var/www/html
chmod 775 /var/www/htmlFinal Permissions
cssCopyEditdrwxrwxr-x www-data developers /var/www/htmlSources
ChatGPT helped with some of the examples, and thanks to the Linux Foundation for helping with tables and examples.
Last updated