> For the complete documentation index, see [llms.txt](https://bob-johns-book.gitbook.io/cyber-security-hand-book/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://bob-johns-book.gitbook.io/cyber-security-hand-book/linux/getting-started-with-linux/permissions.md).

# Permissions

<figure><img src="/files/6g3mexXmQfOuhuBjZy0l" alt=""><figcaption></figcaption></figure>

### **Understanding Linux File Permissions**

Each file and directory in Linux has an associated **owner**, **group**, and **others**. The permissions define who can do what.

#### **Permission Structure**

Each file has three permission types:

| Symbol | Permission | Numeric Value | Description           |
| ------ | ---------- | ------------- | --------------------- |
| `r`    | Read       | `4`           | View file contents    |
| `w`    | Write      | `2`           | Modify file contents  |
| `x`    | Execute    | `1`           | Run file as a program |

These permissions apply to three categories:

| Symbol | Category | Description               |
| ------ | -------- | ------------------------- |
| `u`    | User     | The owner of the file     |
| `g`    | Group    | Users in the file’s group |
| `o`    | Others   | All other users           |

#### **Example: Viewing File Permissions**

Run the `ls -l` command to see file permissions.

```bash
bashCopyEditls -l
```

Example output:

```
csharpCopyEdit-rwxr-xr--  1 user group 1234 Jan 1 12:00 script.sh
```

**Breaking Down the Output**

```
csharpCopyEdit-rwxr-xr--  1  user  group  1234  Jan 1  12:00  script.sh
```

* `-rwxr-xr--` → **Permissions**
* `1` → **Number of hard links**
* `user` → **Owner of the file**
* `group` → **Group of the file**
* `1234` → **File size (in bytes)**
* `Jan 1 12:00` → **Last modified date**
* `script.sh` → **Filename**

**Explaining the Permissions (`-rwxr-xr--`)**

| Character | Meaning                                   |
| --------- | ----------------------------------------- |
| `-`       | Regular file (`d` for directories)        |
| `rwx`     | Owner (User) can read, write, and execute |
| `r-x`     | Group can read and execute, but not write |
| `r--`     | Others can only read                      |

***

### **Changing File Permissions**

#### **Using `chmod` (Change Mode)**

**Symbolic Method**

To **add**, **remove**, or **set** permissions using letters:

```bash
bashCopyEditchmod u+x script.sh  # Add execute (x) for the user (u)
chmod g-w script.sh  # Remove write (w) for the group (g)
chmod o=r script.sh  # Set read-only for others (o)
```

**Numeric Method**

Each permission set is represented by a **3-digit number**:

* **rwx = 7** (`4+2+1`)
* **rw- = 6** (`4+2`)
* **r-- = 4** (`4`)

Example:

```bash
bashCopyEditchmod 755 script.sh
```

#### **Breakdown of `755`**

| User  | Group | Others |
| ----- | ----- | ------ |
| `7`   | `5`   | `5`    |
| `rwx` | `r-x` | `r-x`  |

***

### **Changing Ownership**

Use `chown` to change file **owner** and `chgrp` to change file **group**.

```bash
bashCopyEditchown newuser script.sh  # Change owner
chgrp newgroup script.sh  # Change group
chown newuser:newgroup script.sh  # Change both owner and group
```

***

### **Directory Permissions**

Permissions work similarly for directories:

* `r` → List files (`ls`)
* `w` → Create/delete files
* `x` → Enter the directory (`cd`)

Example:

```bash
bashCopyEditls -ld mydir
drwxr-x---  1 user group 4096 Jan 1 12:00 mydir
```

To allow everyone to enter:

```bash
bashCopyEditchmod o+x mydir
```

***

### **Special Permissions**

| Symbol | Name           | Used On     | Description                          |
| ------ | -------------- | ----------- | ------------------------------------ |
| `s`    | **SetUID**     | Files       | Run file as the owner                |
| `s`    | **SetGID**     | Files/Dirs  | Run file as the group; inherit group |
| `t`    | **Sticky Bit** | Directories | Only the owner can delete files      |

Example:

```bash
bashCopyEditchmod u+s script.sh  # SetUID (User runs as file owner)
chmod g+s shared_dir  # SetGID (New files inherit group)
chmod +t /tmp  # Sticky Bit (Only owner can delete files)
```

***

### **Visual Representation of Linux Permissions**

```
pgsqlCopyEditOwner    Group    Others
rwx      r-x      r--
```

#### **Permission Breakdown Example**

```
makefileCopyEditFile: script.sh
Permissions: -rwxr-xr--
```

```
pgsqlCopyEditUser  : rwx (read, write, execute)
Group : r-x (read, execute)
Others: r-- (read)
```

#### **Illustration of Numeric Representation**

```
luaCopyEdit7   5   4
rwx r-x r--
```

| Mode  | User (Owner) | Group | Others |
| ----- | ------------ | ----- | ------ |
| `777` | rwx          | rwx   | rwx    |
| `755` | rwx          | r-x   | r-x    |
| `644` | rw-          | r--   | r--    |

***

### **A Real-World Example**

#### **Scenario: Securing a Web Directory**

Let's say you have a web directory in  `/var/www/html` and want:

* The **owner** (`www-data`) to have full control (`rwx`).
* The **group** (`developers`) to read and write (`rw-`).
* **Others** should only read (`r--`).

Commands:

```bash
bashCopyEditchown www-data:developers /var/www/html
chmod 775 /var/www/html
```

#### **Final Permissions**

```
cssCopyEditdrwxrwxr-x  www-data developers /var/www/html
```

***

### Sources

ChatGPT helped with some of the examples, and thanks to the [Linux Foundation](https://www.linuxfoundation.org/blog/blog/classic-sysadmin-understanding-linux-file-permissions) for helping with tables and examples. &#x20;


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://bob-johns-book.gitbook.io/cyber-security-hand-book/linux/getting-started-with-linux/permissions.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.