Welcome to my website

Linux file permission system

Category: Linux | Published: 11 July 2025 08:10:23

Last Updated: 11 July 2025 09:47:44

Understanding Linux File Permissions: A Beginner's Guide to `chmod`



Introduction

In Linux, every file and directory has a set of permissions that determine who can do what with it. This is a core security feature that prevents unauthorized access, ensures proper execution of programs, and allows multiple users to share a system safely. Learning how to manage these permissions, primarily with the `chmod` command, is essential for any Linux user or administrator.

The Basics: Users, Groups, and Others



Linux file permissions are managed for three distinct categories of entities:

  • 1. User (u): This is the individual owner of the file or directory.
  • 2. Group (g): This refers to a specific group of users. All members of this group will have the same permissions as defined for the group.
  • 3. Others (o): This category applies to everyone else on the system who is not the owner and not a member of the file's group.


To see these permissions in action, you can use the `ls -l` command:

ls -l myfile.txt


Example output:
[Code]-rw-r--r-- 1 ewald ewald 0 Jul 11 10:00 myfile.txt[/Code]

Let's break down the first part of that output: `-rw-r--r--`

  • First character (-): Indicates the file type.
  • `-` means it's a regular file.
  • `d` means it's a directory.
  • `l` means it's a symbolic link.
  • Next three characters (rw-): Permissions for the User (owner).
  • Next three characters (r--): Permissions for the Group.
  • Last three characters (r--): Permissions for Others.


The Permissions: Read, Write, Execute (rwx)



Each of the three user categories (User, Group, Others) can have three types of permissions:

1. Read (r):
  • For files: Allows viewing the contents of the file.
  • For directories: Allows listing the contents of the directory (e.g., using `ls`).


2. Write (w):
  • For files: Allows modifying, saving, or deleting the file.
  • For directories: Allows creating, deleting, or renaming files *within* that directory. (Note: To delete a file, you need write permission on the directory containing it, not necessarily on the file itself).


3. Execute (x):
  • For files: Allows running the file as a program or script.
  • For directories: Allows "entering" or traversing the directory (e.g., using `cd`).


When a permission is not granted, a hyphen (`-`) appears in its place.

Example: `rwxr-xr--` means:
  • User: read, write, execute (rwx)
  • Group: read, execute (r-x)
  • Others: read only (r--)


Changing Permissions: The `chmod` Command



The `chmod` (change mode) command is used to modify file and directory permissions. There are two primary ways to use it: Symbolic Mode and Numeric (Octal) Mode.

A. Symbolic Mode

Symbolic mode uses characters to represent the entities (`u`, `g`, `o`, `a`), actions (`+`, `-`, `=`), and permissions (`r`, `w`, `x`).

Entities:
  • `u`: user (owner)
  • `g`: group
  • `o`: others
  • `a`: all (user, group, and others - this is the default if no entity is specified)


Actions:
  • `+`: Add a permission
  • `-`: Remove a permission
  • `=`: Set permissions exactly (removes all other permissions if not specified)


Permissions:
  • `r`: read
  • `w`: write
  • `x`: execute


Examples:

1. Add execute permission for the owner:
chmod u+x myscript.sh

(Before: `-rw-r--r--`, After: `-rwxr--r--`)

2. Remove write permission for the group:
chmod g-w myfile.txt

(Before: `-rw-rw-r--`, After: `-rw-r--r--`)

3. Set exact permissions for others (read and execute only):
chmod o=rx mydir

(Before: `drwxrwxrwx`, After: `drwxrwxr-x`)

4. Add read permission for all:
chmod a+r anotherfile.txt

(Before: `-rw
-`, After: `-rw-r--r--`)

5. Add execute permission for owner (common shorthand):
chmod +x myprogram

(This is shorthand for `chmod u+x`, or `chmod a+x` depending on some system configurations, but generally applies to the owner by default for executable files).

B. Numeric (Octal) Mode

Numeric mode uses a three-digit number to represent permissions for the User, Group, and Others. Each permission type (read, write, execute) has a numerical value:

  • Read (r) = 4
  • Write (w) = 2
  • Execute (x) = 1
  • No permission = 0


To determine the number for a set of permissions, you sum their values:
[*] `rwx` = 4 + 2 + 1 = 7
[*] `rw-` = 4 + 2 + 0 = 6
[*] `r-x` = 4 + 0 + 1 = 5
[*] `r--` = 4 + 0 + 0 = 4

You then combine these three numbers (one for User, one for Group, one for Others) to form a three-digit octal number.

Common Octal Values and Their Meanings:

  • 777 (rwxrwxrwx): Full permissions for everyone. CAUTION! Rarely used and generally insecure, as it allows anyone to read, write, and execute.
  • 755 (rwxr-xr-x): Owner has full permissions, Group and Others have read and execute permissions. Common for directories and executable scripts/programs.
  • 644 (rw-r--r--): Owner has read and write, Group and Others have read only. Common for general files (e.g., text documents, images).
  • 600 (rw
    -)    : Owner has read and write, no permissions for Group or Others. Common for sensitive configuration files.


Examples:

1. Set permissions for an executable script (Owner rwx, Group rx, Others rx):
chmod 755 myscript.sh

(Output: `-rwxr-xr-x`)

2. Set permissions for a regular document (Owner rw, Group r, Others r):
chmod 644 mydocument.txt

(Output: `-rw-r--r--`)

3. Secure a sensitive configuration file (Owner rw, no one else):
chmod 600 myconfig.conf

(Output: `-rw
-`)

Special Permissions (Brief Overview for Beginners)



Beyond `rwx`, there are three special permissions that appear as `s` or `t` in the `ls -l` output, usually in place of `x` or `X`:

  • 1. Setuid (s): When set on an executable file, allows the file to be run with the permissions of the file's owner, rather than the user executing it. (e.g., `sudo` command).
  • 2. Setgid (s): Similar to Setuid. On an executable, runs with the permissions of the file's group. On a directory, new files/directories created within it automatically inherit the group of the parent directory.
  • 3. Sticky Bit (t): When set on a directory, only the owner of a file (or the directory owner or root) can delete or rename files within that directory, even if they have write permission on the directory. (e.g., `/tmp` directory).


These are advanced concepts, but it's good to be aware of their existence if you see an `s` or `t` in your `ls -l` output.

Best Practices and Security



  • 1. Principle of Least Privilege: Always grant only the minimum necessary permissions. If a file doesn't need to be executable, don't give it `x` permission. If others don't need to read a file, don't give them `r` permission.
  • 2. Directories vs. Files: Remember that execute permission on a directory means you can `cd` into it and access its contents, not just list them. Write permission on a directory means you can create/delete items within it.
  • 3. Avoid `chmod 777`: Setting full permissions for everyone (`777`) is a major security risk and should almost never be done, especially on public-facing servers.
  • 4. Use `chown` for Ownership: While `chmod` changes permissions, `chown` (change owner) is used to change the user or group ownership of a file or directory.


Conclusion



Understanding Linux file permissions is a cornerstone of system administration and security. By mastering the `chmod` command in both symbolic and numeric modes, you gain powerful control over who can access and manipulate your files and directories. Always remember the principle of least privilege to keep your system secure.

Back to Knowledge Base