Learning never exhausts the mind
Home >  Technology > Linux > Understanding Linux File Permissions

Published 24th July 2016 by

Linux File Permissions specify who can do what with files or directories and in this tutorial, we'll look at how to set Linux permissions on files and directories and how ownership works.
Introduction to Linux Series
  1. Installing Linux Step by Step
  2. Linux Tips for Beginners
  3. Beginners guide to Reading and Finding Files in Linux
  4. Using Grep to Search for Text in Linux
  5. Understanding Linux File Permissions
  6. How to Archive, Compress and Extract files in Linux
  7. Linux Piping and Redirection
  8. Linux Hardlinks and Softlinks
  9. How to Create and Use Bash Scripts
  10. Basic Data Recovery in Linux
  11. Apache Administration on Linux
  12. MySql Administration on Linux
  13. Switching from Windows to Linux

Linux File permissions specify three things you can do with a file - read, write and execute. They are referred to in Linux by a single letter code.

  • r - read - you may view the contents of the file.
  • w - write - you may change the contents of the file.
  • x - execute - you may execute or run the file if it is a program or script.

For every file, we define 3 sets of people for whom we may specify permissions.

  • owner - a single person who owns the file. (typically the person who created the file but ownership may be granted to some one else by certain users)
  • group - every file belongs to a single group.
  • others - everyone else who is not in the group or the owner.

Directory permissions are similar, they have the same letters but the meanings are slightly different.

  • r - you have the ability to read the contents of the directory (ie do an ls)
  • w - you have the ability to write into the directory (ie create files and directories)
  • x - you have the ability to enter that directory (ie cd)

You can view permissions using the ls command with long descriptions enabled.

ls -l
total 52
drwxr-xr-x 2 timmy timmy  4096 Jun 24 18:01 Desktop
drwxr-xr-x 2 timmy timmy  4096 Jul  8 21:08 Documents
drwxr-xr-x 2 timmy timmy 12288 Aug 17 17:48 Downloads
drwxr-xr-x 2 timmy timmy  4096 Sep  3  2016 Music
drwxr-xr-x 2 timmy timmy  4096 Aug 15 21:34 Pictures
drwxr-xr-x 2 timmy timmy  4096 Sep  3  2016 Public
drwxr-xr-x 3 timmy timmy  4096 May 14 16:38 Software
drwxr-xr-x 2 timmy timmy  4096 Sep  3  2016 Templates
drwxr-xr-x 2 timmy timmy  4096 May 21 21:49 Videos
drwx------ 2 timmy timmy  4096 May 28 11:28 VirtualBox VMs

On each line, we can see the file type (d in this example, for directory) followed by three sets of three letters. A hyphen is used when the permission is not set, so r-- means read only, rw- means read and write, rwx means read, write and execute. The permissions are listed for owner, group and others. Following those permissions, we can see the owner username and the group name.

Changing Permissions

To change Linux permissions on a file or directory we use a command called chmod which stands for change mode bits.

The command chmod has arguments

  • Who are we changing the permission for? [ugoa] - user (or owner), group, others, all
  • Are we granting or revoking the permission - indicated with either a plus ( + ) or minus ( - )
  • Which permission are we setting? - read ( r ), write ( w ) or execute ( x )


Here are a few examples commands for setting Linux file permissions.

Granting Execute permission on testfile
chmod +x testfile
Removing Write and Execute permissions from testfile
chmod –wx testfile

You'll notice that this only changes the permissions for the owner of the file, not the group or others. To change group or others permissions you have to specify (g)roup or (o)thers on the permission flag.

Set the write permission to the group on testfile
chmod g+w testfile
Remove the write and execite permission from the group on testfile
chmod g-wx testfile
Set the write permission for the others
chmod o+w testfile
Remove the read, write and execute permissions from others
chmod o-rwx workfolder

Changing Ownership

Another helpful command is changing ownerships of files and directories. The command is "chown" along with "name of new owner" & "name of file."

chown timmy testfile

We can also combine change group and ownership command by:

chown timmy:users testfile

You can also use the -R flag to change ownership and permissions recursivly.

Shorthand Permissions

The method outlined above isn't hard for setting permissions, but it can be a little tedious if there are lots of permissions to set. There are shorthand codes which you can use to speed up the process. The codes are based on a decimal number, which is converted to binary. Let's see how these the shorthand permission numbers work.

00 0 0---
10 0 1--x
20 1 0-w-
30 1 1-wx
41 0 0r--
51 0 1r-x
61 1 0rw-
71 1 1rwx

These octal numbers can be combined in three to form owner, group and others, so a shorthand permission of 700 will give read, write, and execute permission for the user, but nothing to everyone else. A value of 327 will give write and execute (3) permission for the user, w (2) for the group, and read, write, and execute for other users. A value of 777 will grant read, write and execute for owner, group and others and is generally regarded as unsafe.

Some common file permission combinations include

  • 644 - readable and writeable by the owner of the file and readable by users in the group owner of that file and readable by everyone else.
  • 755 - used for directories and is the same thing as 644, however it has the execute bit set for everyone. The execute bit is needed to be able to change into the directory.

Finally, here is a handy Linux Permissions calculator. Simply tick the boxes to set permissions and the correct octal number will be shown in the text boxes.

Tutorial Series

This post is part of the series Introduction to Linux. Use the links below to advance to the next tutorial in the couse, or go back and see the previous in the tutorial series.

Leave a Reply

Fields marked with * are mandatory.

We respect your privacy, and will not make your email public. Hashed email address may be checked against Gravatar service to retrieve avatars. This site uses Akismet to reduce spam. Learn how your comment data is processed.