Skip to main content
Linux System Administration:

Permissions in Linux explained

Summary

Linux/Unix file permissions control who can access files and directories and what actions they can perform. Permissions are assigned to the owner, group, and others, using read (r), write (w), and execute (x) flags, represented symbolically, numerically (octal), or in binary format, with additional special permissions like SetUID, SetGID, and Sticky Bit for enhanced security.

Introduction #

Permissions in Linux/Unix control who can access files and directories and what they can do with them. Each file or directory has three types of permissions for three types of users. By understanding and applying permissions, you can secure files and manage access efficiently on a Linux system.

Permission user types #

  • Owner (User - u):
    The person who owns the file or directory.
  • Group (g):
    A group of users who share access permissions.
  • Others (o):
    Everyone else (public).

Permission types #

  • Read (r):
    • Files: Allows viewing the file’s contents.
    • Directories: Allows listing files inside the directory.
  • Write (w):
    • Files: Allows modifying or deleting the file.
    • Directories: Allows creating, renaming, or deleting files in the directory.
  • Execute (x):
    • Files: Allows executing the file (for scripts or binaries).
    • Directories: Allows accessing the directory contents (cd into it).

Permission representation #

Permissions for file.txt are displayed, e.g. with the ls -l command:

$ ls -l
-rwxr-xr--  1 user group 4096 Dec 2 10:00 file.txt

Breakdown:

  • -rwxr-xr--: Permission string.

The permission string is read from left to right and consists of the following parts:

  • File Type (-): Regular file (d for directory).
  • Owner Permissions (rwx): Read, write, and execute for the owner.
  • Group Permissions (r-x): Read and execute for the group.
  • Others Permissions (r--): Read-only for others.

Changing permissions #

Use the chmod command to change file or directory permissions.

Symbolic mode #

chmod u+rwx file.txt     # Add read, write, and execute to the owner
chmod g-w file.txt       # Remove write permission from the group
chmod o+x file.txt       # Add execute for others
chmod a+r file.txt       # Add read permission for everyone (all users)

Numeric mode (octal) #

Permissions are represented by numbers:

`r = 4`, `w = 2`, `x = 1`, `- = 0`

You sum these values to set permissions:

  • 7 (rwx): Read + Write + Execute
  • 6 (rw-): Read + Write
  • 5 (r-x): Read + Execute
  • 4 (r--): Read-only
chmod 754 file.txt  # Owner=rwx (7), Group=r-x (5), Others=r-- (4)

Binary mode #

Understanding permissions in binary representation helps clarify how octal mode works. Each permission bit (r, w, x) can be represented as binary digits (0 or 1), forming a 3-bit binary string.

PermissionBinaryOctalMeaning
---0000No access
--x0011Execute
-w-0102Write
-wx0113Write+Exec
r--1004Read
r-x1015Read+Exec
rw-1106Read+Write
rwx1117All (Full)

Example 1 #

Consider the permission string -rwxr-xr--. Convert each permission triplet to binary:

  • Owner (rwx): 111 (binary) → 7 (octal)
  • Group (r-x): 101 (binary) → 5 (octal)
  • Others (r--): 100 (binary) → 4 (octal)

Thus, the octal representation is:

chmod 754 file.txt

Example 2 #

Let’s say we want a file permission of rw-r--r--:

  • Owner (rw-): 110 (binary) → 6 (octal)
  • Group (r--): 100 (binary) → 4 (octal)
  • Others (r--): 100 (binary) → 4 (octal)

The resulting octal code would be:

chmod 644 file.txt

Changing ownership #

chown (Change Owner):

chown user file.txt         # Change the owner to 'user'
chown user:group file.txt   # Change owner and group

chgrp (Change Group):

chgrp group file.txt  # Change the group only

Special permissions #

  • SetUID (s): Run the file as the owner, not the user running it.
  • SetGID (s): Run the file with the group’s permissions.
  • Sticky Bit (t): On directories, only the owner can delete files.

Example:

chmod u+s file.sh    # Set SetUID
chmod g+s dir/       # Set SetGID
chmod +t /tmp        # Set Sticky Bit

Special bits in binary mode #

Special permission bits (SetUID, SetGID, and Sticky Bit) also follow binary logic:

Special BitBinaryOctal
---0000
--t0011
-s- (SetGID)0102
s-- (SetUID)1004

For example, chmod 1755 would correspond to:

  • 1 → Sticky Bit --t on a directory
  • 7 → Owner rwx
  • 5 → Group r-x
  • 5 → Others r-x

Further readings #

Sources and recommended, further resources on the topic:

Author

Jonas Jared Jacek • J15k

Jonas Jared Jacek (J15k)

Jonas works as project manager, web designer, and web developer since 2001. On top of that, he is a Linux system administrator with a broad interest in things related to programming, architecture, and design. See: https://www.j15k.com/

License

License: Permissions in Linux explained by Jonas Jared Jacek is licensed under CC BY-SA 4.0.

This license requires that reusers give credit to the creator. It allows reusers to distribute, remix, adapt, and build upon the material in any medium or format, for noncommercial purposes only. To give credit, provide a link back to the original source, the author, and the license e.g. like this:

<p xmlns:cc="http://creativecommons.org/ns#" xmlns:dct="http://purl.org/dc/terms/"><a property="dct:title" rel="cc:attributionURL" href="https://www.ditig.com/permissions-in-linux">Permissions in Linux explained</a> by <a rel="cc:attributionURL dct:creator" property="cc:attributionName" href="https://www.j15k.com/"></a> is licensed under <a href="https://creativecommons.org/licenses/by-sa/4.0/" target="_blank" rel="license noopener noreferrer">CC BY-SA 4.0</a>.</p>

For more information see the Ditig legal page.


“Learning from conventions will make your site better.”

Jeffrey Veen, American designer and design strategistThe Art & Science of Web Design, - IT quotes