Explanation of Linux File Permissions

The UNIX file permissions are called Modes.

If you're coming over from Windows you probably never heard of file permissions, because Windows hides them (like so many other things) from you. However, they are really useful when correctly understood and applied by the User.

File permissions define who can access a particular file in which way (and to which extent). These permissions can be given to three classes:

  • User (Owner of the file)
  • Group (Group which owns the file)
  • Other (all users not included in the above classes)

There are also three permissions:

  • read (R), numerical value: 4
  • write (W), numerical value: 2
  • execute(X), numerical value: 1

The three permissions can be assigned to each of the three classes separately.
There are two ways of representing these values: either the numerical representation or the symbolic notation.

Symbolic Notation

The Symbolic notation works pretty simple. You simply type the letters out after each other in the correct order:

$ drwx rwx rwx # DIRECTORY | USER | GROUP | OTHER

-> d: this is a directory
-> first rwx: User (Owner) can read, write and execute
-> second rwx: Group can read, write and execute
-> third rwx: Everyone else can also read, write and excute
BTW: this is usually bad

To forbid a permissions, simply us a "-"

$ -rwxrw-r--

-> no d: this is a file (not a directory)
-> first rwx: User can read, write and execute
-> second rw-: Group members can read and write, but not execute
-> third r--: Everyone can read, but not execute or write

For important files (such as config-files) the following setup should be used:

$ -rw-----

-> not a directory
-> rw: User (Owner) can read and write
-> Everyone else can't do anything with the file

You can view more examples of the symbolic notation by typing:

$ ls -l

Numerical Notation

The numerical notation (which is actually the Octal representation)works a little bit different. It uses the Base 8 Octal numbering system which goes from 0-7. Each permission is assigned a specific value (see top) and you create different permissions by adding up these numbers. At first, it can be a bit confusing, but once you've figured it out, it is pretty straight forward (and quicker).

These octal numbers can easily be seen as binary numbers, i.e.:

 7   5   5  #Octal
111 101 101 #Binary
rwx r-x r-x #Permissions

Thanks to @bradscoolio

To create the permission R+W, we need to add 4 and 2 (=6).
To create the permission R+W+X, we need to add 4, 2 and 1 (=7).
For read-only mode, we simply use 4.

An example:

$ 764 ( = -rwxrw-r-- )

-> User (Owner) can read, write and execute (4+2+1).
-> Group members can read and write (4+2).
-> Everyone else can read (4).

$ 600 ( = -rw------- )

-> User (Owner) can read and write.
-> Group members can not read, write or execute.
-> Everyone else can not read, write or execute.

Understood? Good! (If not simply post below)

How do I modify File permissions?

To change file permissions, Linux offers the tool chmod (to change modes).
Syntax:

$ chmod MODE FILE

MODE can either be the numerical or symbolic notation of the permissions.
It should be noted that you can shorten the symbolic notation by using the operators "+" and "-".
Also, to change the modes of a file, you need to own the file (-> chown).

$ chmod a+x file # Adds execution permission for all users (not just owner)  
$ chmod 777 file # Gives all users (not just owner) R+W+X permissions
$ chmod +x file #  Adds execution permission for user (owner)
$ chmod g-rw file # Removes R+W permissions from group members

You can check the current Modes with:

$ ls -l

Most important Modes:

$ chmod 600 file # owner can read and write
$ chmod 700 file # owner can read, write and execute
$ chmod 666 file # all can read and write
$ chmod 777 file # all can read, write and execute

Thanks to @cj1

Change Owner / Group of a file

To change the owner (user) and/or group of file, Linux offers the tools chown (change owner) as well as chgrp (change group).
Using chown you can change the owner and group of a file or folder:

$ ls -l
drwxr-xr-x  2 user user 4.0K Jan 31 08:26 Desktop
drwxr-xr-x  2 user user 4.0K Nov 15 02:33 Documents
drwxr-xr-x  3 user user 4.0K Mar 28 16:04 Downloads

In the above, the user and group are the same user, but lets change the owner of one to bob:

$ chown bob Desktop
$ ls -l
drwxr-xr-x  2 bob  user 4.0K Jan 31 08:26 Desktop
drwxr-xr-x  2 user user 4.0K Nov 15 02:33 Documents
drwxr-xr-x  3 user user 4.0K Mar 28 16:04 Downloads

Now bob owns Desktop. But want if we want the file to belong to bobs group as well? There is a quick shorthand:

$ chown bob:bob Downloads
drwxr-xr-x  2 bob  user 4.0K Jan 31 08:26 Desktop
drwxr-xr-x  2 user user 4.0K Nov 15 02:33 Documents
drwxr-xr-x  3 bob  bob  4.0K Mar 28 16:04 Downloads

If you want to change only the group, and not the user, use chgrp instead:

$ chgrp bob Downloads
drwxr-xr-x  2 bob  user 4.0K Jan 31 08:26 Desktop
drwxr-xr-x  2 user bob  4.0K Nov 15 02:33 Documents
drwxr-xr-x  3 bob  bob  4.0K Mar 28 16:04 Downloads

You may need to be root/use sudo to change the owner or group

Remember to use the -R argument (like chmod og+rw /home/me -R) to make it apply permissions to all the subfolders as well.

Thanks to @penguinpowernz

Default values (umask)

umask is the 'creation mask' for new files. That means umask is resposible for controlling the file permission a new file will get.

One tricky thing is that umask uses reverse octal, which means you have to subtract the umask value from 7 to get the real octal value.
An example:

  0   2   2 #umask
  7   5   5 #Octal
111 101 101 #Binary
rwx r-x r-x #Permissions

More information: umask man page

Thanks to @bradscoolio


Hopefully this guide has helped you understand the concept of UNIX Modes (i.e. file permissions).
Please let me know your thoughts in the comments below.

Also, check out my Explanation of Linux' Directory Hierarchy.

More resources:
Wikipedia: File system permissions
Wikipedia: UNIX Modes

8 Likes

Only thing that is missing here is the "sticky bit" explanation:

1 Like

Indeed, but I did leave this out on purpose for the sake of simplicity :-)

I think your first numerical notation example is wrong. Surely you mean 764?

Yes, thanks! *fixed

I think the most important quick reference ones for those new to linux are:

chmod 600 file – owner can read and write
chmod 700 file – owner can read, write and execute
chmod 666 file – all can read and write
chmod 777 file – all can read, write and execute

Yes, I included it.
But for me it is especially important that people actually undestand what they are doing, and don't just copy&paste everything they find on the internet.

1 Like

Agreed..... although I do love quick reference. Thats the only way I was able to survive in VIM for a long time.

Q: How to generate a random string ?
A: Put a fresh student in front of vim and tell him to quit....

I've heard of file permissions in Windows and I've used them extensively. Either you're wrong or I'm missing something here, so you'll have to explain yourself; how exactly does Windows hide them? Or is this just something you spew as Linux propaganda?

In spite of that rather large grain of salt, this was an informative post. Does Linux not have the List and Modify permissions like NTFS does?

All I was hinting at was that Windows file permissions are not (EDIT: deliberately) used by 99% of its userbase. Hence the "If you're coming over from Windows you probably never heard of ..."

I did not say there are none :-)

Your honor, I only raped that woman, I did not kill her :-) Before you say that you didn't commit any crime, let me explain that that was an analogy. Before you say that's too serious of an analogy, let me say that it's the same principle on a different magnitude.

What is the point of hinting at that? It sounds like you are taking a jab at stupid Windows users, so are you saying the users at Tek Syndicate are stupid and don't know permissions? If so, why are you teaching them to run before they can walk?

I would respectfully disagree with you. Virtually 100% of the userbase uses permissions, I don't even know of any modern filesystems without permissions. They may not know they're using it, but they are. Every time they try to access a file or directory that they don't have permission for, that's a permission setting at work.

Stop, please. Now.

I never said any of the Tek Syndicate users are stupid. Neither did I say Windows users are stupid. Please stop putting words into my mouth.
Also, the however-part (see at the top) applies to ALL operating systems - not just UNIX ones.

Furthermore, in the OP I said "never heard of file permissions" - I did not want to express no one uses them.

Oh right, since you like to hint at things, you only hinted about it. Sorry for inferring those words from your mouth.

Your asking me to stop not only won't stop me, but it may have the opposite effect. Luckily for you, I'll stop because you're a waste of my time. Something Churchill said about an unarmed man.

This is a nice guide, thanks, however, you're explanation of "numerical" permissions needs a little work. That's ok though, I'll help ;)

Alrighty, so, "numerical" permissions are actually called Octal permissions, as they are represented by the Base 8 Octal numbering system as it goes from 0 - 7 just as our Base 10 Decimal system goes from 0 - 9.

3 binary bits are needed to represent an Octal, such as:
1 in the 2^0 place = 1, a 1 in the 2^1 place = 2, and a 1 in the 2^2 place = 4 (7 = 4 + 2 + 1).

  7   7   7 #Octal
111 111 111 #Binary
rwx rwx rwx #Permissions

Therefor, if you think of the permissions in Binary, then it makes it easy to visualize what permissions are set in Octal. ie:

  7   5   5 #Octal
111 101 101 #Binary
rwx r-x r-x #Permissions

Now, you might be thinking "Then how the fuck does umask work?". Well, that's an easy explanation to a little bit of UNIX ass hatery.
umask represents the default governing permissions of files that are created on a filesystem. A umask of 022 gives files that are created permissions of 755. "WTF, that's not this Octal bullshit", well, sort of, it's octal in reverse order.
ie. 7 = 0, 6 = 1, 5 = 2, 4 = 3, 3 = 4, 2 = 5, 1 = 6, 0 = 7.

I like to think of it as 777 in Octal being the default for everything and then taking away the number from umask, resulting in what permission you'd actually be given.

  0   2   2 #umask
  7   5   5 #Octal
111 101 101 #Binary
rwx r-x r-x #Permissions

This isn't really the case for newly created text files though, *NIX systems don't like giving executable permission to any ol' text file, so they're something like 644 instead, or the equivalent Octal minus 1 for execution.

I hope this clarifies things :D

1 Like

Numbering systems are cool but strange to wrap your head around, they're easy enough once you get used to thinking in them, but because we're born into a world that uses Base 10 everything else seems odd.

I find it similar to learning how to think in Radians of a unit circle in mathematics as opposed to degrees :)

Kind sir, please read this: https://forum.teksyndicate.com/guidelines

Nice writeup, I always get o[wner] and u[sers] confused as others and user

Should also mention how chown works:

Using chown you can change the owner and group of a file or folder:

$ ls -l
drwxr-xr-x  2 user user 4.0K Jan 31 08:26 Desktop
drwxr-xr-x  2 user user 4.0K Nov 15 02:33 Documents
drwxr-xr-x  3 user user 4.0K Mar 28 16:04 Downloads

In the above, the user and group are the same user, but lets change the owner of one to bob:

$ chown bob Desktop
$ ls -l
drwxr-xr-x  2 bob  user 4.0K Jan 31 08:26 Desktop
drwxr-xr-x  2 user user 4.0K Nov 15 02:33 Documents
drwxr-xr-x  3 user user 4.0K Mar 28 16:04 Downloads

Now bob owns Desktop. But want if we want the file to belong to bobs group as well? There is a quick shorthand:

$ chown bob.bob Downloads
drwxr-xr-x  2 bob  user 4.0K Jan 31 08:26 Desktop
drwxr-xr-x  2 user user 4.0K Nov 15 02:33 Documents
drwxr-xr-x  3 bob  bob  4.0K Mar 28 16:04 Downloads

If you want to change the group, and not the user, use chgrp instead:

$ chgrp bob Downloads
drwxr-xr-x  2 bob  user 4.0K Jan 31 08:26 Desktop
drwxr-xr-x  2 user bob  4.0K Nov 15 02:33 Documents
drwxr-xr-x  3 bob  bob  4.0K Mar 28 16:04 Downloads

You may need to be root/use sudo to change the owner or group

Remember to use the -R argument (like chmod og+rw /home/me -R) to make it apply permissions to all the subfolders as well.

1 Like

Haha, me too! :D


Thanks @penguinpowernz and @bradscoolio!
I further expanded the post based upon your suggestions.