What are File Permissions?
Every file and directory in Linux has permissions that control who can do what with it. There are three things you can do with a file: read it, write to it, or execute it. And there are three types of users: the owner, the group, and everyone else.
Why does this matter? Permissions keep your system safe. Without them, any user could delete system files or read your private data.
The Permission Model
graph TD
F[File or Directory] --> O[Owner]
F --> G[Group]
F --> E[Others]
O --> OR[Read]
O --> OW[Write]
O --> OX[Execute]
G --> GR[Read]
G --> GW[Write]
G --> GX[Execute]
E --> ER[Read]
E --> EW[Write]
E --> EX[Execute]
style F fill:#1e293b,stroke:#1e293b,color:#fff,stroke-width:2px
style O fill:#3b82f6,stroke:#2563eb,color:#fff,stroke-width:2px
style G fill:#10b981,stroke:#059669,color:#fff,stroke-width:2px
style E fill:#f59e0b,stroke:#d97706,color:#fff,stroke-width:2px
style OR fill:#dbeafe,stroke:#3b82f6,stroke-width:2px
style OW fill:#dbeafe,stroke:#3b82f6,stroke-width:2px
style OX fill:#dbeafe,stroke:#3b82f6,stroke-width:2px
style GR fill:#d1fae5,stroke:#10b981,stroke-width:2px
style GW fill:#d1fae5,stroke:#10b981,stroke-width:2px
style GX fill:#d1fae5,stroke:#10b981,stroke-width:2px
style ER fill:#fef3c7,stroke:#f59e0b,stroke-width:2px
style EW fill:#fef3c7,stroke:#f59e0b,stroke-width:2px
style EX fill:#fef3c7,stroke:#f59e0b,stroke-width:2px
Each file has 9 permission bits: 3 for the owner, 3 for the group, and 3 for everyone else.
The Three Permission Types
Read (r)
For files: You can see the contents of the file.
For directories: You can list the files inside the directory.
Write (w)
For files: You can change, add to, or delete the contents.
For directories: You can create, rename, or delete files inside it.
Execute (x)
For files: You can run the file as a program or script.
For directories: You can cd into the directory.
The Three User Categories
created the file
same group
on the system
Example: If "john" creates a file and belongs to the "developers" group, then john is the owner, anyone in the developers group is the group, and everyone else falls under others.
Reading Permissions with ls -l
Run ls -l to see file permissions. Here is what the output looks like:
-rwxr-xr-- 1 john developers 4096 Mar 22 script.sh
-rw-r--r-- 1 john developers 1024 Mar 22 notes.txt
drwxr-xr-x 2 john developers 4096 Mar 22 projects/
That 10 character string at the start is the permission string. Let's break it down:
Breaking Down -rwxr-xr--
graph LR
A["-"] --> B["rwx"]
B --> C["r-x"]
C --> D["r--"]
A -.- A1["File type: - = file, d = directory"]
B -.- B1["Owner: read, write, execute"]
C -.- C1["Group: read, execute"]
D -.- D1["Others: read only"]
style A fill:#64748b,stroke:#475569,color:#fff,stroke-width:2px
style B fill:#3b82f6,stroke:#2563eb,color:#fff,stroke-width:2px
style C fill:#10b981,stroke:#059669,color:#fff,stroke-width:2px
style D fill:#f59e0b,stroke:#d97706,color:#fff,stroke-width:2px
style A1 fill:#f1f5f9,stroke:#cbd5e1,stroke-width:1px
style B1 fill:#dbeafe,stroke:#93c5fd,stroke-width:1px
style C1 fill:#d1fae5,stroke:#6ee7b7,stroke-width:1px
style D1 fill:#fef3c7,stroke:#fcd34d,stroke-width:1px
A dash (-) in place of r, w, or x means that permission is not set. So r-- means read only, and r-x means read and execute but no write.
Octal (Number) Notation
Instead of letters, you can represent permissions as numbers. Each permission has a value:
| Permission | Value |
|---|---|
| Read (r) | 4 |
| Write (w) | 2 |
| Execute (x) | 1 |
| No permission (-) | 0 |
You add them up for each user category. For example:
| Combo | Calculation | Octal | Meaning |
|---|---|---|---|
rwx |
4 + 2 + 1 | 7 |
Full access |
rw- |
4 + 2 + 0 | 6 |
Read and write |
r-x |
4 + 0 + 1 | 5 |
Read and execute |
r-- |
4 + 0 + 0 | 4 |
Read only |
--- |
0 + 0 + 0 | 0 |
No access |
So 755 means: owner gets 7 (rwx), group gets 5 (r-x), others get 5 (r-x).
Calculate Permissions Instantly
Don't want to do the math? Use our chmod calculator to convert between octal and symbolic permissions.
Try Chmod Calculator →The chmod Command
Use chmod to change file permissions. There are two ways to use it:
Using Octal Numbers
chmod 755 script.sh
# Owner: rw-, Group: r--, Others: r--
chmod 644 config.txt
# Owner: rw-, Group: ---, Others: ---
chmod 600 secrets.env
Using Symbolic Notation
You can also add or remove specific permissions using letters:
chmod u+x script.sh
# Remove write permission for group and others
chmod go-w report.txt
# Add execute for everyone
chmod +x deploy.sh
# Set exact permissions for owner, remove all for others
chmod u=rwx,go=r file.txt
The letters: u = owner (user), g = group, o = others, a = all three. The operators: + adds, - removes, = sets exactly.
Common Permission Presets
Scripts and executables. Owner can do everything. Everyone else can read and run it but not change it.
Regular files. Owner can read and write. Everyone else can only read. This is the default for most files.
Private files. Only the owner can read and write. Nobody else can even see the contents. Good for SSH keys and passwords.
Private directories. Only the owner can do anything. Good for personal folders you want to keep locked down.
Read-only for everyone. Nobody can change the file, not even the owner (without changing permissions first).
Changing Ownership
Permissions control what you can do. Ownership controls who the owner and group are. Use chown to change them:
chown john file.txt
# Change owner and group
chown john:developers file.txt
# Change ownership of a directory and everything inside it
chown -R john:developers /var/www/
Note: You need sudo to change file ownership unless you already own the file.
Quick Reference
graph LR
A[What do you need?] --> B[Make a script runnable?]
A --> C[Protect a private file?]
A --> D[Share with your team?]
A --> E[Web server files?]
B --> B1["chmod 755 | rwxr-xr-x"]
C --> C1["chmod 600 | rw-------"]
D --> D1["chmod 664 | rw-rw-r--"]
E --> E1["chmod 644 | rw-r--r--"]
style A fill:#1e293b,stroke:#1e293b,color:#fff,stroke-width:2px
style B1 fill:#dbeafe,stroke:#3b82f6,stroke-width:2px
style C1 fill:#fef3c7,stroke:#f59e0b,stroke-width:2px
style D1 fill:#d1fae5,stroke:#10b981,stroke-width:2px
style E1 fill:#e0e7ff,stroke:#6366f1,stroke-width:2px
Need Help With Permissions?
Use our free chmod calculator to convert between octal and symbolic notation, pick permissions with checkboxes, and get ready-to-use commands.
Open Chmod Calculator →Keep Learning
Now that you understand file permissions, explore more Linux topics:
- Linux Directory Structure - Understand where files live and what each directory is for
- Cron Jobs Explained - Schedule tasks to run automatically
- Linux Commands Cheat Sheet - Essential terminal commands you should know
