Linux File Permissions Explained, In-Depth Guide

Every file on a Linux system has permissions assigned to it. For new users, understanding file permissions on Linux can be somewhat confusing. In this guide, you will learn about Linux file permissions through simple explanations, examples, and screenshots. Ready to master file permissions on Linux?

This guide will take place entirely in the terminal on our Manjaro Linux system. File permissions will work the same on any Linux distribution, so you’ll be able to follow along regardless of your operating system.

Viewing File Permissions

Before we get started, you’ll at least need to know how to view the permissions of a file. You can use the ls command to see the permissions of files in your current directory. That command by itself will omit permissions, so be sure to append the -l flag.

ls -l

The ls command showing file permissions of the files in our present working directory

File Ownership

The first thing you should direct your attention to is the owner and group of the files, seen here:

Viewing owner and group of listed files in Linux terminal

In our example, some-directory belongs to user ddt and group office, while some-file.sh belongs to the root user and group.

Now that we know who our files belong to, let’s look at the permissions that have been set on these files.

File Permissions – Read, Write, Execute

The very first character from the ls -l output indicates the type of file.

The first character in ls -l output showing the file type

In the screenshot above, the d is for directory and the - represents a file. You may see other file types throughout your system, such as l for a symbolic link, but directories and regular files will comprise the vast majority of what you find.

Directly after the file type character, you’ll see the permissions of our files.

The permissions of an example file and directory listed with ls command

That’s right, this mixture of r, w, x, and - represents the permissions to our files.

Here’s what those letters stand for:

  • r = read
  • w = write
  • x = execute

And here’s what each permission means:

Read: Permission to access and open the file, but not make changes to or delete the file. This permission also doesn’t grant the ability to execute a file (applicable to scripts or other executable files).

Write: Permission to edit the file and save changes to it, rename it, delete it.

Execute: Permission to execute or “run” the file. Applies mostly to bash scripts, software installers, etc.

: No permission.

Owner Permissions

The permissions granted to the owner of the file are represented in the first three characters.

File permissions for file owner

In the screenshot above, you can see that user ddt is the owner of some-directory, for which he has permissions of rwx (read + write + execute). Below that, you can see that the root user owns some-file.sh and has rw- (read + write) permissions on it.

Group Permissions

The next three characters indicate the permissions for the file’s group.

File permissions for file group

some-directory belongs to the office group and has r-x (read + execute) permissions. This means that users in the office group will be able to enter the directory and read its contents, but cannot make changes to the directory since they lack the write permission.

Other Permissions

Finally, the last three characters are for other, meaning everyone else besides the owner and group.

File permissions for other

Notice that the permissions for other on some-file.sh are r-- (read only). That means all users who aren’t root or in the root group will only be able to read (open) the file, but not make changes to or execute it.

How to Change Owner and Group

Now that you understand how to interpret file permissions, let’s talk about how to change them. As you’ve seen already, the owner and group of a file go hand in hand with the permissions, so we’ll first go over how to change those.

The chown (change owner) command is used to change ownership of a file. For example, let’s change the owner of some-file.sh from user root to user ddt. Note that we’ll have to precede our command with sudo since we are taking ownership away from root.

sudo chown ddt some-file.sh

chown command in terminal to change file owner

Notice that ddt is now the owner of the file, but the permissions and group have remained exactly the same.

The chgrp (change group) command is used to change the group of a file. For example, let’s change the group of some-file.sh from root to office.

sudo chgrp office some-file.sh

chgrp command in terminal to change group of file

You can also save a little time by using the chown command to change both the owner and the group in a single command. The syntax is the same as we showed you above, but use a colon to separate the name of the owner and group.

sudo chown ddt:office some-file.sh

If you don’t want your file to belong to any particular group, you should just use the owner username for the group.

chown ddt:ddt some-file.sh

Changing owner and group of a file with a single command in terminal

If you need to change the owner and group of all files in a directory, you can use the -R option for recursive.

chown -R ddt:ddt some-directory

How to Change File Permissions

Changing permissions of a file is done with the chmod command. This command will accept two different types of syntax, “absolute” or “symbolic.”

Absolute Mode

Absolute mode uses numbers to represent permissions. In order to understand it, you’ll need to think of each permission (read, write, execute) as a number. Check out the table below.

Number Permission Symbol
0 No Permissions ---
1 Execute --x
2 Write -w-
3 Write + Execute -wx
4 Read r--
5 Read + Execute r-x
6 Read + Write rw-
7 Read + Write + Execute rwx

If Execute=1 and Write=2, then 3 (the sum of those numbers) would give Execute + Write permissions. With this in mind, all you really need to know is that Execute=1, Write=2, and Read=4. To combine different permissions, just add those numbers to each other.

Let’s look at the following example.

chmod 754 some-file.sh

That command is giving rwxr-xr-- permissions to some-file.sh.

  • 7 = 4+2+1 = rwx
  • 5 = 4+1 = r-x
  • 4 = 4 = r--

chmod absolute mode explained in terminal

Here are a few more examples, where we change the permissions of our file and view the changes each time:

chmod examples in terminal

If you need to change the permissions of all files in a directory, you can use the -R option for recursive.

chmod -R 750 some-directory

Symbolic Mode

Symbolic mode is another way to change file permissions. Unlike absolute mode, it can change permissions for just the user, group, or other without having to specify permissions for all of them.

Symbolic mode uses mathematical operators to assign permissions.

Operator Function
+ Add permission
- Remove permission
= Set permission

And it uses letter abbreviations to represent the owner, group, and other.

Letter Description
u user (owner)
g group
o other
a all

Let’s look at some examples. The following command would add execute permissions for the owner of some-file.sh.

chmod u+x some-file.sh

This is a command you should get familiar with, as it’s often used to quickly make a script executable.

Changing file permissions with chmod symbolic mode

Some more examples…

Give read permissions to everyone:

chmod a+r some-file.sh

Remove execute permission for other:

chmod o-x some-file.sh

Set group permissions to rw- (6):

chmod g=rw some-file.sh

Special Permissions

There’s one last area we need to cover: the special permissions setuid, setgid, and sticky bit. You probably won’t come across them often, but you need to know what they are in order to say you’ve mastered Linux file permissions.

Setuid

Setuid is short for “set user ID on execution.” This special permission allows a user to execute a program with the same level of access as the owner of the file.

A prime example would be the passwd program, which is owned by root but has setuid permission in order to allow normal users to execute the program. You can see this for yourself by checking out the /bin/passwd file. It’s represented by the s.

Showing setuid permission on passwd file in terminal

Set the setuid permission on a file with the following chmod command syntax in symbolic mode.

chmod u+s some-file.sh

Note that setting this permission will have no effect if the file doesn’t also have execute permission.

Setgid

Setgid is the same as setuid, except it’s for groups. This special permission will give users in a group the ability to execute a program with the same level of access as the owner of the file.

Set the setgid permission on a file with the following chmod command syntax in symbolic mode.

chmod g+s some-file.sh

Setgid works differently when set on a directory. If a directory has the setgid bit set, all files created within the directory will inherit the same group ownership as the directory, rather than the group of the owner.

Sticky Bit

The sticky bit permission is used on directories to disable everyone from deleting files in a directory except for the owner. It’s represented by t and you can see this being used on your system for the /tmp directory.

Showing sticky bit permission on tmp directory

Anyone can write to the /tmp directory but users cannot delete each other’s files.

Set the sticky bit permission of a directory with the following chmod command syntax in symbolic mode:

chmod +t some-directory

Set Special Permissions With Absolute Mode

You can also set special permissions in absolute mode. You’ll use the chmod command followed by your numbered permissions like normal, but add an extra number to the beginning. The numbers are as follows:

  • Setuid: 4
  • Setgid: 2
  • Sticky bit: 1

Set the setuid permission on a file with chmod in absolute mode.

chmod 4750 some-file.sh

Set the setgid permission on a file with chmod in absolute mode.

chmod 2750 some-file.sh

Set the sticky bit permission on a directory with chmod in absolute mode.

chmod 1750 some-directory

Leave a Reply

Your email address will not be published. Required fields are marked *