Linux File Permissions Explained

In Linux, file permissions, attributes, and ownership control the access level that the system processes and users have to files. This ensures that only authorized users and processes can access specific files and directories.

Linux File Permissions #

The basic Linux permissions model works by associating each system file with an owner and a group and assigning permission access rights for three different classes of users:

• The file owner.
• The group members.
• Others (everybody else).

File ownership can be changed using the chown and chgrp commands.

Three file permissions types apply to each class of users:

• The read permission.
• The write permission.
• The execute permission.

This concept allows you to control which users can read the file, write to the file, or execute the file.

To view the file permissions, use the ls command:

ls -l file_name

-rw-r--r-- 12 linuxize users 12.0K Apr  28 10:10 file_name
|[-][-][-]-   [------] [---]
| |  |  | |      |       |
| |  |  | |      |       +-----------> 7. Group
| |  |  | |      +-------------------> 6. Owner
| |  |  | +--------------------------> 5. Alternate Access Method
| |  |  +----------------------------> 4. Others Permissions
| |  +-------------------------------> 3. Group Permissions
| +----------------------------------> 2. Owner Permissions
+------------------------------------> 1. File Type

The first character indicates the file type. It can be a regular file (-), directory (d), a symbolic link (l), or other special types of files. The following nine characters represent the file permissions, three triplets of three characters each. The first triplet shows the owner permissions, the second one group permissions, and the last triplet shows everybody else permissions.

In the example above, rw-r--r-- means that the file owner has read and write permissions (rw-), the group and others have only read permissions (r--).

File permissions have a different meaning depending on the file type.

Each of the three permission triplets can be constructed of the following characters and have different effects, depending on whether they are set to a file or to a directory:

Effect of Permissions on Files

Effect of Permissions on Directories (Folders)

Directories are special types of files that can contain other files and directories.

Changing File Permissions #

File permissions can be changed using the chmod command. Only root, the file owner, or a user with sudo privileges can change the permissions of a file. Be extra careful when using chmod, especially when changing permissions recursively. The command can accept one or more files and/or directories separated by spaces as arguments.

Permissions can be specified using a symbolic mode, numeric mode, or a reference file.

Symbolic (Text) Method #

The syntax of the chmod command when using the symbolic mode has the following format:

chmod [OPTIONS] [ugoa…][-+=]perms…[,…] FILE...

The first set of flags ([ugoa…]), called user flags, defines the user classes whose permissions will be changed.

• u - The file owner.
• g - The users who are members of the group.
• o - All other users.
• a - All users, identical to ugo.

When the users’ flag is omitted, it defaults to a.

The second set of flags ([-+=]), the operation flags, defines whether the permissions are to be removed, added, or set:

• - - Removes the specified permissions.
• + - Adds specified permissions.
• = - Changes the current permissions to the specified permissions. If no permissions are given after the = symbol, all permissions from the specified user class are removed.

The permissions (perms...) are explicitly set using either zero or one or more of the following letters: r, w, x, X, s, and t. Use a single letter from the set u, g, and o when copying permissions from one to another users’ class.

When setting permissions for more than one user class ([,…]), use commas (without spaces) to separate the symbolic modes.

Here are some examples of how to use the chmod command in symbolic mode:

• Give the members of the group permission to execute the file, but not to read and write to it:

  Terminal

  chmod g=x filename

• Remove the write permission for all users:

  Terminal

  chmod a-w filename

• Recursively remove the execute permission for other users:

  Terminal

  chmod -R o-x dirname

• Remove the read, write, and execute permission for all users except the file’s owner:

  Terminal

  chmod og-rwx filename

  The same thing can also be accomplished by using the following form:

  Terminal

  chmod og= filename

• Give read, write and execute permission to the file’s owner, read permissions to the file’s group, and no permissions to all other users:

  Terminal

  chmod u=rwx,g=r,o= filename

Numeric Method #

The syntax of the chmod command when using the numeric mode has the following format:

chmod [OPTIONS] NUMBER FILE...

When using the numeric mode, you can set the permissions for all three user classes (owner, group, and all others) at the same time.

The permission number can be a 3-digit or 4-digit number. When a 3-digit number is used, the first digit represents the permissions of the file’s owner, the second one the file’s group, and the last one all other users.

Each write, read, and execute permissions have the following number value:

• r (read) = 4
• w (write) = 2
• x (execute) = 1
• no permissions = 0

The permissions number of a specific user class is represented by the sum of the values of the permissions for that group.

To find out the file’s permissions in numeric mode, simply calculate the totals for all users’ classes. For example, to give read, write and execute permission to the file’s owner, read and execute permissions to the file’s group and only read permissions to all other users, you would do the following:

• Owner: rwx=4+2+1=7
• Group: r-x=4+0+1=5
• Others: r–=4+0+0=4

Using the method above, we get the number 754, which represents the desired permissions.

To set the setuid, setgid, and sticky bit flags, use a 4-digit number.

When a 4-digit number is used, the first digit has the following meaning:

• setuid=4
• setgid=2
• sticky=1
• no changes = 0

The next three digits have the same meaning as when using 3 digits number.

If the first digit is 0 it can be omitted, and the mode can be represented with 3 digits. The numeric mode 0755 is the same as 755.

To calculate the numeric mode, you can also use another method (binary method), but it is a little more complicated. Knowing how to calculate the numeric mode using 4, 2, and 1 is sufficient for most users.

You can check the file’s permissions in the numeric notation using the stat command:

stat -c "%a" file_name

Here are some examples of how to use the chmod command in numeric mode:

• Give the file’s owner read and write permissions and only read permissions to group members and all other users:

  Terminal

  chmod 644 file

• Give the file’s owner read, write and execute permissions, read and execute permissions to group members and no permissions to all other users:

  Terminal

  chmod 750 file

• Give read, write, and execute permissions, and a sticky bit to a given directory:

  Terminal

  chmod 1777 dirname

• Recursively set read, write, and execute permissions to the file owner and no permissions for all other users on a given directory:

  Terminal

  chmod -R 700 dirname

Quick Reference #

For a printable quick reference, see the chmod cheatsheet .

Common permission values:

Symbolic chmod examples:

FAQ #

What is the difference between chmod and chown?
chmod changes the permission bits (read, write, execute) on a file. chown changes the file’s owner and group. Both affect who can access the file, but they control different aspects.

What does chmod 777 mean and is it safe?
777 gives read, write, and execute permission to the owner, group, and all other users. It is rarely appropriate and should be avoided on files that contain sensitive data or are executable by services, as it allows anyone on the system to modify or run them.

Why does a directory need execute permission?
On a directory, execute permission allows you to enter it and access items inside it by name. Without execute permission, you can list the directory contents only in limited cases, but you cannot traverse it with commands such as cd or open files within it.

What is the sticky bit and when should I use it?
The sticky bit on a directory (mode 1xxx, shown as t in ls -l) restricts deletion so that only the file’s owner, the directory’s owner, or root can delete files inside it. It is used on shared directories like /tmp to prevent users from deleting each other’s files.

What is setuid and why is it dangerous?
When set on an executable file, setuid causes the file to run with the owner’s privileges rather than the caller’s. For example, /usr/bin/passwd is setuid root so ordinary users can change their own password. Misusing setuid on custom scripts is a common privilege escalation risk.

How do I view permissions in numeric mode?
Use the stat command: stat -c "%a %n" file. It prints the octal permission value alongside the filename.

Conclusion #

In Linux, access to files is controlled through permission bits assigned to three classes — owner, group, and others. Use chmod with symbolic or numeric mode to change permissions, and use ls -l or stat to inspect them. For a focused command reference, see the chmod command guide .

About the authors

Dejan Panovski

Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.

View author page