Linux’s permission system controls file security by defining who can read, write, or execute files. This chapter explains how to view and modify these permissions. Linux permissions enforce security boundaries, preventing unauthorized access to sensitive files (like configs, SSH keys, or databases) while enabling controlled sharing in multi-user environments. They protect against accidental deletions, malicious tampering, and privilege escalation—ensuring only authorized users and processes can read, modify, or execute files.
1. Understanding File Permissions
Every file/directory has permissions for three entities:
| Entity | Description |
|---|---|
| User (u) | Owner of the file |
| Group (g) | Users in the file’s group |
| Others (o) | Everyone else on the system |
View permissions with ls -l:
-rwxr-xr-- 1 user group 1024 Jan 1 10:00 file.txt-rwxr-xr--= Permission stringuser= Ownergroup= Group owner
2. Permission Types (rwx)
Each entity gets three permissions:
| Symbol | Permission | On Files | On Directories |
|---|---|---|---|
| r | Read | View file contents | List directory contents |
| w | Write | Modify file | Create/delete files |
| x | Execute | Run as a program | Enter (cd) into it |
Example Breakdown:-rwxr-xr--
- Owner (u):
rwx→ Read, Write, Execute - Group (g):
r-x→ Read, Execute - Others (o):
r--→ Read only
3. Changing Permissions (chmod)
A. Numeric Mode (Octal)
Permissions are represented as numbers:
- 4 = Read (
r) - 2 = Write (
w) - 1 = Execute (
x)
Add them for combined permissions:
- 7 (4+2+1) =
rwx - 6 (4+2) =
rw- - 5 (4+1) =
r-x
Common Examples:
chmod 755 file.txt # rwxr-xr-x (Owner: full, Group/Others: read+execute)
chmod 644 file.txt # rw-r--r-- (Owner: read+write, Others: read)
chmod 700 script.sh # rwx------ (Only owner can access)B. Symbolic Mode (Letters)
Modify permissions for specific entities:
u= Userg= Groupo= Othersa= All (default)
Operators:
+Add permission-Remove permission=Set exact permission
Examples:
chmod u+x script.sh # Add execute for owner
chmod go-w file.txt # Remove write from group & others
chmod a=rw shared.txt # Set read+write for everyone4. Changing Ownership (chown)
Transfer file ownership to another user.
chown newuser file.txt # Change owner
chown newuser:newgroup file.txt # Change owner & group
chown -R user:group /dir/ # Recursively change (for directories)5. Changing Group (chgrp)
Modify group ownership (alternative to chown):
chgrp developers file.txt
chgrp -R staff /project/ # Recursive changeCheat Sheet
| Command | Description |
|---|---|
ls -l | View permissions |
chmod 755 file | Set rwxr-xr-x |
chmod u+x file | Add execute for owner |
chown user file | Change owner |
chown user:group file | Change owner & group |
chgrp group file | Change group |
Practical Scenarios
- Make a script executable:
chmod +x install.sh
- Secure private files:
chmod 600 ~/.ssh/id_rsa # Only owner can read/write
- Share files with a group:
chmod 775 /team/docs/ # Group members can edit chgrp team /team/docs/