Linux File Permissions
- Linux permissions work and how to manage them. It covers basics, notation, essential commands, special modes, and real-world practices.
Permission Basics
Types
- r (read) → View file contents
- w (write) → Modify file
- x (execute) → Run file
For directories:
- r → List names
- w → Create/remove files
- x → Enter (traverse)
Categories
- Owner (user) → File creator
- Group → Group members
- Others → Everyone else
Permissions are applied separately to each category.
Reading Notation
Symbolic Example
rwxr-xr--
- Owner → rwx (read, write, execute)
- Group → r-x (read, execute)
- Others → r– (read only)
Numeric (Octal)
| Permission | Value |
|---|---|
| r | 4 |
| w | 2 |
| x | 1 |
Example:
755 → (7)(5)(5)
7 = rwx (4+2+1)
5 = r-x (4+1)
5 = r-x (4+1)
Common Patterns
| Code | Meaning | Use Case |
|---|---|---|
| 777 | rwxrwxrwx | ❌ Avoid (security risk) |
| 755 | rwxr-xr-x | Directories, executables |
| 750 | rwxr-x— | Team-shared scripts |
| 644 | rw-r–r– | Regular files |
| 600 | rw——- | Secrets (SSH keys) |
| 700 | rwx—— | Private scripts/dirs |
Essential Commands
View Permissions
ls -l
Example:
-rwxr-xr-- 1 alice dev 5320 Mar 26 script.sh
Change Permissions
Numeric Mode
chmod 755 file
Symbolic Mode
chmod u=rwx,go=rx file
chmod g+w file
chmod o-r file
Change Ownership
chown newuser file
chown -R user:group dir
Change Group
chgrp dev file
Default Permissions (umask)
Check:
umask
Set:
umask 022
| Umask | File Default | Dir Default |
|---|---|---|
| 022 | 644 | 755 |
| 027 | 640 | 750 |
Special Permissions
SUID (Set User ID)
- Executes file as owner
- Symbol:
s(user position)
chmod u+s file
Example:
rwsr-xr-x
SGID (Set Group ID)
- Executes as group
- Directories inherit group
chmod g+s dir
Example:
rwxr-sr-x
Sticky Bit
- Only owner/root can delete files in directory
chmod +t dir
Example:
rwxrwxrwt
🌍 Real-World Usage
-
Web content
- Directories:
755 - Files:
644
- Directories:
-
Team repository
- Use group ownership
- Enable SGID
- Set
umask 027
-
Private keys
chmod 600 ~/.ssh/id_rsa
- Executable script
chmod 750 script.sh
✅ Best Practices
-
Follow least privilege principle
-
Avoid
777permissions -
Prefer group access over public access
-
Use:
- SGID → shared directories
- Sticky bit → public writable dirs
-
Avoid unnecessary SUID
-
Audit SUID/SGID files regularly
-
Set proper umask
022→ general use027→ secure/shared environments
🚀 Quick Cheat Sheet
| Task | Command |
|---|---|
| View permissions | ls -l |
| Change permissions | chmod |
| Change owner | chown |
| Change group | chgrp |
| Set default permissions | umask |
