Linux is a multi-user system where different users and processes can access and manipulate files and directories. To maintain security and limit unauthorized access, Linux employs a comprehensive permissions system. Each file and directory in your Linux system is assigned access rights (or permissions) for the owner of the file, the members of a group of related users, and everybody else. Understanding file permissions is fundamental for the security of your Linux environment. They dictate who can access files and directories, and what users can do with them. This guide offers a comprehensive overview of Linux file and directory permissions, how they can be viewed, and how they can be changed.
Types of Permissions in Linux
There are three types of permissions (or permission modes) that Linux allows for each file or directory. They are:
- Read (r): The file can be opened, and its content viewed. For a directory, the read permission allows you to list the contents of the directory.
- Write (w): The file can be modified; for a directory, the write permission allows you to create, delete, and rename files within the directory.
- Execute (x): The file can be executed as a program. For a directory, the execute permission allows you to access, or traverse into, the directory, and access any of its contents.
These permissions are defined for the following types of users. These are also known as permission classes.
- User (u): The owner of the file.
- Group (g): Users who are members of the file's group.
- Others (o): Users who are not the owners of the file and do not belong to the group.
- All (a): Represents all three types of access classes.
Linux File Permissions in Binary, Octal, String Formats
In Linux, file permissions can be expressed in three different ways: Binary, Octal, or a Symbolic string representation. Here's how each works:
1. Binary Representation
Each permission is represented as a bit. Read is 4 (
100 in binary), Write is 2 (
010 in binary), and Execute is 1 (
001 in binary). So, for example, full permissions (read, write, execute) would be
111 in binary, which stands for
2. Octal Representation
This is the most common way to represent permissions, and it's really just a compact form of binary representation.
Each digit in octal corresponds to three bits in binary, which is perfect for
rwx permissions. So, for example, full permissions (read, write, execute) would be
7 in octal (since 4+2+1=7), which also stands for
rwx. No permissions would be
---), read-only would be
r--), write-only would be
-w-), execute-only would be
To put this in simple words, the numeric value
421 in terms of file permissions in a Linux system stands for
rwx, where each character corresponds to a different type of access:
When looking at permissions in the terminal, you'll usually see three octal digits in a row, like
777, which represents the permissions for the owner, the group, and all other users respectively.
3. String (symbolic) Representation
This is the most human-readable form. Each permission is represented by a letter:
r for read,
w for write,
x for execute. So, for example, full permissions would be
rwx, read and write would be
rw-, and read and execute would be
Again, when looking at permissions in the terminal, you'll usually see three sets of these permissions in a row, like
rwxrwxrwx, which represents the permissions for the owner, the group, and all other users respectively.
So to summarize, if you have full permissions, you could represent it in binary as
111, in octal as
7, or as a string as
rwx. Similarly, if you only had read and write permissions, you could represent it in binary as
110, in octal as
6, or as a string as
Linux File Permissions Table
You can print the following table and put it on your desk to easily recall the Linux file permissions.
|Binary Representation||Octal Representation||String Representation||Permission Type|
|011||3||-wx||Write & Execute|
|101||5||r-x||Read & Execute|
|110||6||rw-||Read & Write|
|111||7||rwx||All (Read, Write & Execute)|
Remember, each set of permissions corresponds to a role:
- The first set (rwx) corresponds to the owner of the file or directory.
- The second set (rwx) corresponds to the group that owns the file or directory.
- The third set (rwx) corresponds to all other users on the system.
Hopefully, you now have a basic understanding of Linux file permissions. Let's proceed to learn how to view and change permissions for files and directories in Linux.
View File and Directory Permissions in Linux
In Linux, you can use several commands to view file and directory permissions. In this tutorial, we will see how you can use
getfacl commands to check Linux file permissions.
1. Check File and Directory Permissions using ls Command
You can check the permissions of a file or directory by using the
ls -l command.
Let me show you an example.
$ ls -l Documents/
The output will display a list of files and directories along with their permissions, number of links, owner, group, size, and time of last modification.
total 8 drwxr-xr-x 2 ostechnix ostechnix 4096 May 24 13:42 dir1 -rw-r--r-- 1 ostechnix ostechnix 78 May 24 13:35 file.txt
When you run the above command in your Linux system, the output of this command would look something like this:
-rw-r--r--. This is a sequence of ten characters:
- The first character indicates the type of the file: a dash (
-) means it's a regular file,
dstands for a directory, and there are other types as well (
bfor block device,
cfor character device,
sfor socket, and
pfor named pipe).
- The next nine characters represent the permissions for user, group, and others. Each set of three characters (
x) correspond to read, write, and execute permissions. If a dash appears instead of a letter, that permission is not granted. The first set of three applies to the user, the second set applies to the group, and the third set applies to others.
In the case of dir1, it is a directory (
d), and the owner (
ostechnix) has read, write, and execute permissions (
rwx). Both the group and others have read and execute permissions (
file.txt, it is a file (
-), and the owner (
ostechnix) has read and write permissions (
rw-). Both the group and others only have read permissions (
2. Check File and Directory Permissions using stat Command
stat command is used to display more detailed information about a file or directory, including the permissions in numeric (octal) form.
$ stat Documents/
File: Documents/ Size: 4096 Blocks: 8 IO Block: 4096 directory Device: 10302h/66306d Inode: 1572889 Links: 3 Access: (0755/drwxr-xr-x) Uid: ( 1000/ostechnix) Gid: ( 1000/ostechnix) Access: 2023-05-24 13:42:26.669502054 +0530 Modify: 2023-05-24 13:42:16.849490036 +0530 Change: 2023-05-24 13:42:16.849490036 +0530 Birth: 2022-04-02 15:20:56.520250104 +0530
Look for the line in the output that begins with
Access: (0755/drwxr-xr-x) (the numbers and letters might be different based on the file's permissions). In the example output, the number
0755 is the permission in octal form, and
drwxr-xr-x is the permission in symbolic form.
Apart from the permissions, stat command also displays other useful details. Here's what each piece of information means:
- File: This is the name of the file or directory, in this case, Desktop/.
- Size: This is the total size of the file or directory in bytes, in this case,
- Blocks: This is the number of file system blocks allocated for this file or directory, in this case,
- IO Block: This is the size of every block this file or directory occupies. It is
4096bytes, which is typical for many filesystems.
- Device: This field represents the device number in hexadecimal form on which the file or directory resides.
- Inode: This is the inode number, a unique identifier for every file and directory on a Unix-like operating system.
- Links: This is the number of hard links to the file or directory. Directories will always have at least two links: one for the directory name and one for '
.', the alias for the current directory.
- Access: This line shows the permissions of the file or directory in both numeric and symbolic form, along with the user ID (
Uid) and group ID (
Gid) in both numeric and symbolic form. In this case, the permissions are
drwxr-xr-x(symbolic), and the user and group are both ostechnix.
- Access, Modify, Change: These lines indicate the last time the file or directory was accessed, modified, and changed respectively. Access refers to when the file or directory was last read, Modify refers to when the file or directory's content was last modified, and Change refers to when the file or directory's metadata (such as permissions or ownership) was last changed.
- Birth: This is the creation time of the file or directory. However, not all filesystems support the tracking of this information.
3. Check File and Directory Permissions using getfacl Command
getfacl command is used to get the Access Control List (ACL) for a file or directory. ACL is a more flexible permission mechanism than the traditional Unix permissions system.
$ getfacl Documents/
# file: Documents/ # owner: ostechnix # group: ostechnix user::rwx group::r-x other::r-x
The above command is used to display the ACL entries for the
Documents directory. Here's a breakdown of the output:
# file: Documents/: This line indicates the file or directory for which the ACL entries are being displayed. In this case, it is the
# owner: ostechnix: This line displays the owner of the file or directory. Here,
ostechnixis the owner.
# group: ostechnix: This line shows the group owner of the file or directory. The group owner is also
user::rwx: This entry shows the permissions of the owner of the file or directory.
rwxmeans the owner (ostechnix) has read (
r), write (
w), and execute (
group::r-x: This entry shows the permissions of the group.
r-xmeans the group members have read (
r) and execute (
x) permissions, but not write (
other::r-x: This entry shows the permissions for others (everyone else who is not the owner or a part of the group). Here, others also have read (
r) and execute (
x) permissions, but not write (
Change Linux File Permissions using chmod Command
You can change the permissions with the
chmod command in Linux.
chmod (stands for "Change Mode") command is used to change the permissions of a file or directory in Linux. It uses either symbolic notation (like
rwx) or octal notation (like
755) to represent permissions.
To set or change permissions, we can use the plus (
+) and minus (
-) and equal to (
=) operators in
Here's a brief explanation of how the
= operators work in the
+operator adds permissions to a file or directory without changing the existing permissions. For example, if you want to add execute (
x) permission to the user (
u) on a file, you would use
chmod u+x filename.
-operator removes permissions from a file or directory without changing the remaining permissions. For example, if you want to remove write (
w) permission from the group (
g) on a file, you would use
chmod g-w filename.
=operator sets the permissions exactly as specified, disregarding the current permissions. For example, if you want to set the user (
u) permissions to read and write (
rw) only, removing execute if it's there, you would use
chmod u=rw filename.
Now let us learn some examples of using the
chmod command in both symbolic and octal notation.
Warning: Remember, it's important to carefully use the
chmod command, as inappropriate permissions can lead to security vulnerabilities.
To add read, write, and execute permissions to the owner of the file named '
$ chmod u+rwx file.txt
To remove write permission from the group and others for '
$ chmod go-w file.txt
To add execute permission to the group for '
$ chmod g+x file.txt
To set the permissions so that the user can read/write, the group can read, and others can't access '
$ chmod u=rw,g=r,o= file.txt
To add read permission to all (user, group, others) for '
$ chmod a+r file.txt
To give read, write, and execute permissions to the owner, and read and execute permissions to the group and others for '
$ chmod 755 file.txt
To give read and write permissions to the owner, and only read permissions to the group and others for '
$ chmod 644 file.txt
To give all permissions (read, write, execute) to the owner, and no permissions to the group and others for '
$ chmod 700 file.txt
To give read and execute permissions to everyone for '
$ chmod 555 file.txt
To give write and execute permissions to the group for '
$ chmod 070 file.txt
For more details, refer
chmod manual page by entering the following command:
$ man chmod
Frequently Asked Questions
Here's a FAQ (Frequently Asked Questions) for
Chmod stands for "Change Mode". It's a Linux/Unix command used to change or modify the permissions of files and directories.
There are three types of permissions in Linux: read (
r), write (
w), and execute (
You can use the chmod command in two ways: using numeric (octal) representation or symbolic representation. For example, '
chmod 755 filename' or '
chmod u=rwx,g=rx,o=rx filename'.
The command '
chmod 777' gives read, write, and execute permissions to the user, group, and others for a particular file or directory. This is generally not advisable for most files due to security concerns.
You can remove permissions using the '
-' operator. For example, '
chmod u-w filename' removes write permission for the user.
The 'a' in chmod stands for 'all', i.e., all classes of users - the owner, the group, and others.
You can set exact permissions using the '
=' operator. For example, '
chmod u=rwx filename' sets the user's permissions to exactly read, write, and execute, removing all others.
Yes, you can change permissions of multiple files at once by using the
chmod command followed by the desired permissions and then the file names, separated by spaces. For example, '
chmod 644 file1 file2 file3'.
You can view the permissions of a file using the '
ls -l' command, which will display the permissions in the leftmost column of the output.
There is no direct 'undo' command for
chmod. However, you can manually change the permissions back to their original state if you know what they were. It's a good practice to check permissions (using '
ls -l') before changing them.
Understanding and managing file and directory permissions is critical to securing your Linux environment and controlling access to your data. As a system administrator or a regular Linux user, mastering the
chmod command is very important for effectively managing access to your files and directories in Linux.