Linux 
Operating Systems 
Virtual ServersUnderstanding Linux File Permissions and How to Manage Them
One of the key foundations of Linux system security and multi-user architecture is its file permission model. Unlike Windows, Linux strictly enforces ownership and access control for every file and directory in the system. Mastering file permissions isn’t just about security — it’s essential for managing servers, deploying software, running scripts, and automating tasks.
The Linux File Permission Model
Every file and directory in Linux has three types of access rights, assigned to three types of users:
| User Class | Description |
|---|---|
| owner | The user who owns the file |
| group | Users in the file’s group |
| others | All other users on the system |
Each class can be given three types of permissions:
| Permission | Symbol | Meaning |
|---|---|---|
| read | r | View file contents / list dir |
| write | w | Modify file or directory |
| execute | x | Run file or access directory |
Viewing Permissions with ls -l
Use the ls -l command to display file permissions:
ls -l myscript.sh
Output:
-rwxr-xr-- 1 alice devs 2048 Jan 25 10:00 myscript.sh
Breakdown:
- – → regular file
- rwx → owner (read/write/execute)
- r-x → group (read/execute)
- r– → others (read only)
Changing Permissions with chmod
📌 Symbolic Mode:
chmod u+x myscript.sh # Add execute to user chmod g-w myscript.sh # Remove write from group chmod o=r myscript.sh # Set read-only for others
📌 Numeric Mode:
chmod 755 myscript.sh # rwx for owner, rx for group, rx for others
| Octal | Meaning |
|---|---|
| 7 | rwx |
| 6 | rw- |
| 5 | r-x |
| 4 | r– |
| 0 | — |
Example:
chmod 644 file.txt # owner: rw-, group: r--, others: r-- chmod 700 script.sh # owner: rwx, group/others: ---
Managing Ownership with chown and chgrp
Change file owner:
chown alice file.txt
Change group:
chgrp devs file.txt
Change both:
chown bob:admins file.txt
Use -R to apply changes recursively:
chown -R www-data:www-data /var/www/
Special Permission Bits
Linux supports three special modes that modify default behavior:
1. SUID (Set User ID)
- Applies to executable files
- Runs with owner’s privileges, not caller’s
chmod u+s /usr/bin/passwd
🔍 ls -l output: -rwsr-xr-x
Use case: /usr/bin/passwd must run as root to update /etc/shadow.
SGID (Set Group ID) s
- On files: run with file’s group privilege
- On directories: new files inherit the group
chmod g+s /opt/project
🔍 ls -l output: drwxr-sr-x
Useful in shared development folders.
Sticky Bit t
- On directories: only owner can delete/rename their files
- Common in /tmp to protect user files
chmod +t /shared/folder
ls -ld /tmpdrwxrwxrwt 10 root root 4096 Jan 28 12:00 /tmp
Understanding umask
The umask sets default permissions for new files/directories:
Check current value: umask
Common value: 0022
| File | Default perms | With umask 0022 |
|---|---|---|
| File | 666 → 644 | rw-r–r– |
| Dir | 777 → 755 | rwxr-xr-x |
Set temporary umask:
umask 0077 # Files: 600, Dirs: 700
Recursive Permission Fixes
Set folder and file permissions separately:
find /my/project -type d -exec chmod 755 {} \; find /my/project -type f -exec chmod 644 {} \;
Conclusion
Linux file permissions provide fine-grained access control for security, multi-user environments, and automation. Understanding how to view, change, and enforce permissions empowers you to manage servers confidently, protect data, and collaborate safely.
Whether you’re deploying web applications, managing cloud servers, or building shell scripts — knowing your way around chmod, chown, umask, and special permission bits is essential.