File permissions are the foundation of Linux security. Every file and directory has an owner, a group, and a set of permissions that control who can read, write, and execute it. Understanding this system is essential — misconfigured permissions are behind countless security issues and mysterious “permission denied” errors.
Reading permission notation
When you run ls -l, the first column shows permissions:
-rwxr-xr-- 1 user group 4096 Jan 1 file.sh
|||||||||||
|├─┤├─┤├─┤
| | | └── Others: r-- (read only)
| | └───── Group: r-x (read + execute)
| └──────── Owner: rwx (read + write + execute)
└────────── Type: - (regular file), d (directory)
The three permission types are: r (read) = view contents, w (write) = modify contents, x (execute) = run as program (files) or enter (directories).
Changing permissions with chmod
chmod sets permissions using either symbolic or numeric (octal) notation:
# Numeric (most common)
chmod 755 script.sh # rwxr-xr-x — owner full, others read+execute
chmod 644 file.txt # rw-r--r-- — owner read+write, others read only
chmod 600 secret.key # rw------- — owner only, private
# Symbolic
chmod +x script.sh # Add execute permission for all
chmod u+x script.sh # Add execute for owner only
chmod -w file.txt # Remove write permission from all
chmod -R 755 dir/ # Recursive — apply to directory and contents
The numeric system: r=4, w=2, x=1. Add them together for each position. So 755 = owner(4+2+1) group(4+0+1) others(4+0+1) = rwxr-xr-x.
Changing ownership with chown
chown changes who owns a file:
chown user file.txt # Change owner
chown user:group file.txt # Change owner and group
chown -R user:group dir/ # Recursive
Setting defaults with umask
umask controls the default permissions for newly created files and directories:
umask # Show current umask
umask 022 # New files: 644, new dirs: 755 (standard)
umask 077 # New files: 600, new dirs: 700 (private)
Common permission patterns to memorize: 755 for executable scripts, 644 for regular files, 600 for private keys and credentials, 700 for private directories.
Getting permissions right prevents two categories of problems: “permission denied” errors that block legitimate access, and overly permissive settings that expose sensitive data. When in doubt, start restrictive and open up as needed.
Ready to practice? Explore the project repository for the full permissions reference and interactive exercises.
