Skip to content

Linux File Permissions and Ownership

Introduction

Linux uses a permission and ownership model to control access to files and directories. Understanding and managing these permissions is essential for security and system integrity.

Understanding File Permissions

Each file and directory in Linux has three types of permissions:

  • Read (r) – Allows viewing the contents of a file or listing a directory.
  • Write (w) – Allows modifying a file or adding/removing files in a directory.
  • Execute (x) – Allows executing a file (if it's a script or binary) or accessing a directory.

Viewing Permissions

Use ls -l to display file permissions: 

ls -l file.txt

Example Output 
-rw-r--r--  1 user group 1234 Feb 07 12:34 file.txt

Breakdown:

  • -rw-r--r-- → File type and permissions
  • user → File owner
  • group → Group owner
  • 1234 → File size in bytes
  • Feb 07 12:34 → Last modification date
  • file.txt → File name

Numeric (Octal) Permissions

Each permission has a numeric value: - Read (r) = 4 - Write (w) = 2 - Execute (x) = 1

To calculate file permissions, sum up the values for each category:

Permission Owner Group Others Numeric Representation
rwx 7 7 7 777 Full access
rw- 6 6 0 660 Read & Write for owner/group
r-- 4 4 4 444 Read-only for all
rw-r--r-- 6 4 4 644 Typical file permission
rwxr-xr-x 7 5 5 755 Common executable permission

Using chmod

chmod is used to change file permissions.

chmod 755 script.sh
  • 7 (rwx) → Owner has full permissions
  • 5 (r-x) → Group has read and execute permissions
  • 5 (r-x) → Others have read and execute permissions

Symbolic Method

chmod u+x script.sh  # Add execute permission to the owner
chmod g-w file.txt   # Remove write permission from the group
chmod o+r file.txt   # Add read permission for others

Changing File Ownership

Using chown

chown changes the owner and/or group of a file.

chown newuser file.txt          # Change file owner to 'newuser'
chown newuser:newgroup file.txt # Change owner and group
chown :newgroup file.txt        # Change only the group

Understanding UID and GID

Each user and group is identified by a unique numeric ID:

  • User ID (UID): Identifies a specific user.
  • Group ID (GID): Identifies a specific group.

Viewing UID and GID

To view the UID and GID of the current user:

id
Example Output 
uid=1000(user) gid=1000(group) groups=1000(group),27(sudo),1001(docker)

Checking User Information

To check user account details: 

grep username /etc/passwd

Example Output 
user:x:1000:1000:User Name:/home/user:/bin/bash

Changing Default Permissions with umask

umask determines the default permissions for newly created files and directories.

Viewing and Setting umask

umask
umask 022  # Default: files 644 (-rw-r--r--), directories 755 (drwxr-xr-x)
umask 077  # More restrictive: files 600 (-rw-------), directories 700 (drwx------)

Special Permissions

SetUID (s)

Allows a file to be executed with the permissions of the file owner. 

chmod u+s /path/to/file

SetGID (s)

Files inherit the group of the parent directory. 

chmod g+s /path/to/directory

Sticky Bit (t)

Prevents users from deleting files owned by others in a shared directory. 

chmod +t /tmp

Download Cheat Sheet

Conclusion

Understanding and correctly managing Linux file permissions and ownership is crucial for system security and efficient multi-user management. Mastering chmod, chown, and umask will help you control access effectively.