Linux File Permissions Explained: chmod, chown & Access Control
Master Linux file permissions with clear explanations of chmod, chown, and access control. Includes a chmod calculator, common permission patterns, and troubleshooting tips.
Understanding the Permission Model
Linux file permissions control three types of access — read (r), write (w), and execute (x) — for three categories of users: the file owner (user), the group, and everyone else (others). When you run 'ls -l', you see permissions like '-rwxr-xr--'. The first character indicates the file type (dash for regular file, d for directory). The next nine characters are three groups of three: owner permissions (rwx), group permissions (r-x), and other permissions (r--). In this example, the owner can read, write, and execute; group members can read and execute; and others can only read.
Numeric chmod Notation
Each permission has a numeric value: read equals 4, write equals 2, execute equals 1. Add these values for each user category to get a three-digit code. The permission 'rwxr-xr--' translates to: owner 4+2+1=7, group 4+0+1=5, others 4+0+0=4, giving chmod 754. Common permissions include: 644 (owner read/write, others read — standard for files), 755 (owner full, others read/execute — standard for directories and scripts), 600 (owner read/write only — private files), and 777 (everyone full access — avoid in production). A chmod calculator simplifies converting between symbolic and numeric notations.
Using chmod and chown Commands
Change permissions with chmod using numeric or symbolic notation. Numeric: 'chmod 755 script.sh' sets rwxr-xr-x. Symbolic: 'chmod u+x script.sh' adds execute for the owner, 'chmod g-w file.txt' removes write for the group, and 'chmod o=r file.txt' sets others to read-only. Use 'chmod -R 755 directory/' to apply recursively. Change ownership with 'chown user:group file'. For example, 'chown www-data:www-data /var/www/' sets the web server as owner. Use 'chown -R' for recursive ownership changes. The 'chgrp' command changes only the group.
Recommended Resources
AI pair programmer that helps you write code faster.
Cloud infrastructure for developers. Get $200 free credit.
Sponsored · We may earn a commission at no cost to you
Special Permissions: SUID, SGID, and Sticky Bit
Beyond basic rwx, Linux has three special permissions. SUID (Set User ID, chmod 4xxx) makes an executable run as the file owner — the passwd command uses this to write to /etc/shadow. SGID (Set Group ID, chmod 2xxx) on a directory makes new files inherit the directory's group. The sticky bit (chmod 1xxx) on a directory prevents users from deleting files they do not own — /tmp uses this (chmod 1777). These are represented as 's' or 't' in ls output. Use special permissions sparingly as SUID on the wrong binary creates serious security vulnerabilities.
Common Permission Patterns and Troubleshooting
Web server files should be 644 (owner read/write, others read) with directories at 755. SSH keys require 600 (private key) and 644 (public key) — SSH refuses to use keys with looser permissions. Shared directories should use SGID (2775) so all group members can create and access files. If a script will not execute, check for the execute bit with 'ls -l' and add it with 'chmod +x'. If you get 'Permission denied' on a directory, you need execute permission to enter it (cd) and read permission to list contents (ls). The 'stat' command shows permissions in both symbolic and numeric formats.
Related Free Tools
Related Articles
Frequently Asked Questions
What does chmod 777 mean and is it safe?
chmod 777 grants read, write, and execute permissions to everyone — the owner, the group, and all other users on the system. This is almost never safe for production systems because it allows any user to modify or execute the file. It is commonly used as a quick fix during development but creates significant security vulnerabilities. Instead, use the minimum permissions required: 755 for executable scripts and directories, 644 for regular files, and 600 for sensitive configuration files containing passwords or API keys.
How do I fix 'Permission denied' errors in Linux?
First, identify what permission is missing with 'ls -l filename'. For reading a file, you need the r bit. For modifying, you need w. For executing a script, you need x. For entering a directory, you need x on the directory itself. If you own the file, use chmod to add the needed permission. If someone else owns it, use 'sudo chmod' or ask the owner. For web applications, ensure the web server user (www-data or nginx) has read access to files and read plus execute on directories.
What is the difference between chmod and chown?
chmod changes what actions can be performed on a file (read, write, execute permissions), while chown changes who owns the file (the user and group ownership). They serve complementary purposes: chown determines which user and group the permission categories apply to, and chmod sets the actual permissions for those categories. For example, 'chown alice:developers file.txt' makes Alice the owner and developers the group, then 'chmod 750 file.txt' gives Alice full access, developers read and execute, and others no access.