Complete Guide to Linux File Permissions
Understand Linux file permissions, ownership, and access control. Learn chmod notation, special permissions, and security best practices.
Understand Permission Basics
Every Linux file has three permission sets: owner, group, and others. Each set has three permissions: read (r=4), write (w=2), and execute (x=1). View permissions with ls -la. The output -rwxr-xr-- means: owner can read, write, and execute; group can read and execute; others can only read. Use our chmod calculator to visually build permission strings.
Master Numeric Notation
Permissions are commonly expressed as three-digit numbers where each digit is the sum of read (4), write (2), and execute (1). Common values: 755 (owner full, others read-execute — typical for scripts), 644 (owner read-write, others read-only — typical for files), 700 (owner only — private files), 777 (everyone full access — generally avoid for security reasons).
Change Permissions and Ownership
Use chmod to change permissions: chmod 755 script.sh or chmod u+x script.sh (symbolic notation). Use chown to change ownership: chown user:group file.txt. Use chgrp to change only the group. Add -R flag for recursive changes to entire directories. Always be careful with recursive permission changes — applying wrong permissions to system files can break your system.
Apply Security Best Practices
Follow the principle of least privilege — give only the minimum permissions needed. Never use 777 on production files. Sensitive configuration files should be 600 (owner read-write only). Web server files should be 644 for files and 755 for directories. SSH private keys must be 600 or SSH will refuse to use them. Regularly audit permissions on critical files and directories.
Pro Tips
- Use umask to set default permissions for new files (umask 022 gives 755 dirs, 644 files)
- The sticky bit (chmod +t) on directories prevents users from deleting each other's files
- SUID bit (chmod u+s) runs a program as the file owner — use with extreme caution
- Use Access Control Lists (ACLs) when you need more granular control than user/group/other
Related Free Tools
Frequently Asked Questions
What does chmod 755 mean?
chmod 755 sets permissions to rwxr-xr-x: the owner can read, write, and execute; group members can read and execute; all others can read and execute. This is the standard permission for executable scripts, web server directories, and most programs. It allows everyone to run the program but only the owner to modify it.
Why should I avoid chmod 777?
chmod 777 gives read, write, and execute access to everyone on the system. This is a serious security risk because any user or process (including potentially malicious ones) can modify or execute the file. For web applications, 777 means any compromised script can write malicious code to your files. Use 755 for directories and 644 for files instead.
How do I recursively change permissions?
Use the -R flag: chmod -R 755 directory/ changes the directory and all contents. However, this applies the same permissions to both files and directories, which is often wrong. Better approach: use find command — 'find /path -type d -exec chmod 755 {} ;' for directories and 'find /path -type f -exec chmod 644 {} ;' for files.