Linux File Permissions Explained

Last Updated 2022-12-13

File permissions are "bits" set on any file in a Unix system. Here is a reference sheet of some of the most common permissions bits:

Permissions Numeric Meaning
drwxr-xr-x 755 Directory, accessible by everyone but only writable by the owner
-rw-r--r-- 644 File, readable by everyone but can only be modified by the owner
-rwxrwxrwx 777 File is readable (and executable) by anybody
-rw------- 600 File can only be accessed by the owner, inaccessible to everyone else

A file's permissions define what the owner can do, what the owner's group can do, and what the rest of the world can do to a file --- read, write, or execute it. For *nix purposes, a directory is also a file, and you can't

[.inline-code]cd[.inline-code] into a directory that doesn't have the executable permission set for your user.

To check permissions of all the files in a directory, you can run [.inline-code]ls -l[.inline-code] to perform a long format listing. This shows the permissions for each file and directory in the first column. These are shown as [.inline-code]-ooogggwww[.inline-code], where [.inline-code]o[.inline-code] is "owner," [.inline-code]g[.inline-code] is "group," and [.inline-code]w[.inline-code] is "world."

In the case of a directory, the first single indicator will be [.inline-code]d[.inline-code]. Each one of the other types gets three positions: read, write, and execute. If a [.inline-code]r[.inline-code], [.inline-code]w[.inline-code], or [.inline-code]x[.inline-code] is present in its respective position, then that user has access to that permission, otherwise you'll see a dash ([.inline-code]-[.inline-code]). So a file that was readable and writable by its owner but inaccessible to other users would look like [.inline-code]-rw-------[.inline-code].

[#file-permissions-as-numbers]Understanding file permissions as numbers[#file-permissions-as-numbers]

 [.inline-code]-rw-------[.inline-code] can be represented numerically as 600. The 6 translates as [.inline-code]rw[.inline-code] for the user and the 0s translate as "no access" for group and world, respectively.

When using numeric representation, the numbers can be three or four digits. In the case of a four-digit number, the first digit is used to set setuid, setgid, or sticky bit. The last three digits represent a combination of read, write, and execute added together.

  • 4 = r (read)
  • 2 = w (write)
  • 1 = x (execute)

For each group, you add the three numbers together to create a single-digit representation of the permissions for that group. For example:

- 0 means no permissions

- 4 means read only (4)

- 5 means read and execute (4 + 1)

- 6 means read and write (4 + 2)

- 7 means all permissions (read, write, and execute, or 4 + 2 + 1)

A file that is executable by the owner and read-only for everyone else would be [.inline-code]-rwxr--r--[.inline-code], represented as 0744, with 7 (4 + 2 + 1) for the user and 4 for group and world.

[#standard-permissions]Standard permissions for files and directories[#standard-permissions]

The standard permissions for a regular file are [.inline-code]-rw-r--r--[.inline-code], or, numerically, 644, which gives the file owner permission to read and write, and the group and world permission to read only.

The standard permissions for a directory are [.inline-code]drwx-r-xr-x[.inline-code], or 755. This gives the owner permission to write, and the owner, group, and world  permission to read and "execute" them, or in this case [.inline-code]cd[.inline-code] into them.

An executable file, such as an executable shell script with proper shebang or a binary, gets the [.inline-code]x[.inline-code] bit set for the appropriate user. In most cases this is everybody, which translates as [.inline-code]-rwxr-xr-x[.inline-code], or 755. To make a file _fully_ readable, writeable and executable to _everybody_, you would want [.inline-code]-rwxrwxrwx[.inline-code], or 777 file permissions. This is generally ill-advised, as you don't want the entire _world_ to have write access to any file.

Setting and modifying file permissions is done using the [.inline-code]chmod[.inline-code] command, which we discuss further in another post.