Home Blog Linux File Permissions

Linux File Permissions Explained (chmod Guide)

📅 ✏️ ⏱️ 7 min read

Linux file permissions are fundamental to system security and proper operation. Understanding permissions prevents accidental data loss, ensures proper application function, and protects your system from unauthorized access. Despite their importance, many developers struggle with permission concepts and the chmod command. This comprehensive guide explains how Linux file permissions work, how to read permission notation, and how to use chmod to set permissions correctly. By mastering this essential skill, you'll manage files confidently on any Linux system.

Ad space - Advertisement placement 1

Understanding the Permission Model

Linux permissions control who can do what with files and directories. Three permission types apply: read (r), write (w), and execute (x). Three categories of users have separate permissions: owner (the file creator), group (users in the file's group), and others (everyone else). Permissions for each category are represented by three bits, allowing independent control for each user type.

Reading Permission Notation

The ls -l Output

When you run "ls -l", you see permissions as a string like "-rwxr-xr--". The first character is the file type (- for regular file, d for directory). The next nine characters represent permissions in three groups of three.

-rwxr-xr-- ^ file type (- = regular file) ^^^ owner permissions (read, write, execute) ^^^ group permissions (read, write, execute) ^^^ other permissions (read, write, execute)

For each group, r means read permission, w means write permission, x means execute permission, and - means no permission. So "rwx" means full permissions, "r--" means only read, and "r-x" means read and execute but not write.

Numeric Notation

Permissions can also be expressed numerically. Each permission has a value: read = 4, write = 2, execute = 1. Each group's permissions are added together: 7 (4+2+1) = rwx, 5 (4+1) = r-x, 4 = r--. A complete permission like 755 means owner gets 7 (rwx), group gets 5 (r-x), others get 5 (r-x).

Ad space - Advertisement placement 2

Using chmod to Change Permissions

Symbolic Method

The symbolic method uses letters to specify what changes. "u" refers to user (owner), "g" refers to group, "o" refers to others, "a" refers to all. Use + to add permissions, - to remove, = to set exact permissions.

chmod u+rwx file.txt # Add read, write, execute for owner chmod g-w file.txt # Remove write for group chmod o=r file.txt # Set others to read-only chmod a+x script.sh # Add execute for everyone

Numeric Method

The numeric method directly specifies the permission number for each group. "chmod 755 file" sets owner to 7, group to 5, others to 5.

chmod 755 script.sh # Owner rwx, group r-x, others r-x chmod 644 file.txt # Owner rw-, group r--, others r-- chmod 700 secret.txt # Owner rwx, group ---, others --- chmod 777 public.txt # Everyone rwx (generally not recommended)

Understanding Execute Permission

Execute permission has different meanings for files and directories. For regular files, execute permission allows the file to run as a program. For directories, execute permission allows you to enter the directory and access its contents. A directory with read but no execute permission means you can't cd into it, even if you can see its contents with ls.

Common Permission Patterns

644 for Regular Files

Read and write for owner, read-only for everyone else. Standard permission for documents, code, and most files.

755 for Directories and Scripts

Owner has full permissions, group and others can read and execute. Typical for directories and executable scripts.

700 for Sensitive Files

Only owner can read, write, and execute. Use for private SSH keys, configuration with secrets, and sensitive data.

600 for Private Files

Owner can read and write, group and others have no access. Use for sensitive files you don't want to execute.

Pro Tip: Use ToolPilot's chmod Calculator to visually understand permissions and generate chmod commands before running them.

Recursive Permissions with -R

The "-R" flag applies permissions recursively to directories and all contents. "chmod -R 755 mydir" changes permissions on the directory and everything inside. Be careful with recursive operations—they can affect many files at once.

Permission Best Practices

Follow the principle of least privilege—grant minimum permissions needed for functionality. Never use 777 (world-writable) unless absolutely necessary. Protect SSH keys and certificates with 600 permissions. Web server files typically use 755 for directories, 644 for files. Executable scripts need execute permission for the owner at minimum. Regularly audit permissions on sensitive files and directories.

Troubleshooting Permission Issues

Permission denied errors mean you lack necessary permissions. Use "ls -l" to check current permissions. Scripts that won't run need execute permission. Can't enter directories? Check if you have execute permission on the directory itself, not just read. Can't modify files? Ensure you have write permission on both the file and its parent directory.

Calculate File Permissions Easily

Use ToolPilot's chmod Calculator to understand and generate permission values visually.

Calculate Permissions

Permission Management Tools

  • ToolPilot chmod Calculator
    Visual permission calculator that explains each bit and generates chmod commands.
  • Chmod Wikipedia
    Comprehensive reference on file permissions and chmod command syntax.
  • chmod Manual
    Official chmod command manual with complete options and examples.
Disclaimer: Some links in this article may be affiliate links. We earn a small commission if you choose to use these services, at no cost to you. Our recommendations are based on product quality and value.

Frequently Asked Questions

What's the difference between chmod and chown?
chmod changes permissions (who can do what). chown changes ownership (who owns the file). You need sudo or root for chown, but you can use chmod on your own files. chmod controls access, chown controls ownership.
Can I undo a chmod command?
chmod doesn't delete files or data—it just changes permissions. You can always run chmod again with different permissions to fix it. However, if you remove execute permission from a directory, you can't access its contents even as root without first restoring execute permission.
What about umask?
umask is a system setting that determines default permissions for newly created files. It works by removing permissions from the default. Most systems use umask 0022, which creates files with 644 and directories with 755 by default. You can check your umask with the umask command.

Related Articles

Cron Expressions Guide

Learn about scheduling and running scripts with proper permissions.

 Best Free Developer Tools 2026

Discover tools for managing files and permissions efficiently.

 Configuration Formats

Learn about configuration files that often need specific permissions.