≡ Menu

How Linux file permissions work

Linux (and almost all other Unixish systems) have three user classes as follows:

  • User (u): The owner of file
  • Group (g): Other user who are in group (to access files)
  • Other (o): Everyone else

You can setup following mode on each files. In a Linux and UNIX set of permissions is called as mode:

  • Read (r)
  • Write (w)
  • Execute (x)

However, above three modes or permission have different meaning for file and directory:

Linux Read mode permissions

  • Read access on a file allows you to view file
  • Read access on a directory allows you to view directory contents with ls command

Write mode permissions

  • Write access on a file allows you to write to file
  • Write access on a directory allows you to remove or add new files

Execute mode permissions

  • Execute access on a file allows to run program or script
  • Execute access on a directory allows you access file in the directory

Octal numbers and permissions

You can use octal number to represent mode/permission:

  • r: 4
  • w: 2
  • x: 1

For example, for file owner you can use octal mode as follows. Read, write and execute (full) permission on a file in octal is
0+r+w+x = 0+4+2+1 = 7

Only Read and write permission on a file in octal is
0+r+w+x = 0+4+2+0 = 6

Only read and execute permission on a file in octal is
0+r+w+x = 0+4+0+1 = 5

Use above method to calculate permission for group and others. Let us say you wish to give full permission to owner, read & execute permission to group, and read only permission to others, then you need to calculate permission as follows:
User = r+w+x = 0+4+2+1 = 7
Group= r+w+x = 0+4+2+0 = 6
Others = r+w+x = 0+0+0+1 = 1

Effective permission is 761.

chmod command

To setup file permission you need to use chmod command:
chmod {mode} {file-name}

To setup file permission 761 you need to use chmod command as follows:
# chmod 0761 file
To setup a file readable by anyone and writable by the owner only:
# chmod 644 file
To setup a file readable/executable by everyone and writable by the owner only:
# chmod 755 file
You can change permissions for all files and directories within a directory by using the -R option on the chmod command. For example, to setup others read and execute access to all files and directories (and files and directories within directories), you need to type command as follows (i.e. change the modes of the file hierarchies rooted in the files instead of just the files themselves):
# chmod -R 755 directory-name/

Further readings

  1. Access rights: Linux's first line of defense
  2. Read chmod command man page for more information.
Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 26 comments… add one }

  • Anonymous February 14, 2006, 8:05 pm

    What about sticky bits?

  • nixcraft February 14, 2006, 11:32 pm

    Okai I will post about sticky bit too :)

  • hari vishnu September 6, 2007, 5:20 am

    Hello,

    Very useful thanks.

  • amit nehra December 6, 2007, 3:17 am

    is there any command which can restore the file permissions.
    i just change permissions to few files & i don’t know the old permissions. any way to undo the chmod operation.
    mail at nehra13@gmail.com

  • thakur ravi January 3, 2008, 7:07 am

    I have same trouble.
    Pls send reply to
    ravi.thakur@barco.com

  • irfan September 30, 2008, 6:02 am

    HI,

    Q. Would like to know how to run file in linux? How to download yahoo messenger?

    • Samuel May 30, 2015, 11:42 am

      God bless you sir!! I really had issues understanding file perm using Octal, but ur tutorials cleared the air for me! please keep on with more of these. Salute sir, salute !!

  • Gabriel October 23, 2009, 6:40 am

    thanks for the post

  • ubuntuba December 7, 2010, 10:30 pm

    It isn’t correct this:
    Use above method to calculate permission for group and others. Let us say you wish to give full permission to owner, read & execute permission to group, and read only permission to others, then you need to calculate permission as follows:
    User = r+w+x = 0+4+2+1 = 7
    Group= r+w+x = 0+4+2+0 = 6
    Others = r+w+x = 0+0+0+1 = 1

    Effective permission is 761.

    correct is:
    User = r+w+x = 0+4+2+1 = 7 (Full)
    Group= r+w+x = 0+4+2+0 = 6 (Read&Write)
    Others = r+w+x = 0+4+0+0 = 4 (Only Read = 4, if it is equal to 1 then others have permission to execute)

    So effective permission is 764

  • shishir June 9, 2011, 11:06 am

    What is meaning of execute when we implement on file.pls suggest

  • hmm July 21, 2011, 5:52 am

    755 means wrx, rx, rx, why then in centos i see with ls -la,
    wrx-rx-x ??? others can only execute?

  • Santosh November 18, 2011, 5:35 am

    Nice one and easy to understand

  • Akshay January 16, 2012, 8:30 am

    Hello,

    Can you please tell me how to change default umask for all user in centos or Redhat

    Thanks
    Akshay.

  • seighalani April 6, 2012, 8:09 am

    hi dear

    you made wrong in an example. please double check this part

    “Use above method to calculate permission for group and others. Let us say you wish to give full permission to owner, read & execute permission to group, and read only permission to others, then you need to calculate permission as follows:
    User = r+w+x = 0+4+2+1 = 7
    Group= r+w+x = 0+4+2+0 = 6
    Others = r+w+x = 0+0+0+1 = 1

    Effective permission is 761.”

    according your explanation answer is 754 not 761

  • NILESH August 27, 2012, 4:59 am

    how will access files/directories if i prompted another user?

  • bilkis January 10, 2013, 6:29 am

    You work as a Network Administrator for B The company has a Linux-based network.You are working on a Linux computer. You get the following listing on your computer:rwxr-xr-x 2 abc user 15 May 3 3:12 file92. How many hard links have been created for file92?

  • mohammad March 11, 2013, 5:50 am

    hello

    it’s very good thanks

  • Jack March 25, 2013, 1:48 pm

    Hi Thank you for this. But is there a way we could give a specific user Read Write permission to directories and its sub directories.The user is not the owner or not in a group ?

  • Dan Saint-Andre June 24, 2013, 5:11 pm

    This article describes the WHAT of traditional *nix permissions. It does not explain HOW they work. In addition to traditional permssions, where might access control lists (ACLs) fit? If ACLs exist, do traditional permissions matter at all? Which tests get performed in which order to grant or deny access to a permission protected file? Processes have more than one sense of user-ness and group-ness. Which of these gets evaluated first? Are these tests looking for first permission that grants access and then it stops testing? Instead do they look for the first permission that denies access and then it stops testing?

  • Geri August 22, 2013, 9:31 am

    Short and clear:

    owner group other → Permissions assignee
     rwx   rwx   rwx  → Permissions digits
     421   421   421  → Digits values
    -----------------
      7     5     5   → Octal
     111   101   101  → Binary
     rwx   r-x   r-x  → Permissions
  • Don December 11, 2013, 9:58 am

    Can anyone tell me why this chmod and chown do not work for root?
    I have installed a disk with a directory which I want to be available to anyone & everyone to write and read. (BTW I would like to exclude change for most users, but that can wait until I achieve the main purpose -R&W)
    My problem is that the disks appear to have been owned by “root” by default and I can’t give anyone else any permissions at all.
    I have tried to take ownership by
    > sudo chown -R -v don:users 2013-14
    and got messages like
    root’s password:
    changed ownership of `Global’ to don:users
    changed ownership of `Global/SRai/ParentsNov/SANY0215.JPG’ to don:users
    but ls -l still shows owner as root
    > ls -l
    gives messages like
    -rw-r–r– 1 root users 1943081 2013-11-05 10:02 SANY0215.JPG
    And when I do
    > chmod 777 Global
    I get
    chmod: changing permissions of `Global’: Operation not permitted
    Again, when I do
    > sudo chmod -R -v 775 Global
    I get lots of nice messages like,
    mode of `Global/SRai/ParentsNov/SANY0215.JPG’ changed to 0775 (rwxrwxr-x)
    and nothing that looks like an error message
    But then, when I do,
    > ls -l
    I get messages like,
    -rw-r–r– 1 root users 1943081 2013-11-05 10:02 SANY0215.JPG
    which seems to say that the permissions have not been changed?
    Now I’m guessing that this has something to do with the fact that the files are (for no reason I understand) owned by this phantom “root”. But how can I share this drive for writing when it is owned by someone who doesn’t have a logon and can’t give permissions to anyone to do anything?

    The only other significant factor I can think of, is that the machine was originally a Windows desktop machine. The drive was then shared with full access for all. I installed Open Suse 11 which is the first distro I’ve found I can (otherwise!) use. But it did not offer me any choice in mounting the drive (unless I agreed to format it, which I really would not want to do, because it has several hundred GB of data which I can’t back up anywhere at the moment.) and it just gets (permanently?) mounted under /windows and crucially owned by “root”

    So what is wrong?

  • Celine February 18, 2014, 5:13 am

    Good one and easy to understand. Thanks!

  • abbas July 25, 2014, 12:49 am

    thanks,its informative and well explained

  • wangbin June 8, 2015, 5:01 am

    really very thank you.

Leave a Comment