How Linux file permissions work

by on February 13, 2006 · 23 comments· LAST UPDATED September 11, 2007

in , ,

Linux (and almost all other Unixish systems) have three user classes as follows:

  • User (u): The owner of file
  • Group (g): Other user who are in group (to access files)
  • Other (o): Everyone else

You can setup following mode on each files. In a Linux and UNIX set of permissions is called as mode:

  • Read (r)
  • Write (w)
  • Execute (x)

However, above three modes or permission have different meaning for file and directory:

Linux Read mode permissions

  • Read access on a file allows you to view file
  • Read access on a directory allows you to view directory contents with ls command

Write mode permissions

  • Write access on a file allows you to write to file
  • Write access on a directory allows you to remove or add new files

Execute mode permissions

  • Execute access on a file allows to run program or script
  • Execute access on a directory allows you access file in the directory

Octal numbers and permissions

You can use octal number to represent mode/permission:

  • r: 4
  • w: 2
  • x: 1

For example, for file owner you can use octal mode as follows. Read, write and execute (full) permission on a file in octal is
0+r+w+x = 0+4+2+1 = 7

Only Read and write permission on a file in octal is
0+r+w+x = 0+4+2+0 = 6

Only read and execute permission on a file in octal is
0+r+w+x = 0+4+0+1 = 5

Use above method to calculate permission for group and others. Let us say you wish to give full permission to owner, read & execute permission to group, and read only permission to others, then you need to calculate permission as follows:
User = r+w+x = 0+4+2+1 = 7
Group= r+w+x = 0+4+2+0 = 6
Others = r+w+x = 0+0+0+1 = 1

Effective permission is 761.

chmod command

To setup file permission you need to use chmod command:
chmod {mode} {file-name}

To setup file permission 761 you need to use chmod command as follows:
# chmod 0761 file
To setup a file readable by anyone and writable by the owner only:
# chmod 644 file
To setup a file readable/executable by everyone and writable by the owner only:
# chmod 755 file
You can change permissions for all files and directories within a directory by using the -R option on the chmod command. For example, to setup others read and execute access to all files and directories (and files and directories within directories), you need to type command as follows (i.e. change the modes of the file hierarchies rooted in the files instead of just the files themselves):
# chmod -R 755 directory-name/

Further readings

  1. Access rights: Linux's first line of defense
  2. Read chmod command man page for more information.
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 23 comments… read them below or add one }

1 Anonymous February 14, 2006 at 8:05 pm

What about sticky bits?

Reply

2 nixcraft February 14, 2006 at 11:32 pm

Okai I will post about sticky bit too :)

Reply

3 hari vishnu September 6, 2007 at 5:20 am

Hello,

Very useful thanks.

Reply

4 amit nehra December 6, 2007 at 3:17 am

is there any command which can restore the file permissions.
i just change permissions to few files & i don’t know the old permissions. any way to undo the chmod operation.
mail at nehra13@gmail.com

Reply

5 linus oteba April 24, 2014 at 6:31 am

Kindly notify me of the same on how to undo chmod operation

on linusoteba@gmail.com

Reply

6 thakur ravi January 3, 2008 at 7:07 am

I have same trouble.
Pls send reply to
ravi.thakur@barco.com

Reply

7 irfan September 30, 2008 at 6:02 am

HI,

Q. Would like to know how to run file in linux? How to download yahoo messenger?

Reply

8 Gabriel October 23, 2009 at 6:40 am

thanks for the post

Reply

9 ubuntuba December 7, 2010 at 10:30 pm

It isn’t correct this:
Use above method to calculate permission for group and others. Let us say you wish to give full permission to owner, read & execute permission to group, and read only permission to others, then you need to calculate permission as follows:
User = r+w+x = 0+4+2+1 = 7
Group= r+w+x = 0+4+2+0 = 6
Others = r+w+x = 0+0+0+1 = 1

Effective permission is 761.

correct is:
User = r+w+x = 0+4+2+1 = 7 (Full)
Group= r+w+x = 0+4+2+0 = 6 (Read&Write)
Others = r+w+x = 0+4+0+0 = 4 (Only Read = 4, if it is equal to 1 then others have permission to execute)

So effective permission is 764

Reply

10 shishir June 9, 2011 at 11:06 am

What is meaning of execute when we implement on file.pls suggest

Reply

11 hmm July 21, 2011 at 5:52 am

755 means wrx, rx, rx, why then in centos i see with ls -la,
wrx-rx-x ??? others can only execute?

Reply

12 Santosh November 18, 2011 at 5:35 am

Nice one and easy to understand

Reply

13 Akshay January 16, 2012 at 8:30 am

Hello,

Can you please tell me how to change default umask for all user in centos or Redhat

Thanks
Akshay.

Reply

14 nixCraft January 16, 2012 at 8:38 am
15 seighalani April 6, 2012 at 8:09 am

hi dear

you made wrong in an example. please double check this part

“Use above method to calculate permission for group and others. Let us say you wish to give full permission to owner, read & execute permission to group, and read only permission to others, then you need to calculate permission as follows:
User = r+w+x = 0+4+2+1 = 7
Group= r+w+x = 0+4+2+0 = 6
Others = r+w+x = 0+0+0+1 = 1

Effective permission is 761.”

according your explanation answer is 754 not 761

Reply

16 NILESH August 27, 2012 at 4:59 am

how will access files/directories if i prompted another user?

Reply

17 bilkis January 10, 2013 at 6:29 am

You work as a Network Administrator for B The company has a Linux-based network.You are working on a Linux computer. You get the following listing on your computer:rwxr-xr-x 2 abc user 15 May 3 3:12 file92. How many hard links have been created for file92?

Reply

18 mohammad March 11, 2013 at 5:50 am

hello

it’s very good thanks

Reply

19 Jack March 25, 2013 at 1:48 pm

Hi Thank you for this. But is there a way we could give a specific user Read Write permission to directories and its sub directories.The user is not the owner or not in a group ?

Reply

20 Dan Saint-Andre June 24, 2013 at 5:11 pm

This article describes the WHAT of traditional *nix permissions. It does not explain HOW they work. In addition to traditional permssions, where might access control lists (ACLs) fit? If ACLs exist, do traditional permissions matter at all? Which tests get performed in which order to grant or deny access to a permission protected file? Processes have more than one sense of user-ness and group-ness. Which of these gets evaluated first? Are these tests looking for first permission that grants access and then it stops testing? Instead do they look for the first permission that denies access and then it stops testing?

Reply

21 Geri August 22, 2013 at 9:31 am

Short and clear:

owner group other → Permissions assignee
 rwx   rwx   rwx  → Permissions digits
 421   421   421  → Digits values
-----------------
  7     5     5   → Octal
 111   101   101  → Binary
 rwx   r-x   r-x  → Permissions

Reply

22 Don December 11, 2013 at 9:58 am

Can anyone tell me why this chmod and chown do not work for root?
I have installed a disk with a directory which I want to be available to anyone & everyone to write and read. (BTW I would like to exclude change for most users, but that can wait until I achieve the main purpose -R&W)
My problem is that the disks appear to have been owned by “root” by default and I can’t give anyone else any permissions at all.
I have tried to take ownership by
> sudo chown -R -v don:users 2013-14
and got messages like
root’s password:
changed ownership of `Global’ to don:users
changed ownership of `Global/SRai/ParentsNov/SANY0215.JPG’ to don:users
but ls -l still shows owner as root
> ls -l
gives messages like
-rw-r–r– 1 root users 1943081 2013-11-05 10:02 SANY0215.JPG
And when I do
> chmod 777 Global
I get
chmod: changing permissions of `Global’: Operation not permitted
Again, when I do
> sudo chmod -R -v 775 Global
I get lots of nice messages like,
mode of `Global/SRai/ParentsNov/SANY0215.JPG’ changed to 0775 (rwxrwxr-x)
and nothing that looks like an error message
But then, when I do,
> ls -l
I get messages like,
-rw-r–r– 1 root users 1943081 2013-11-05 10:02 SANY0215.JPG
which seems to say that the permissions have not been changed?
Now I’m guessing that this has something to do with the fact that the files are (for no reason I understand) owned by this phantom “root”. But how can I share this drive for writing when it is owned by someone who doesn’t have a logon and can’t give permissions to anyone to do anything?

The only other significant factor I can think of, is that the machine was originally a Windows desktop machine. The drive was then shared with full access for all. I installed Open Suse 11 which is the first distro I’ve found I can (otherwise!) use. But it did not offer me any choice in mounting the drive (unless I agreed to format it, which I really would not want to do, because it has several hundred GB of data which I can’t back up anywhere at the moment.) and it just gets (permanently?) mounted under /windows and crucially owned by “root”

So what is wrong?

Reply

23 Celine February 18, 2014 at 5:13 am

Good one and easy to understand. Thanks!

Reply

Leave a Comment

Tagged as: , , , , ,

Previous Faq:

Next Faq: