Chapter 45: File Permissions
File Permissions
This is one of the most important topics in Linux/Bash — once you understand file permissions, you will never be confused again when you see “Permission denied”, or when a script won’t run, or when you wonder why your friend can’t read your file.
In Linux (and macOS, and servers), every file and every folder has permissions attached to it — like invisible rules that say:
- Who can read it?
- Who can write (change/delete) it?
- Who can execute it (run it as a program/script)?
These rules are controlled by three categories of people:
- Owner (the user who created the file — usually you)
- Group (a group the owner belongs to — can be shared with teammates)
- Others (everyone else on the system — including visitors or other users)
And for each of these three categories, there are three possible permissions:
| Letter | Permission | What it means for files | What it means for folders |
|---|---|---|---|
| r | read | Can view / open / cat the content | Can list files inside (ls) |
| w | write | Can edit / change / delete the file | Can create/delete/rename files inside folder |
| x | execute | Can run the file as a program/script | Can enter the folder (cd into it) |
How Permissions Look in Real Life (ls -l)
Type this right now in your terminal:
|
0 1 2 3 4 5 6 7 8 |
ls -l # or better: ls -lh |
You will see lines like this:
|
0 1 2 3 4 5 6 7 8 |
-rw-r--r-- 1 webliance webliance 2.3K Feb 26 08:45 report.pdf drwxr-xr-x 2 webliance webliance 4.0K Feb 25 14:30 photos -rwxr-xr-x 1 webliance webliance 456 Feb 26 09:10 hello.sh |
Let’s break down one line completely:
|
0 1 2 3 4 5 6 7 8 9 10 11 12 |
- rw- r-- r-- 1 webliance webliance 2.3K Feb 26 08:45 report.pdf ↑ ↑ ↑ ↑ │ │ │ │ │ │ │ others (everyone else) │ │ group │ owner type of file |
- First character = file type
- – = normal file
- d = directory (folder)
- l = symbolic link
- etc.
Next 9 characters = permissions (3 groups × 3 bits)
|
0 1 2 3 4 5 6 7 |
rw- r-- r-- owner group others |
So for report.pdf above:
- Owner (webliance): read + write (can edit/delete)
- Group (webliance): read only (can view)
- Others: read only (can view)
For hello.sh:
|
0 1 2 3 4 5 6 7 |
rwxr-xr-x rwx r-x r-x |
- Owner: read + write + execute (full control)
- Group & others: read + execute (can run the script, but cannot edit)
For folders (d at start):
|
0 1 2 3 4 5 6 |
drwxr-xr-x |
- Owner: rwx (can list, create/delete inside, cd into)
- Group & others: r-x (can list files and cd into, but cannot create/delete inside)
How to Remember the 9 Positions
Think of it like this:
|
0 1 2 3 4 5 6 7 8 9 |
Positions: 1 2 3 4 5 6 7 8 9 r w x r w x r w x ┌───┐ ┌───┐ ┌───┐ owner group others |
Each group has rwx (read-write-execute)
Numeric (Octal) Way – Very Common in Scripts & chmod
Permissions are also written as numbers (0–7 for each group)
| Permission combo | Binary | Number (octal) | Meaning shorthand |
|---|---|---|---|
| rwx | 111 | 7 | full |
| rw- | 110 | 6 | read + write |
| r-x | 101 | 5 | read + execute |
| r– | 100 | 4 | read only |
| — | 000 | 0 | nothing |
So the famous permissions you see:
|
0 1 2 3 4 5 6 7 8 9 |
chmod 755 script.sh → rwxr-xr-x (owner full, others can run) chmod 644 file.txt → rw-r--r-- (owner edit, everyone read) chmod 600 secret.key → rw------- (only owner can read/write) chmod 700 private_folder/ → rwx------ (only owner can enter/use) |
How to Change Permissions – chmod Command
chmod = change mode
Two ways:
- Symbolic (letters – easier for beginners)
|
0 1 2 3 4 5 6 7 8 9 10 11 |
chmod u+x hello.sh # user/owner add execute chmod g-w report.pdf # group remove write chmod o-r secret.txt # others remove read chmod a+x script.sh # all (user+group+others) add execute chmod ug+rw file.txt # user & group add read+write chmod go-rwx private/ # group & others remove all |
u = user/owner g = group o = others a = all
- = add permission
- = remove = = set exactly
- Numeric (octal – faster once you remember)
|
0 1 2 3 4 5 6 7 8 |
chmod 755 hello.sh chmod 644 config.conf chmod 700 ~/.ssh |
Real-Life Examples You Will See Every Day
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
# Make script runnable (very common mistake!) chmod +x myscript.sh # or chmod 755 myscript.sh # Secure your private key chmod 600 ~/.ssh/id_rsa # Folder where anyone can read but only you write chmod 755 /var/www/html/ # Shared folder for team (owner + group full access) chmod 775 team_project/ chown -R :developers team_project/ # change group too # Remove write from all except owner chmod -R go-w important_docs/ |
Practice Right Now (5 Minutes!)
|
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# 1. Create files touch test.txt secret.sh mkdir private # 2. Check current permissions ls -l # 3. Make script executable chmod +x secret.sh ls -l secret.sh # should see -rwxr-xr-x or similar # 4. Secure secret file chmod 600 secret.sh ls -l secret.sh # rw------- # 5. Make folder private chmod 700 private ls -ld private # drwx------ # 6. Try to change as another user (if you have one) # or just observe |
Quick Summary Table – Most Common Permissions
| Permission | Octal | Symbolic | Typical Use Case |
|---|---|---|---|
| rw-r–r– | 644 | u=rw,go=r | Normal text files, configs |
| rwxr-xr-x | 755 | u=rwx,go=rx | Scripts, binaries, most folders |
| rw——- | 600 | u=rw,go= | Private keys, passwords, .env files |
| rwx—— | 700 | u=rwx,go= | Private folders (like ~/.ssh) |
| rwxrwxr-x | 775 | ug=rwx,o=rx | Shared team folders |
| rw-rw-rw- | 666 | ugo=rw | World-writable files (rare, dangerous) |
Got it, boss? File permissions are Linux’s way of saying “who is allowed to do what” — master them and you’ll fix 80% of “permission denied” problems forever.
Any confusion? Want next: “Teacher, explain chmod recursive (-R)” or “what is umask” or “file ownership (chown/chgrp)” or “sticky bit & setgid”?
Just say — teacher is ready in Hyderabad! Keep checking ls -l every day! 🐧🔐📁 😄
