Understanding Linux File Permissions
Basic Permission Types
# Input
ls -l myfile.txt
# Output
-rw-r--r-- 1 user group 1024 Oct 25 10:30 myfile.txt
Permission breakdown: rw-r--r--
- First trio (rw-): Owner permissions
- Second trio (r—): Group permissions
- Third trio (r—): Others permissions
Changing Permissions with chmod
Using Numeric Mode
# Input
chmod 644 myfile.txt
# Output
# No output - permissions updated silently
Using Symbolic Mode
# Input
chmod u+x script.sh
# Output
# No output - execute permission added
Changing Ownership with chown
# Input
chown newuser:newgroup file.txt
# Output
# No output - ownership changed silently
Special Permissions
# Input
chmod u+s executable_file
ls -l executable_file
# Output
-rwsr-xr-x 1 root root 1024 Oct 25 10:30 executable_file
FAQ
Q: What’s the difference between chmod and chown?
A: chmod changes permissions (read/write/execute), while chown changes ownership (user/group).
Q: What do the numeric permissions mean?
A: Each digit represents permissions for owner/group/others:
- 4: Read
- 2: Write
- 1: Execute Example: 755 = rwxr-xr-x
Q: How do I recursively change permissions?
A: Use -R flag: chmod -R 755 directory/
Q: How do I view current permissions?
A: Use ls -l or stat filename
Q: What’s the safest default permission for files?
A: 644 (rw-r—r—) for files, 755 (rwxr-xr-x) for directories
Common Permission Scenarios
Web Directory Setup
# Input
chmod 755 /var/www/html
chown -R www-data:www-data /var/www/html
# Output
# No output - permissions and ownership updated
Script Execution
# Input
chmod u+x myscript.sh
ls -l myscript.sh
# Output
-rwxr--r-- 1 user group 1024 Oct 25 10:30 myscript.sh
Securing Configuration Files
# Input
chmod 600 config.ini
ls -l config.ini
# Output
-rw------- 1 user group 1024 Oct 25 10:30 config.ini
Best Practices
- Use least privilege principle
- Regularly audit permissions
- Be cautious with recursive changes
- Don’t use 777 unless absolutely necessary
- Keep sensitive files restricted (600 or 400)
Common Permission Patterns
| Permission | Numeric | Use Case |
|---|---|---|
| rw-r—r— | 644 | Regular files |
| rwxr-xr-x | 755 | Directories, scripts |
| rw------- | 600 | Sensitive configs |
| rwx------ | 700 | Private executables |
Advanced Examples
Setting Default Permissions
# Input
umask 022
touch newfile.txt
ls -l newfile.txt
# Output
-rw-r--r-- 1 user group 0 Oct 25 10:30 newfile.txt
ACL Permissions
# Input
setfacl -m u:specificuser:rx file.txt
getfacl file.txt
# Output
# file: file.txt
# owner: user
# group: group
user:specificuser:r-x
user::rw-
group::r--
other::r--