Vultr DocsLatest Articles

How to Manage File and Directory Permissions in Linux

Linux
KG
Updated on February 14, 2025
How to Manage File and Directory Permissions in Linux header image

Linux permissions control how users access, modify, and execute files or directories on a system. Efficient management of user permissions improves system security and access control by preventing unauthorized access to sensitive data, files, and directories.

This article explains how to manage file and directory permissions in Linux. You will explore the available permission modes and use the chmod and chown commands to change permissions on your Linux workstation.

Linux Permissions

Linux permissions are categorized into read, write, execute (RWX), which define the user or group privileges to a file or directory. Each Linux permission provides a specific privilege level, as described below.

  • Read (r): View the contents of a file or list the contents of a directory.
  • Write (w): Modify, add, remove, or rename files in a directory.
  • Execute (x): Run a file or access the files in a directory.

Linux permissions can be assigned to the following user classes:

  • Owner: The user who owns the file or directory.
  • Group: The group associated with the file or directory.
  • Others: All other system users.

If a user owns a file and belongs to its group, the owner's permissions override the group's permissions. If the owner has read permissions (r), but no write or execute permissions, they cannot write or execute a file even if the group has full permissions (rwx).

To grant users specific group permissions, you can add them to a group using the usermod or gpasswd command.

String Representation of Linux Permissions

Files and directories use a 10-character format to represent the user permissions. You can view the string-based permissions on a file or directory by running a command such as ls -l. Within the output:

  • The first character represents the file type, such as:

    • -: Regular file.
    • d: Directory.
    • l: Symbolic link.
    • b: Block device or special file, such as disks and partitions.
    • c: Character device or special file, such as terminals and serial ports.
    • p: Named pipe.
    • s: Socket.
    • D: Door.

  • The next nine characters represent the user and group permissions on a file or directory in the following order:

    • Owner: First three characters
    • Group: Next three characters
    • Others: Last three characters

Below is an example of a String-Based Permission.

For example:

drwxrw-r-- example.com

In the above ls -l command output:

  • d: Specifies that example.com is a directory.
  • rwx: Represents the owner permissions to the directory. The user has read, write, and execute (rwx) permissions to the directory based on the above output.
  • rw-: Represents the Group permissions. The group has read and write (rw) permissions based on the above output.
  • r--: Represents the permissions for other users. Other system users have read-only r permissions to the directory.

How to Calculate Linux Permissions

Linux permissions use binary values to represent different access levels with the following format.

Permission Binary Value
Read (r) 100 4
Write (w) 010 2
Execute (x) 001 1
None (-) 000 0

For example:

  • Read + Write: 4 + 2 = 6 (binary: 110, symbol: rw-)
  • Read + Execute: 4 + 1 = 5 (binary: 101, symbol: r-x)
  • Write + Execute: 2 + 1 = 3 (binary: 011, symbol: -wx)
  • Read + Write + Execute: 4 + 2 + 1 = 7 (binary: 111, symbol rwx)

Common Linux Permissions

Below are the common Linux permissions and the representation for the owner, group, and other users.

  • 644:
Permission Type Read (r) Write (w) Execute (x) None (-) Total Value
Owner (u) 4 2 0 0 6
Group (g) 4 0 0 0 4
Others (o) 4 0 0 0 4

The owner can read and write the file based on the 644 representation while the group and other users can only read the file.

  • 755:
Permission Type Read (r) Write (w) Execute (x) None (-) Total Value
Owner (u) 4 2 1 0 7
Group (g) 4 0 1 0 5
Others (o) 4 0 1 0 5

The owner has full permissions (read, write, and execute) while the group and other users have read and execute permissions based on the above 755 representation.

  • 777:
Permission Type Read (r) Write (w) Execute (x) None (-) Total Value
Owner (u) 4 2 1 0 7
Group (g) 4 2 1 0 7
Others (o) 4 2 1 0 7

The owner, group, and other users have full permissions to the file based on the above 777 representation.

Note
The root user can override all Linux user permissions on a file or directory. Using sudo while reading or executing a file enables the root superuser privileges, overriding any existing permissions.

View File and Directory Permissions

Long listing a file or directory using the ls -l displays the file permissions, ownership, size, and modification time. Long listing a directory with the -d option displays its permissions instead of the contents. Follow the steps below to view the file and directory permissions using the ls command.

  1. Create a new sample file such as file.txt and a directory such as /var/www/html.

    console 
    $ touch file.txt && sudo mkdir /var/www/html

  2. Use the ls -l command to view the user permissions on a file.

    console 
    $ ls -l file.txt

    Your output should be similar to the one below:

    -rwxr-xr-x 1 user group 1024 Jan 1 12:00 file.txt

    Within the above output:

    • -: Shows that file.txt is a regular file.
    • rwx: Represents the owner's permissions.
    • r-x Represents the group permissions.
    • r-x: Represents other user permissions on the file.

  3. Use the ls -ld command to view the /var/www/html directory permissions.

    console 
    $ ls -ld /var/www/html

    Your output should be similar to the one below:

    drwxr-xr-x 2 user group 4096 Jan 1 12:30 /var/www/html

    Within the output:

    • d: Shows that /var/www/html is a directory.
    • rwx: Represents the directory owner's permissions.
    • r-x: Represents the group permissions.
    • r-x: Represents other user permissions on the directory.

Change File and Directory Permissions

You can change file and directory permissions using the chmod command in two modes, the numeric and symbolic mode. Follow the steps below to change file and directory permissions using the chmod command.

Use the following syntax to change permissions using the chmod command.

```console
$ chmod [permissions] [file or directory]
```

Change Permissions Using Numeric Mode

You can assign permissions using three digits representing the owner, group, and others in numeric mode. Each digit is the sum of read (4), write (2), and execute (1) permissions as illustrated below.

  • Read (r): 4
  • Write (w): 2
  • Execute (x): 1
  • No permissions (-): 0

For example:

  1. Change the file.txt permissions to 755.

    console 
    $ chmod 755 file.txt

    The above command sets the permissions file.txt permissions to 755 to allow all users to read and execute the file, but only the owner to modify it.

  2. Change the /var/www/html directory permissions to 755.

    console 
    $ sudo chmod 755 /var/www/html

    The above command sets the /var/www/html directory permissions to 755, allowing all users to view the directory contents, but only the owner can add new files.

  3. Recursively apply permissions to all files and subdirectories in a directory using the -R option.

    console 
    $ sudo chmod -R 755 /var/www/html

    The above command enables 755 permissions for all files and subdirectories in the /var/www/html directory, allowing all users to navigate the directory read and execute files, but only the owner can modify the contents.

Change Permissions Using Symbolic Mode

Linux permissions are represented by symbols or letters in symbolic mode with the following classification.

  • u: Represents file or directory owner.
  • g: Represents the group associated with a file or directory.
  • o: Represents other system users who are neither the owner nor part of the group.
  • a: Represents all users, including the owner, group, and others.

Use the following operators to assign, remove, or set permissions:

  • +: Adds a permission.
  • -: Removes a permission.
  • =: Explicitly sets the permission and overwrites the active permissions.

Use the following chmod command syntax to change permissions using the symbolic mode.

console 
$ chmod [userclass][operator][permissions] [filename or directory]

For example:

  1. Grant the owner read (r), write (w), and execute (x) permissions on file.txt.

    console 
    $ chmod u+rwx file.txt

  2. Remove execute (x) permission from the group on the /var/www/html directory.

    console 
    $ sudo chmod g-x /var/www/html

  3. Enable read (r) permissions for all users on file.txt.

    console 
    $ chmod a+r file.txt

  4. Change the file owner's permission to read-only, removing write (w) and execute (x) permissions.

    console 
    $ chmod u=r file.txt

  5. Use the -R option to apply permissions recursively on the /var/www/html directory.

    console 
    $ sudo chmod -R a+rx /var/www/html

    The above command adds read (r) and execute (x) permissions for all users on the /var/www/html and its contents.

  6. Modify multiple user categories in a single command.

    console 
    $ chmod ug+rw file.txt

    The above command adds read (r) and write (w) permissions to both the owner and group on file.txt.

  7. Modify different permissions for multiple user classes on file.txt in a single command.

    console 
    $ chmod u+rwx,g+w,o+x file.txt

    The above command enables read (r), write (w), and execute (x) permissions for the owner, write (w) permission for the group, and execute (x) permissions to other users on file.txt.

How to Set Special Permissions (Sticky Bit, SUID, SGID)

Sticky bit, Set User ID (SUID), and Set Group ID (SGID) are special permissions that enable administrators to control file and directory access in multi-user environments. Follow the sections below to use special permissions on files and directories on your workstation.

Sticky Bit

Sticky bit applies only to directories and ensures that only the owner can rename, delete, or move files in a directory. Sticky bit supports both numeric and symbolic modes to enable special permissions. Follow the steps below to enable sticky bit permissions on the /var/www/html directory you created earlier.

  1. Use the +t option to enable sticky bit on the /var/www/html directory.

    console 
    $ sudo chmod +t /var/www/html

  2. Use the 1 option with the chmod command to enable sticky bit on a directory. For example, set the /var/www/html directory permissions to 755 and enable sticky bit.

    console 
    $ sudo chmod 1755 /var/www/html

    Within the above command:

    • 1: Enables the sticky bit.
    • 7: Grants read (r), write (w), and execute (x) permissions to the owner.
    • 5: Grants read (r) and execute (x) permissions to the group.
    • 5: Grants read (r) and execute (x) permissions to other users.

  3. List the directory permissions to verify the sticky bit changes.

    console 
    $ ls -ld /var/www/html

    Your output should be similar to the one below:

    drwxr-xr-t 2 user group 4096 Jan 1 12:00 /var/www/html

    Sticky bit is active on the /var/www/html directory based on the t option in the above output.

Set User ID (SUID)

Set User ID (SUID) enables the execution of a file with the privileges of its owner instead of the active user running it. This is useful for executable files such as scripts that may require elevated privileges. Follow the steps below to use the SUID permission on your Linux workstation.

  1. Create a sample hello.sh script to use as an executable file.

    console 
    $ touch hello.sh

  2. Use the u+s option with chmod command to enable the SUID bit on hello.sh.

    console 
    $ chmod u+s hello.sh

    The above command allows all users to execute the hello.sh file with the permissions of the file owner.

  3. Use numeric mode by adding 4 as the leading digit in the permission value to enable SUID.

    console 
    $ chmod 4755 hello.sh

    Within the above command:

    • 4: Enables the SUID bit.
    • 7: Grants read (r), write (w), and execute (x) permissions to the owner.
    • 5: Grants read (r) and execute (x) permissions to the group.
    • 5: Grants read (r) and execute (x) permissions to other users.

  4. View the hello.sh script permissions to verify that the SUID bit is active.

    console 
    $ ls -l hello.sh

    Your output should be similar to the one below:

    -rwsr-xr-x 1 root root 1024 Jan  15 20:43 hello.sh

    The SUID bit is active on the hello.sh script based on the s value in the owner permissions (rws).

Set Group ID (SGID)

Set Group ID (SGID) applies to executable files and directories and enables file execution using the group's permissions instead of the user's permissions. Follow the steps below to enable SGID with files and directories on your Linux workstation.

  1. Use the g+s option with the chmod command to enable SGID permissions. For example, enable SGID on the hello.sh script.

    console 
    $ sudo chmod g+s hello.sh

  2. Enable SGID on the /var/www/html directory.

    console 
    $ sudo chmod g+s /var/www/html

  3. Use the 2 numeric mode to enable SGID while setting file permissions. For example, enable SGID and 755 permissions on the hello.sh script.

    console 
    $ sudo chmod 2755 hello.sh

    Within the above command:

    • 2: Enables the SGID bit.
    • 7: Grants read (r), write (w), and execute (x) permissions to the owner.
    • 5: Grants read (r) and execute (x) permissions to the group.
    • 5: Grants read (r) and execute (x) permissions to other users.

  4. View the hello.sh file permissions and verify that SGID is active.

    console 
    $ ls -l hello.sh

    Your output should be similar to the one below:

    -rwxr-sr-x 1 user group 123456 Jan  1 12:00 hello.sh

    The SGID bit is active on the hello.sh script based on the s option in the group permissions (-rwxr-sr-x) in the above output.

  5. List the /var/www/html permissions and verify that SGID is active.

    console 
    $ ls -ld /var/www/html

    Your output should be similar to the one below:

    drwxr-sr-x 2 user group 4096 Jan 1 12:00 /var/www/html

    The SGID bit is active on the /var/www/html directory based on the s option in the group's permissions (drwxr-sr-x) in the above output.

Change User and Group Ownership Permissions

You can change user and group ownership permissions on files or directories using the chown command. Follow the steps below to change the user and group ownership permissions using the chown command on your Linux workstation.

Use the following chown command syntax when changing user and group ownership permissions:

console 
$ chown [options] user:group [filename/directory]

For example:

  1. Grant linuxuser ownership privileges to file.txt.

    console 
    $ sudo chown linuxuser file.txt

    The above command sets linuxuser as the file.txt owner while keeping the group ownership unchanged.

  2. Grant the www-data group ownership privileges to the /var/www/html directory.

    console 
    $ sudo chown :www-data /var/www/html

    The above command sets the www-data as the /var/www/html directory owner while the file ownership permissions remain unchanged.

  3. Specify the user and group separated by : to change both the owner and group of a file or directory. For example, grant the www-data user and group ownership privileges to the /var/www/html directory.

    console 
    $ sudo chown www-data:www-data /var/www/html

  4. Use the R option to recursively change the owner and group for all files and subdirectories. For example, grant the www-data user and group ownership privileges to the /var/www/html directory and all subdirectories.

    console 
    $ sudo chown -R www-data:www-data /var/www/html

  5. Use the --reference option to copy the ownership permissions of one file to another. For example, copy the /var/www/html user and group permissions to file.txt.

    console 
    $ sudo chown --reference=/var/www/html file.txt

  6. View the owner and group permissions of file.txt and the /var/www/html directory to verify the changes.

    console 
    $ ls -l file.txt && ls -ld /var/www/html

    Your output should be similar to the one below:

    -rwxr-xr-- 1 www-data www-data 1024 Jan 1 12:00 file.txt
drwxr-xr-x 2 www-data www-data 4096 Jan 1 12:30 /var/www/html

Conclusion

You have managed file and directory permissions on your Linux workstation. Permissions define the access level and how system users interact with files or directories. You can use the chmod and chown commands to set permissions for specific files or directories to set up user access levels. For more information, run the man chown and man chmod commands to view the respective manual pages on your Linux workstations respectively.