All about Linux File Permissions and chmod

File permissions denote which users can read, write or execute files. It's important that only the users who need access to a file have it, to keep your system secure and functioning properly.

What are file permissions?

File permissions control who can read, write, or execute a file or folder on a Linux system. They exist to keep your data safe, prevent unwanted changes, and ensure programs only run when intended. Permissions are one of the foundations of Linux security — without them, anyone could change system files or read your private data. Permissions are set using the chmod command, which we’ll cover in detail below.

User types

Linux permissions are applied separately for three different categories of users:

Owner
Usually the person who created or owns the file.
Group
Other users who are members of the file’s group.
Others
Everyone else on the system who is not the owner or in the group.

Permission types

Read (r)

View file contents or list files in a folder.

Write (w)

Modify a file or add/remove files in a folder.

Execute (x)

Run a file as a program or enter a folder.

The chmod command

chmod stands for 'change mode'. It changes the permissions of a file or folder.You can use it in symbolic form (letters, like rwx) or numeric form (octal numbers, like 777).It works on single files or entire folders.

Symbolic representation

The first option for specifying permissions is via symbolic mode, which uses letters to define permissions for each user type. This makes it easier to remember, read and understand. Yet it's more verbose than octal. So, r means read, w means write, and x means execute. If one of these characters is replaced with a dash (-), it means that permission is not granted. Diagram explaining the structure of Linux file permission strings. Shows file type indicator followed by permissions for owner, group, and public. Example '-rwxr-xr-x' means owner can read, write, and execute, group can read and execute, others can read and execute.

Diagram explaining the structure of Linux file permission strings. Shows file type indicator followed by permissions for owner, group, and public. Example '-rwxr-xr-x' means owner can read, write, and execute, group can read and execute, others can read and execute.

Octal (numeric) representation

Octal mode uses numbers to represent permissions. Where read = 4, write = 2 and execute = 1. Then add these up to get a number, in this example 7, which means the specified user can read, write and execute the file. Similar to before, this is specified in the order of owner, group and others. So 755 means the owner has rwx (7), group has rx (5), and others have rx (5). Diagram showing chmod 755 in numeric and symbolic forms. Numeric form 755 corresponds to rwx for owner, r-x for group, and r-x for others, meaning owner can read, write, and execute, while group and others can only read and execute.

Diagram showing chmod 755 in numeric and symbolic forms. Numeric form 755 corresponds to rwx for owner, r-x for group, and r-x for others, meaning owner can read, write, and execute, while group and others can only read and execute.

If these numbers seem random to you, then it's helpful to know that they are calculated like any other binary digits. So, 111 (rwx) is 7, 101 (r-x) is 5, and 100 (r--) is 4.

Visual guide showing how Linux file permissions convert from symbolic form (rwx, r-x, r-x) to binary and then to numeric form (7, 5, 5) for user, group, and others.

Updating a single permission

Often, you won't want to change all permissions for a given file/folder, but just update one part. For example, just adding execute permission for the owner, removing write access for public users or setting read-only for the group. This can be done with the symbolic mode, using the `+`, `-` or `=` operators, following the format of `chmod [who][operator][permission] file`. Where `who` can be `u` (owner), `g` (group), `o` (others), or `a` (all). `operator` can be `+` (add), `-` (remove), or `=` (set exactly). Example: `chmod g-w file.txt` removes write permission from the group. Diagram explaining chmod syntax with three sections: 'Who' showing u for user, g for group, o for others, a for all; 'Operators' showing + to add, - to remove, and = to set exact permissions; and 'Permissions' showing r for read, w for write, and x for execute.

Diagram explaining chmod syntax with three sections: 'Who' showing u for user, g for group, o for others, a for all; 'Operators' showing + to add, - to remove, and = to set exact permissions; and 'Permissions' showing r for read, w for write, and x for execute.

Table showing examples of chmod commands for modifying file permissions, including who the changes apply to, the operation performed, the permission type, and an explanation. Examples include u+r for adding read access to owner, g-w for removing write access from group, and a=x for setting execute-only permission for all.

Changing permissions recursively

Use the `-R` flag to change permissions for all files and folders inside a directory. For example: `chmod -R 755 /var/www` will apply 755 to every file and folder under /var/www. But be careful, as recursive changes can break system files if used incorrectly.

Ownership and chmod

Permissions work alongside ownership. Each file has an owner and a group.

If you need to change who owns a file, use `chown`.

Example: `sudo chown user:group file.txt` changes both the owner and group.

Special bits

Beyond the standard read/write/execute, Linux has special permission bits:

Setuid (4)
Runs the file with the owner’s permissions instead of the user’s.
Setgid (2)
Runs the file with the group’s permissions. On directories, new files inherit the group.
Sticky (1)
On directories, prevents users from deleting files they don’t own. Common on /tmp.

Common chmod presets

Here are common permission sets and their uses:

Octal	Meaning
600	Owner can read/write. No access for others. SSH private keys.
644	Owner can read/write. Others can read. Default for many files.
700	Owner has full control. No access for others. Private scripts.
755	Owner can read/write/execute. Others can read/execute. Common for scripts.
777	Everyone can read/write/execute. Avoid unless for temporary shared folders.

Table mapping octal numeric values 0–7 to symbolic file permissions and their meanings. For example, 0 is no permissions (---), 4 is read only (r--), 5 is read and execute (r-x), and 7 is read, write, and execute (rwx).

Debugging file permissions

If something doesn’t work, you may see these errors:

Permission denied - Check if you have execute permission on files or read permission on folders. Add with `chmod +x file` or `chmod +r folder`.
Operation not permitted - You may need `sudo` to change system-owned files.
Read-only file system - The filesystem is mounted read-only. Remount with write permissions or contact your admin.
Cannot open file: No such file or directory - The file path may be wrong. Check with `ls`.

Security tips

Only make a file executable if it needs to be run.
Use 600 for private files and 644 for public-readable files.
Avoid 777 unless absolutely necessary.
Check permissions with `ls -l` before changing them.
Test changes on non-critical files first.