Skip to main content

Command Palette

Search for a command to run...

How to Manage File Permissions in Linux

Published
7 min readView as Markdown

Managing file permissions in Linux is essential for keeping your system secure and organized. If you’re new to Linux or want to improve your skills, understanding how to control who can read, write, or execute files is a must. In this article, I’ll guide you through the basics and advanced techniques for managing file permissions effectively.

You’ll learn how to check permissions, change them using commands, and apply best practices to protect your files. Whether you’re a system administrator or a casual user, mastering file permissions will help you avoid accidental data loss and unauthorized access.

Understanding Linux File Permissions

Linux uses a simple but powerful system to control access to files and directories. Every file has three types of permissions: read, write, and execute. These permissions apply to three categories of users:

  • Owner: The user who owns the file.
  • Group: A set of users grouped together.
  • Others: Everyone else on the system.

Each permission controls what actions these users can perform:

  • Read (r): Allows viewing the contents of a file or listing a directory.
  • Write (w): Allows modifying or deleting the file or adding/removing files in a directory.
  • Execute (x): Allows running a file as a program or entering a directory.

You can see these permissions when you list files using the ls -l command. For example:

-rwxr-xr-- 1 alice staff 4096 Apr 10 12:00 script.sh

This means:

  • Owner (alice) has read, write, and execute permissions.
  • Group (staff) has read and execute permissions.
  • Others have only read permission.

Checking File Permissions

Before changing permissions, you need to check the current settings. The most common way is using the ls -l command in the terminal.

ls -l filename

This shows a detailed list including permissions, owner, group, size, and modification date. For directories, you can add the -d option to see the directory’s own permissions instead of its contents.

You can also use stat for more detailed information:

stat filename

This command provides numeric permission codes and timestamps, which can be useful for scripting or troubleshooting.

Changing File Permissions with chmod

The chmod command is the primary tool to change file permissions. It supports two modes: symbolic and numeric.

Symbolic Mode

In symbolic mode, you specify which user category to change (u for owner, g for group, o for others, a for all) and what permission to add (+), remove (-), or set (=).

Examples:

  • Add execute permission for the owner:

    chmod u+x filename
    
  • Remove write permission for others:

    chmod o-w filename
    
  • Set read and write permissions for group only:

    chmod g=rw filename
    

Numeric Mode

Permissions can also be set using numbers. Each permission has a value:

  • Read = 4
  • Write = 2
  • Execute = 1

Add these values for each user category. For example, chmod 754 filename means:

  • Owner: 7 (4+2+1) = read, write, execute
  • Group: 5 (4+0+1) = read, execute
  • Others: 4 (4+0+0) = read only

This mode is faster once you understand the values.

Changing Ownership with chown and chgrp

Sometimes, you need to change who owns a file or which group it belongs to. This is done with chown and chgrp.

  • Change owner:

    sudo chown newowner filename
    
  • Change group:

    sudo chgrp newgroup filename
    
  • Change both owner and group:

    sudo chown newowner:newgroup filename
    

You often need superuser privileges (sudo) to change ownership.

Managing Directory Permissions

Directories have special considerations. The execute permission on a directory allows you to enter it and access files inside.

  • Read (r): Allows listing files.
  • Write (w): Allows creating or deleting files.
  • Execute (x): Allows entering the directory.

For example, if a directory lacks execute permission, you cannot access files inside even if you have read permission.

To set directory permissions recursively, use the -R option with chmod or chown:

chmod -R 755 /path/to/directory

This changes permissions for the directory and all its contents.

Using umask to Set Default Permissions

When you create new files or directories, Linux assigns default permissions based on the umask value. The umask subtracts permissions from the system default.

  • Default file permissions are usually 666 (read and write for all).
  • Default directory permissions are 777 (read, write, execute for all).

If your umask is 022, new files get 644 (666 - 022), and directories get 755 (777 - 022).

You can check your current umask by typing:

umask

To change it temporarily, run:

umask 027

This is useful for setting stricter default permissions.

Special Permissions: SUID, SGID, and Sticky Bit

Linux also supports special permissions that control advanced behaviors.

  • SUID (Set User ID): When set on an executable file, it runs with the file owner’s permissions. Useful for programs needing elevated rights.

  • SGID (Set Group ID): When set on a file, it runs with the group’s permissions. When set on a directory, new files inherit the directory’s group.

  • Sticky Bit: When set on a directory, only the file owner or root can delete or rename files inside. Commonly used on /tmp.

You can set these with chmod using numeric codes or symbolic notation:

  • SUID: chmod u+s filename or add 4000
  • SGID: chmod g+s filename or add 2000
  • Sticky bit: chmod +t directory or add 1000

Example:

chmod 4755 /usr/bin/someprogram

This sets SUID and standard permissions.

Best Practices for Managing File Permissions

Managing permissions carefully helps keep your system secure and functional. Here are some tips:

  • Follow the principle of least privilege: Only give users the permissions they need.
  • Use groups to manage access: Assign users to groups and set group permissions accordingly.
  • Avoid giving write permissions to others: This reduces the risk of unauthorized changes.
  • Regularly audit permissions: Use scripts or tools to check for insecure settings.
  • Be cautious with SUID/SGID: These can create security risks if misused.
  • Use ACLs (Access Control Lists) for fine-grained control: ACLs allow more detailed permissions beyond the standard model.

Using Access Control Lists (ACLs)

ACLs provide more flexibility than traditional permissions. They let you assign permissions to multiple users or groups on a single file.

To check if a file has ACLs:

getfacl filename

To set an ACL:

setfacl -m u:username:rwx filename

This gives username read, write, and execute permissions.

To remove an ACL:

setfacl -x u:username filename

ACLs are useful in complex environments where multiple users need different access levels.

Troubleshooting Permission Issues

Sometimes, you might face permission errors even after setting permissions correctly. Here are common causes and fixes:

  • Wrong ownership: Check with ls -l and fix with chown.
  • Missing execute permission on directories: Add execute permission to access files.
  • Sticky bit missing on shared directories: Add sticky bit to prevent unauthorized deletions.
  • Conflicting ACLs: Use getfacl to review and adjust ACLs.
  • File system mounted with restrictive options: Check /etc/fstab or mount options.

If you get “Permission denied” errors, verify both permissions and ownership carefully.

Summary Table of Common Commands

CommandPurposeExample
ls -l filenameView permissionsls -l myfile.txt
chmod u+x filenameAdd execute for ownerchmod u+x script.sh
chmod 755 filenameSet numeric permissionschmod 755 mydir
chown user filenameChange file ownersudo chown alice file.txt
chgrp group filenameChange file groupsudo chgrp staff file.txt
chmod +t directorySet sticky bit on directorychmod +t /tmp
getfacl filenameView ACLsgetfacl myfile
setfacl -m u:bob:rwx fileAdd ACL for user bobsetfacl -m u:bob:rwx file.txt

Conclusion

Managing file permissions in Linux is a skill that improves your control over system security and file access. By understanding the basics of read, write, and execute permissions, and using commands like chmod, chown, and ACL tools, you can protect your files from unauthorized access.

Remember to apply the principle of least privilege and regularly check your permissions to avoid security risks. With practice, managing Linux file permissions becomes second nature, helping you keep your system safe and organized.


FAQs

How do I check the permissions of a file in Linux?

Use the ls -l filename command to see detailed permissions, ownership, and other file information.

What does the numeric permission 755 mean?

It means the owner has full permissions (read, write, execute), while group and others have read and execute permissions only.

How can I change the owner of a file?

Use sudo chown newowner filename to change the file’s owner. You may need superuser privileges.

What is the sticky bit and when should I use it?

The sticky bit restricts file deletion in a directory to the file owner or root. It’s useful in shared directories like /tmp.

Can I set different permissions for multiple users on one file?

Yes, using Access Control Lists (ACLs) with setfacl allows fine-grained permission control for multiple users.

More from this blog

L

LinuxBloke | Linux Tips, Tricks & Troubleshooting

672 posts