Quick Answer:
ls -lashows permissions. Format:-rwxr-xr--means owner can read/write/execute, group can read/execute, others can read only.chmod 755 filesets rwxr-xr-x.chmod 644 filesets rw-r--r--.chown user:group filechanges ownership.
How Permissions Work
Every file and directory in Linux has three sets of permissions for three types of users:
| User Type | Who | Example |
|---|---|---|
| Owner (u) | The user who owns the file | You created the file |
| Group (g) | Users in the file's group | Your team |
| Others (o) | Everyone else | The public |
Each set has three permissions:
| Permission | Letter | Number | On Files | On Directories |
|---|---|---|---|---|
| Read | r |
4 | View contents | List files inside |
| Write | w |
2 | Modify contents | Create/delete files inside |
| Execute | x |
1 | Run as program | Enter the directory (cd) |
Reading Permission Strings
ls -la
Output:
-rwxr-xr-- 1 sam developers 4096 Apr 06 12:00 script.sh
drwxr-xr-x 2 sam developers 4096 Apr 06 12:00 mydir/
Breaking down -rwxr-xr--:
- rwx r-x r--
│ │ │ │
│ │ │ └── Others: read only
│ │ └── Group: read + execute
│ └── Owner: read + write + execute
└── File type (- = file, d = directory, l = symlink)
Numeric (Octal) Notation
Add up the numbers for each permission:
| Permission | Number |
|---|---|
| Read (r) | 4 |
| Write (w) | 2 |
| Execute (x) | 1 |
| None (-) | 0 |
Three digits = owner, group, others:
| Octal | String | Meaning |
|---|---|---|
755 |
rwxr-xr-x | Owner full, others read+execute |
644 |
rw-r--r-- | Owner read+write, others read only |
700 |
rwx------ | Owner full, no one else |
600 |
rw------- | Owner read+write, no one else |
777 |
rwxrwxrwx | Everyone full access — never use this |
750 |
rwxr-x--- | Owner full, group read+execute |
664 |
rw-rw-r-- | Owner+group read+write, others read |
chmod — Change Permissions
Numeric Method
chmod 755 script.sh # rwxr-xr-x
chmod 644 config.txt # rw-r--r--
chmod 600 id_rsa # rw------- (SSH private key)
chmod 700 .ssh/ # rwx------ (SSH directory)
# Recursive (all files in directory)
chmod -R 755 /var/www/html/
Symbolic Method
chmod +x script.sh # Add execute for everyone
chmod u+x script.sh # Add execute for owner only
chmod g+w file.txt # Add write for group
chmod o-r file.txt # Remove read for others
chmod u=rwx,g=rx,o=r file # Set exact permissions
chmod a+r file.txt # Add read for all (a = all)
chown — Change Ownership
# Change owner
chown sam file.txt
# Change owner and group
chown sam:developers file.txt
# Change group only
chown :developers file.txt
# Or use chgrp:
chgrp developers file.txt
# Recursive
chown -R www-data:www-data /var/www/html/
Common Permission Patterns
| Use Case | Permission | Why |
|---|---|---|
| Web files | 644 |
Web server reads, only owner edits |
| Web directories | 755 |
Web server enters and lists, only owner modifies |
| Scripts | 755 |
Everyone can run, only owner edits |
| SSH private key | 600 |
SSH refuses to use keys with loose permissions |
| SSH directory | 700 |
Only your user can access |
| Shared directory | 775 |
Owner and group can modify |
| Config files | 640 |
Owner read/write, group read, others nothing |
| Secrets/passwords | 600 |
Only owner |
| Log files | 640 |
App writes, group reads for monitoring |
Special Permissions
SUID (Set User ID)
When set on an executable, it runs as the file owner instead of the user running it.
# Example: passwd runs as root even when a normal user runs it
ls -la /usr/bin/passwd
-rwsr-xr-x 1 root root 68208 ... /usr/bin/passwd
# ^ the 's' means SUID is set
# Set SUID
chmod u+s program
chmod 4755 program
SGID (Set Group ID)
On files: runs as the file's group. On directories: new files inherit the directory's group.
# Set SGID on directory (new files inherit group)
chmod g+s /shared/
chmod 2775 /shared/
Sticky Bit
On directories: only the file owner can delete their own files (even if others have write access). Used on /tmp.
ls -la /tmp
drwxrwxrwt ... /tmp
# ^ the 't' means sticky bit
# Set sticky bit
chmod +t /shared/
chmod 1777 /shared/
Troubleshooting
# Permission denied running a script?
chmod +x script.sh
# Can't edit a file?
ls -la file.txt # Check owner and permissions
sudo chown $USER file.txt # Take ownership
# SSH key refused?
chmod 600 ~/.ssh/id_rsa
chmod 700 ~/.ssh/
# Web server 403 Forbidden?
chown -R www-data:www-data /var/www/html/
chmod -R 755 /var/www/html/
# Find files with wrong permissions
find /var/www -not -user www-data # Wrong owner
find /var/www -type f -perm 0777 # World-writable files (bad)