Linux File Permissions: From Basics to umask
File permissions are the foundation of Linux security, determining who can access, modify, or execute files and directories on your system. Whether you're a developer, system administrator, or Linux enthusiast, mastering permissions is essential for ...
File permissions are the foundation of Linux security, determining who can access, modify, or execute files and directories on your system. Whether you're a developer, system administrator, or Linux enthusiast, mastering permissions is essential for maintaining secure and properly functioning systems. This comprehensive foundation guide will take you from zero to confident with Linux file permissions.
What Are Linux File Permissions?
Linux file permissions control access to files and directories using a simple but powerful system inherited from Unix. Every file and directory has specific permissions that determine what different users can do with them.
Think of permissions like locks on doors in a building. Some rooms are open to everyone, others require special access, and some are restricted to building owners only. Linux permissions work similarly, providing different levels of access to different users.
The Three Permission Types
Linux uses three basic permission types that apply to both files and directories:
| Permission | Symbol | Numeric Value | For Files | For Directories |
| Read | r | 4 | View file contents | List directory contents |
| Write | w | 2 | Modify file contents | Create/delete files inside |
| Execute | x | 1 | Run file as program | Enter/access directory |
The Three User Categories
Permissions are assigned to three categories of users:
| Category | Description | Example |
| User (Owner) | The person who created or owns the file | The developer who created a script |
| Group | Users who belong to the file's assigned group | Team members working on a project |
| Others | Everyone else on the system | All other users who have system access |
Reading Permission Displays
When you use the ls -l command, Linux shows permissions as a string of characters. Let's learn to decode this information.
The Permission String Format
-rwxr-xr-x
This 10-character string breaks down as follows:
Character 1: File type
-= Regular filed= Directoryl= Symbolic linkc= Character deviceb= Block device
Characters 2-4: User (owner) permissions
Characters 5-7: Group permissions
Characters 8-10: Others permissions
You can also see below practical example for wattwizard.txt file:
Breaking down the above example:
-= Regular filerw-= Owner can read and writer--= Group can only readr--= Others can only read
The Numeric Permission System
Linux permissions can be represented using numbers, which is often faster and more precise than using letters.
How Numbers Work
Each permission type has a numeric value:
Read (r) = 4
Write (w) = 2
Execute (x) = 1
To calculate permissions, you add these values together for each user category.
Three-Digit Permission Codes
A complete permission set uses three digits representing User, Group, and Others:
755 = rwxr-xr-x
Breaking this down:
7 (User): 4+2+1 = rwx (full access)
5 (Group): 4+0+1 = r-x (read and execute)
5 (Others): 4+0+1 = r-x (read and execute)
Basic chmod Usage
The chmod (change mode) command is your primary tool for modifying file permissions. You can use either numeric or symbolic methods.
Numeric Method
The numeric method directly sets permissions using three-digit codes:
# Basic syntax
chmod [permissions] [file/directory]
# Examples
chmod 644 wattwizard.txt # Set file to rw-r--r--
chmod 755 script.sh # Set script to rwxr-xr-x
chmod 700 projects/ # Set directory to rwx------
Symbolic Method
The symbolic method uses letters and operators for more intuitive changes:
User symbols:
u= User (owner)g= Groupo= Othersa= All (user, group, and others)
Operators:
+= Add permission-= Remove permission== Set exact permission
Permission letters:
r= Readw= Writex= Execute
Practical chmod Examples
# Make a script executable
chmod +x script.sh # Add execute for all
chmod u+x script.sh # Add execute for owner only
# Secure a private file
chmod 600 private_data.txt # Only owner can read/write
# Standard file permissions
chmod 644 *.txt # Set all text files to standard permissions
# Standard directory permissions
chmod 755 */ # Set all subdirectories to standard permissions
File vs Directory Permissions
Permissions work differently for files and directories, and understanding this difference is crucial.
For Files
| Permission | Effect |
| Read (r) | Can view file contents using commands like cat, less, more |
| Write (w) | Can modify file contents using editors or redirection |
| Execute (x) | Can run the file as a program or script |
For Directories
| Permission | Effect |
| Read (r) | Can list directory contents with ls |
| Write (w) | Can create, delete, or rename files within the directory |
| Execute (x) | Can enter the directory with cd and access files inside |
Important Directory Permission Notes
Execute permission is required to enter directories - without it, you cannot
cdinto the directoryWrite permission allows file creation/deletion - even if you cannot write to individual files
Read permission without execute allows listing files but not accessing them
Visual File Type Recognition
Modern terminals use color coding to help you quickly identify file types and permissions, making navigation much easier.
Standard Color Scheme
| Color | File Type | Examples |
| Blue | Directory | folders, subdirectories |
| White/Default | Regular file | .txt, .conf, .log files |
| Green | Executable file | scripts, compiled programs |
| Red | Archive file | .zip, .tar.gz, .rar files |
| Pink/Magenta | Image file | .jpg, .png, .gif files |
| Cyan | Symbolic link | shortcuts to other files |
| Yellow | Device file | hardware device references |
Enabling Colors
Most modern Linux distributions have colors enabled by default, but you can ensure they're active:
# Check if colors are enabled
ls --color=auto
# Force color display
ls --color=always
Reading Visual Cues
Beyond colors, pay attention to these visual indicators:
Basic Troubleshooting
Permission issues are common, but most can be resolved quickly once you understand the symptoms and solutions.
Common Error Messages
"Permission denied"
Symptoms: Cannot execute a script or access a file
$ ./script.sh
bash: ./script.sh: Permission denied
Diagnosis and Solutions:
# Check current permissions
ls -l script.sh
# Add execute permission
chmod +x script.sh
# OR
chmod 755 script.sh
"Access denied" or "Cannot open directory"
Symptoms: Cannot enter a directory or list its contents
$ cd /secure/directory
bash: cd: /secure/directory: Permission denied
Solutions:
# Check directory permissions
ls -ld /secure/directory
# Add execute permission to enter directory
chmod +x /secure/directory
# Add read permission to list contents
chmod +r /secure/directory
Quick Diagnostic Commands
# Check your current user and groups
whoami # Your username
groups # Your group memberships
id # Detailed user/group info
# Check file/directory permissions
ls -l filename # File permissions
ls -ld directory/ # Directory permissions
ls -la # All files including hidden
# Test access permissions
test -r file && echo "Readable" || echo "Not readable"
test -w file && echo "Writable" || echo "Not writable"
test -x file && echo "Executable" || echo "Not executable"
Copying vs Moving Files
Understanding how permissions behave when copying or moving files:
# Copy preserves source permissions to new location
cp file1.txt file2.txt
# Move preserves permissions when staying on same filesystem
mv file1.txt /same/filesystem/
# Copy with explicit permission preservation
cp -p original.txt backup.txt
Umask: Understanding Default Permissions
Have you ever wondered why new files automatically get certain permissions when you create them? Linux uses a system called umask (user mask) to automatically set secure default permissions for new files and directories.
How umask Works
Think of umask as a security filter that automatically removes certain permissions from new files. Linux starts with maximum permissions and then subtracts the umask value:
Default starting permissions:
Files: 666 (rw-rw-rw-)
Directories: 777 (rwxrwxrwx)
umask subtracts permissions:
Your umask value determines which permissions to remove
The result is the actual permissions assigned to new files
Common umask Values
| User Type | umask Value | File Result | Directory Result | Description |
| Root | 022 | 644 (rw-r--r--) | 755 (rwxr-xr-x) | Standard secure defaults |
| Normal User | 002 | 664 (rw-rw-r--) | 775 (rwxrwxr-x) | Group-friendly defaults |
| Secure | 077 | 600 (rw-------) | 700 (rwx------) | Private-only access |
umask Calculation Examples
Let's see how this works in practice:
Example 1: Root user with umask 022
Files: 666 - 022 = 644 (rw-r--r--)
Directories: 777 - 022 = 755 (rwxr-xr-x)
Example 2: Normal user with umask 002
Files: 666 - 002 = 664 (rw-rw-r--)
Directories: 777 - 002 = 775 (rwxrwxr-x)
Managing Your umask
# Check your current umask
umask
# See umask in symbolic format
umask -S
# Temporarily change umask (current session only)
umask 022
# Test the effect
touch test_file.txt
mkdir test_directory/
ls -la test_*
Setting Permanent umask
To make umask changes permanent, add them to your shell configuration:
# Add to ~/.bashrc or ~/.bash_profile
echo "umask 022" >> ~/.bashrc
# Apply changes immediately
source ~/.bashrc
Practical umask Usage
# Create files with extra security
umask 077
touch sensitive_file.txt # Results in 600 permissions
# Return to normal defaults
umask 022
touch normal_file.txt # Results in 644 permissions
# Verify the difference
ls -l *_file.txt
Why umask matters:
Security: Prevents accidentally creating world-writable files
Consistency: Ensures predictable permission patterns
Automation: Works automatically without manual chmod commands
Finding Files with Specific Permissions
The find command is your powerful ally for locating files based on their permissions. This is essential for system maintenance, security audits, and troubleshooting.
Basic find Syntax for Permissions
find [path] -type [f/d] -perm [permission] [action]
Key components:
[path]: Where to search (.for current directory)-type f: Files only,-type d: Directories only-perm: Permission criteria[action]: What to do with found files
Finding Files by Exact Permission
# Find files with exactly 644 permission
find . -type f -perm 644
Finding Files by Permission Patterns
# Find all regular files in current directory
find . -type f
# Find all directories
find . -type d
# Find files with .txt extension
find . -type f -name "*.txt"
# Find files with .txt extension (case-insensitive)
find . -type f -iname "*.txt"
Practical Permission Searches
# Find executable files
find . -type f -perm 755 # Standard executable permissions
find . -type f -perm -u+x # Files executable by owner
# Find read-only files
find . -type f -perm 444 # Read-only for everyone
find . -type f -perm 644 # Standard file permissions
Using Absolute vs Relative Paths
# Search in current directory and subdirectories
find . -type f -perm 644
# Search in specific directory
find /home/username -type f -perm 644
# Search entire system (requires patience!)
find / -type f -perm 777 2>/dev/null
Note: The 2>/dev/null part hides "Permission denied" errors when searching system directories.
Combining find with Actions
# Find and list files with detailed information
find . -type f -perm 777 -ls
# Count how many files have specific permissions
find . -type f -perm 644 | wc -l
Common find Examples for Beginners
# Find all your shell scripts
find . -type f -name "*.sh"
# Find hidden files (starting with .)
find . -type f -name ".*"
# Find empty files
find . -type f -empty
# Find files modified today
find . -type f -mtime 0
# Find large files (larger than 1MB)
find . -type f -size +1M
Troubleshooting with find
# Find files you can't read
find . -type f ! -readable
# Find files you can't write to
find . -type f ! -writable
# Find files you can't execute
find . -type f ! -executable
Understanding find Output
When you run find . -type f -perm 644, you get a list of file paths:
./document.txt
./readme.md
./config/settings.txt
Each line represents a file that matches your criteria. You can then use these results with other commands or examine them individually.
When to Use find for Permissions
Daily tasks:
Locating scripts that need execute permissions
Finding configuration files with wrong permissions
Identifying files that might be security risks
System maintenance:
Security audits for world-writable files
Checking backup file permissions
Preparing files for deployment
Troubleshooting:
- Finding why a script won't execute (missing +x)
Conclusion
Linux file permissions form the cornerstone of system security and proper access control. By mastering the rwx model, numeric notation, chmod usage, umask automation, and find command searches, you've built a comprehensive foundation for working confidently with Linux systems.
