Linux Permissions, How Do They Work?

The Linux permission system for files can appear somewhat confusing to new Linux users. There's a system of letters or numbers all jumbled together in a seemingly unordered mess.

In reality, it's quite simple, once you understand how it's broken down. Start off by going to a folder in your home directory. The Downloads folder is usually a good option. Once you're there, run ls -lah.
$ cd ~/Downloads
$ ls -lah
You'll see a listing of all of the files and folders in Downloads To the far left is a column of letters and dashes. That is the notation for permissions.

That glob of letters and dashes can be broken down into four distinct sections. The dashes mean that there isn't a value there or that particular permission isn't enabled.

The first section lets you know if the file is a folder or a symbolic link. This is also the only section that only has one character, the first one. For regular files, that first character is a dash. For folders, it's a d, and for links, its an l.

The remaining three sections of three values represent the actual permissions. The first grouping handles the file owner's permissions. The second section is the file's group permissions. The last set of three is the file's public permissions.

It might be somewhat apparent, but each of the permission sections has an r, a w, and an x value or a dash signifying that that group doesn't have that permission.

Of course, r corresponds to "read," w is "write," and x means "execute."

For a better picture of how it works, take a look at this permission listing.
-rwxr-xr--
In this case, it's a regular file. The owner can read, write and execute the file. The group can read and write. All other users can only read it.

Take a look at a directory.
drwxr-xr-x
By default, the files in this directory can be read, written, and executed by the owner. The group and anyone else can read and execute.

Changing Permissions

The chmod utility can change the permissions of your files and folders. You need to own the files in order to change them with chmod, unless you are using it as root or with sudo.

chmod uses the u, g, and o options to change the permissions for the owning user, group, and others respectively. Take a look at how it works.
$ chmod g+w somefile.txt
The command above adds write permissions for the group on the file, somefile.txt.

chmod can also remove permissions.
$ chmod o-wx somefile.txt
That command removes write and execute permissions for other users.

You don't have to add or subtract to get the permissions that you want. You can also set the permissions equal to what you need.
$ chmod w=rx somefile.txt
There is also an a option to apply a change to all groups simultaneously.

The Numeric System

In addition to using letters to represent permissions, Linux also has a numeric system that can simplify the process. The system assigns a value to each permission. Add the numbers together to get the total permission value of the section.
r = 4
w = 2
x = 1
So, to set the permissions of a file where the owner has full permissions, the group has read and write, and everyone else only has read, you can use the following command.
$ chmod 764 somefile.txt
The numeric system is often used by applications and web hosting services because it is more concise than the letters. Take a look at this common example:
$ chmod 755 something.php
In many cases, you'd only want the owner to write the file, but web servers to be able to read and execute it.

Closing Thoughts

Once you get a solid grasp of Linux permissions, you can effectively control access to all files and directories on your system. You can improve your security and stop your users from making potentially harmful mistakes.