Understanding Linux File Permissions the Right Way (With Real Examples)

If you work with Linux long enough, you will run into permission issues.
Permission denied is probably the most common error after command not found.

In this post, we’ll break down Linux file permissions in a practical, no-nonsense way—using real commands and examples you’ll actually use in production.

1. Why Linux Permissions Matter

Linux is a multi-user operating system. Permissions exist to:

Protect system files
Prevent accidental deletion or modification
Isolate users and services
Improve system security

Misconfigured permissions are a common cause of security breaches.

2. The Basic Permission Structure

Run this command:

ls -l

Example output:

-rw-r--r-- 1 root root 4096 Jan 10 10:30 config.conf

Let’s break it down:

-rw-r--r--
│ │  │  │
│ │  │  └─ Others
│ │  └──── Group
│ └─────── Owner
└───────── File type

3. File Types Explained

Symbol	Meaning
`-`	Regular file
`d`	Directory
`l`	Symbolic link
`c`	Character device
`b`	Block device

Example:

drwxr-xr-x 2 user user 4096 folder/

This is a directory (d).

4. Permission Values (r, w, x)

Permission	Symbol	Value
Read	`r`	4
Write	`w`	2
Execute	`x`	1

Example:

rw- = 6
r-x = 5
r-- = 4

So:

chmod 644 file.txt

Means:

Owner → read + write
Group → read
Others → read

5. Changing Permissions (chmod)

Numeric Mode

chmod 755 script.sh

Result:

Owner: rwx
Group: r-x
Others: r-x

Symbolic Mode

chmod u+x script.sh

Adds execute permission to the owner only.

chmod go-w file.txt

Removes write permission from group and others.

6. Ownership: chown and chgrp

Change Owner

chown user file.txt

Change Owner and Group

chown user:developers file.txt

Recursive Ownership Change (Be Careful!)

chown -R www-data:www-data /var/www/html

⚠️ Never run recursive chown on / or system directories.

7. Directory Permissions – The Common Trap

For directories:

r → list files
w → create/delete files
x → enter the directory

Without x, you cannot access files, even if you have read permission.

Correct permission for web directories:

chmod 755 /var/www/html

8. Special Permissions (Advanced but Important)

SUID (4)

chmod 4755 file

Runs file as file owner (e.g., /usr/bin/passwd).

SGID (2)

chmod 2755 directory

New files inherit group ownership.

Sticky Bit (1)

chmod 1777 /tmp

Users can delete only their own files.

9. Real-World Permission Best Practices

✅ Avoid chmod 777
✅ Use least privilege
✅ Separate users for services (nginx, mysql, etc.)
✅ Audit permissions regularly

Check risky permissions:

find / -perm 777 2>/dev/null

10. Quick Permission Cheat Sheet

Command	Purpose
`ls -l`	View permissions
`chmod`	Change permissions
`chown`	Change ownership
`stat file`	Detailed file info
`getfacl file`	ACL permissions

Monday, 29 December 2025