Linux File Permissions
Master Unix/Linux permissions, ACLs, and access control security
Understanding Linux Permissions
Permission Model
Linux uses a discretionary access control (DAC) model with three permission types:
Read (r = 4)
View file contents, list directoryWrite (w = 2)
Modify file, add/remove in directoryExecute (x = 1)
Run file, access directoryPermission Entities
| Entity | Symbol | Description | Example Command |
|---|---|---|---|
| Owner (User) | u | The file owner | chmod u+w file |
| Group | g | Group members | chmod g-x file |
| Others | o | Everyone else | chmod o+r file |
| All | a | All three entities | chmod a+x file |
Reading Permission Output
-rw-r--r-- 1 user group 1024 Dec 1 10:00 file.txt- - : File type (- = file, d = directory, l = link)
- rw- : Owner permissions (read, write, no execute)
- r-- : Group permissions (read only)
- r-- : Others permissions (read only)
Common Permissions
| Octal | Symbolic | Use Case |
|---|---|---|
755 | rwxr-xr-x | Executable files, directories |
644 | rw-r--r-- | Regular files |
600 | rw------- | Private files (SSH keys) |
777 | rwxrwxrwx | Avoid! Security risk |
700 | rwx------ | Private directories |
664 | rw-rw-r-- | Group-editable files |
2775 | rwxrwsr-x | Shared project directories (SGID) |
1777 | rwxrwxrwt | Temp directories (sticky bit) |
⚠️ Security Tips
- Never use 777 permissions
- SSH keys must be 600
- Home directories: 700 or 750
- Web files: not writable by web server
- Review SUID/SGID files regularly