In the world of Linux, where multi-user systems and server security are foundational principles, understanding file permissions and ownership is crucial. Whether you're a beginner exploring your first Linux distribution or a seasoned system administrator managing critical servers, knowing how permissions work is key to ensuring the integrity, privacy, and functionality of your system.
This guide will take you deep into the core of Linux file permissions and ownership—what they are, how they work, how to modify them, and why they matter.
Why File Permissions and Ownership Matter in Linux
Linux is built from the ground up as a multi-user operating system. This means:
-
Multiple users can operate on the same system simultaneously.
-
Different users have different levels of access and control.
Without a permissions system, there would be no way to protect files from unauthorized access, modification, or deletion. File permissions and ownership form the first layer of defense against accidental or malicious activity.
Linux Permission Basics: Read, Write, Execute
Each file and directory in Linux has three basic types of permissions:
-
Read (r) – Permission to view the contents of a file or list the contents of a directory.
-
Write (w) – Permission to modify a file or create, rename, or delete files within a directory.
-
Execute (x) – For files, allows execution as a program or script. For directories, allows entering the directory (cd).
Permission Categories: User, Group, Others
Permissions are assigned to three distinct sets of users:
-
User (u) – The file's owner.
-
Group (g) – A group associated with the file.
-
Others (o) – Everyone else.
So for every file or directory, Linux evaluates nine permission bits, forming three sets of rwx, like so:
rwxr-xr--
This breakdown means:
-
rwx for the owner
-
r-x for the group
-
r-- for others
Understanding the Permission String
When you list files with ls -l, you’ll see something like this:
-rwxr-xr-- 1 alice developers 4096 Apr 4 14:00 script.sh
Let’s dissect it:
-
- – Regular file (other values include d for directory, l for symbolic link, etc.)
-
rwx – Owner (alice) has read, write, and execute permissions
-
r-x – Group (developers) has read and execute permissions
-
r-- – Others can only read the file
-
1 – Number of hard links
-
alice – Owner
-
developers – Group
-
4096 – File size in bytes
-
Apr 4 14:00 – Last modification date
-
script.sh – File name
File Ownership: User and Group
Every file and directory in Linux is associated with:
-
An owner (a user)
-
A group
When a user creates a file:
-
They become the owner by default.
-
The file is assigned to the user's primary group.
You can view ownership details using:
ls -l filename
To check group membership:
groups username
Changing Permissions with chmod
To change permissions, Linux uses the chmod command in two modes:
Symbolic ModeThis mode uses letters and symbols:
-
u = user (owner)
-
g = group
-
o = others
-
a = all
Operators:
-
= add permission
-
- = remove permission
-
= = assign exact permission
Examples:
chmod u x script.sh # Add execute to owner chmod g-w file.txt # Remove write from group chmod o=r file.txt # Set read-only for others
Numeric ModeThis mode uses octal values to represent permission bits:
| Permission | Value |
|---|---|
| Read (r) | 4 |
| Write (w) | 2 |
| Execute (x) | 1 |
You sum these for each category:
-
7 = rwx
-
6 = rw-
-
5 = r-x
-
4 = r--
Example:
chmod 755 script.sh
Means:
-
Owner: 7 = rwx
-
Group: 5 = r-x
-
Others: 5 = r-x
Changing Ownership with chown and chgrp
To change the owner and group of a file:
chown newuser:newgroup filename
Change only the owner:
chown newuser filename
Change only the group:
chgrp newgroup filename
Example:
chown alice:staff report.txt
Sets alice as the owner and staff as the group.
Special Permission Bits
In addition to the standard rwx permissions, Linux includes three special permission bits:
Setuid (Set User ID)-
Applies to executable files
-
Runs the program with the permissions of the file owner, not the user who runs it
chmod u s filename
Example permission string: -rwsr-xr-x
Setgid (Set Group ID)-
On files: similar to Setuid, but uses group permissions.
-
On directories: new files inherit the group of the directory.
chmod g s dirname
Sticky Bit-
Applies to directories
-
Only the file owner can delete files within the directory, even if others have write access.
Common on shared directories like /tmp.
chmod t /shared
Permission string: drwxrwxrwt
Viewing Detailed File Information
Two common ways to view permissions and ownership:
ls -lls -l filename
Shows basic file type, permissions, owner, group, and size.
statstat filename
Displays:
-
File type
-
Access rights
-
Owner and group
-
Inode and link count
-
Timestamps
Example output:
File: script.sh Size: 2048 Blocks: 8 IO Block: 4096 regular file Device: 802h/2050d Inode: 131072 Links: 1 Access: 2025-04-04 14:00:00.000000000 0000 Modify: 2025-04-04 13:45:00.000000000 0000 Change: 2025-04-04 13:50:00.000000000 0000 Birth: -
Best Practices for Managing Permissions
-
Use the principle of least privilege – grant only the necessary permissions.
-
Avoid using chmod 777 unless absolutely necessary—it makes files writable and executable by everyone.
-
Use groups to manage shared access to directories or files.
-
Regularly audit permissions using tools like find or acl.
Example to find world-writable files:
find / -type f -perm -o w
Advanced Tip: Access Control Lists (ACLs)
Standard permissions are sometimes not enough. ACLs allow more fine-grained access control.
Enable and view ACLs with:
getfacl filename setfacl -m u:bob:rw filename
This gives user bob read/write access to filename even if he’s not the owner or in the group.
Conclusion
Linux file permissions and ownership are not just a dry technical concept—they’re the foundation of system security and multi-user cooperation. Whether you're setting up a simple script or managing a production server, understanding and applying these concepts correctly ensures safety, control, and peace of mind.
Take the time to practice:
-
Create files and change their permissions
-
Test ownership with different users
-
Use tools like ls, chmod, chown, and stat
Once you master these tools, you'll unlock a much deeper level of control over your Linux system.
The above is the detailed content of Mastering Linux File Permissions and Ownership. For more information, please follow other related articles on the PHP Chinese website!
How does performance differ between Linux and Windows for various tasks?May 14, 2025 am 12:03 AMLinux performs well in servers and development environments, while Windows performs better in desktop and gaming. 1) Linux's file system performs well when dealing with large numbers of small files. 2) Linux performs excellently in high concurrency and high throughput network scenarios. 3) Linux memory management has more advantages in server environments. 4) Linux is efficient when executing command line and script tasks, while Windows performs better on graphical interfaces and multimedia applications.
How to Create GUI Applications In Linux Using PyGObjectMay 13, 2025 am 11:09 AMCreating graphical user interface (GUI) applications is a fantastic way to bring your ideas to life and make your programs more user-friendly. PyGObject is a Python library that allows developers to create GUI applications on Linux desktops using the
How to Install LAMP Stack with PhpMyAdmin in Arch LinuxMay 13, 2025 am 11:01 AMArch Linux provides a flexible cutting-edge system environment and is a powerfully suited solution for developing web applications on small non-critical systems because is a completely open source and provides the latest up-to-date releases on kernel
How to Install LEMP (Nginx, PHP, MariaDB) on Arch LinuxMay 13, 2025 am 10:43 AMDue to its Rolling Release model which embraces cutting-edge software Arch Linux was not designed and developed to run as a server to provide reliable network services because it requires extra time for maintenance, constant upgrades, and sensible fi
![12 Must-Have Linux Console [Terminal] File Managers](https://img.php.cn/upload/article/001/242/473/174710245395762.png?x-oss-process=image/resize,p_40)
12 Must-Have Linux Console [Terminal] File ManagersMay 13, 2025 am 10:14 AMLinux console file managers can be very helpful in day-to-day tasks, when managing files on a local machine, or when connected to a remote one. The visual console representation of the directory helps us quickly perform file/folder operations and sav
qBittorrent: A Powerful Open-Source BitTorrent ClientMay 13, 2025 am 10:12 AMqBittorrent is a popular open-source BitTorrent client that allows users to download and share files over the internet. The latest version, qBittorrent 5.0, was released recently and comes packed with new features and improvements. This article will
Setup Nginx Virtual Hosts, phpMyAdmin, and SSL on Arch LinuxMay 13, 2025 am 10:03 AMThe previous Arch Linux LEMP article just covered basic stuff, from installing network services (Nginx, PHP, MySQL, and PhpMyAdmin) and configuring minimal security required for MySQL server and PhpMyadmin. This topic is strictly related to the forme
Zenity: Building GTK Dialogs in Shell ScriptsMay 13, 2025 am 09:38 AMZenity is a tool that allows you to create graphical dialog boxes in Linux using the command line. It uses GTK , a toolkit for creating graphical user interfaces (GUIs), making it easy to add visual elements to your scripts. Zenity can be extremely u
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
Zend Studio 13.0.1
Powerful PHP integrated development environment
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
