Skip to content

Linux File Permissions Explained (chmod, chown, chgrp)

Linux file permissions control who can read, write, and execute files. Here’s everything you need to know.

The Permission Model

Every file and directory has three permission sets:

Owner  Group  Others
 rwx    r-x    r--
  • r — read
  • w — write
  • x — execute

Viewing Permissions 

ls -l filename
-rw-r--r-- 1 alice developers 1024 Jun 19 10:00 file.txt

Breakdown:

  • - — file type (- = file, d = directory, l = symlink)
  • rw- — owner can read and write
  • r-- — group can only read
  • r-- — others can only read
  • alice — owner
  • developers — group

chmod — Change Permissions

Symbolic Mode 

chmod u+x file.sh       # add execute for owner
chmod g-w file.txt      # remove write for group
chmod o+r file.txt      # add read for others
chmod a+x script.sh     # add execute for everyone (a = all)
chmod u=rw,g=r,o= file  # set explicitly

Numeric Mode (Octal) 

# r=4, w=2, x=1
chmod 755 script.sh     # rwxr-xr-x
chmod 644 file.txt      # rw-r--r--
chmod 600 secret.txt    # rw-------
chmod 777 file          # rwxrwxrwx (avoid this)
NumberPermission
7rwx (read, write, execute)
6rw- (read, write)
5r-x (read, execute)
4r– (read only)
0— (no permissions)

Recursive 

chmod -R 755 /path/to/dir   # change all files and directories
chmod -R u+rwX /path        # +X adds execute only for directories

chown — Change Owner 

chown alice file.txt              # change owner
chown alice:developers file.txt   # change owner and group
chown :developers file.txt        # change group only
chown -R alice:developers /path   # recursive

chgrp — Change Group 

chgrp developers file.txt
chgrp -R developers /path/to/dir

Special Permissions

SUID (4xxx)

Runs as the file owner, not the user executing it.

chmod u+s /usr/bin/program   # set SUID
chmod 4755 /usr/bin/program  # rwsr-xr-x

SGID (2xxx)

Runs as the file group. For directories, new files inherit the directory’s group.

chmod g+s /shared/directory   # set SGID
chmod 2755 /shared/directory  # rwxr-sr-x

Sticky Bit (1xxx)

Only file owners can delete their own files. Used on /tmp.

chmod +t /shared/directory    # set sticky bit
chmod 1755 /shared/directory  # rwxr-xr-t

umask — Default Permissions

Sets the default permissions for new files:

umask 022   # files: 644, dirs: 755 (default on most systems)
umask 077   # files: 600, dirs: 700 (more secure)

Common Directory Permissions 

chmod 755 /var/www/html       # standard web directory
chmod 700 ~/.ssh              # SSH keys
chmod 600 ~/.ssh/id_rsa       # private key
chmod 644 ~/.ssh/id_rsa.pub   # public key
chmod 750 /shared/project     # collaborative directory

Quick Reference 

# Common commands at a glance
chmod 644 file.txt            # rw-r--r--  (standard file)
chmod 755 script.sh           # rwxr-xr-x  (executable)
chmod 700 private/            # rwx------  (private directory)
chown user:group file.txt     # set owner:group

Related: Check our Linux command cheat sheet and grep command guide.