File Permissions

File Permissions form an integral part of the LINUX/UNIX filesystem and is a great tool for implementing security policies.




Any directory or file can have three types of user that access it


-the person who owns the file

Group members

-every file apart from a owner has a group membership , or rather belongs to a group. A group is nothing but a list some users categorized for convenience. All user in the group for that file are called group members for the file


-all user leaving out the owner and group members belong to this category


Thus to define accessibility of a file we must set permissions explicitly for  each of these category of users.


to change the ownership of a file or directory


[[email protected] root]#chown ownername filename



to change the group ownership of a file or directory


[[email protected] root]#chgrp newgroupownername filename



For any particular type of user , a file can have three types of permission , namely –READ (r or 4) , WRITE (w or 2) and EXECUTE (x or 1).


Interpretation of permissions for files 


Permission  File


read User can look at the contents of the file User can list the files in the directory 
write  User can modify the contents of the file User can create new files and remove existing files in the directory 
execute User can run the file as a command  User can change into the directory, but cannot list the files unless (s)he has read permission. User can read files if (s)he has read permission on them. 



Note :

For folders the concept of read and write changes slightly. 

To have full read/write rights the user should have read /write as well as execute permission on that directory.



To view the permissions /owner /group of a file  we can use the ls command


ls –ld  <filename>


The output of the above command is something like this

drwxr-xr--  2   botskOOl    mygroup  0  Sep  6 00:27    abc.txt


the last section gives the filename .

the 10 character string drwxr-xr-- specifies the permissions and   are interpreted as

d : indicates a directory (will be a ‘-‘ for a file and ‘l’ for a link )

rwx  : read , write ,execute for owner i.e botskOOl

r-x : read and execute  for group member (members of mygroup in this case)

r--: read for all other users


thus , the positions in the string  denote the following


Position Represents
1 type of item (file/directory/link/device)
2-4 owner permissions 
5-7  group permissions
7-10 other
  • the order of writing rwx is immaterial , however conventionally this order is always preferred

Another way of representing permission is by the use of numbers 0-7

As already mentioned 

Read :: 4

Write :: 2

Execute ::1

Thus to give any particular permission we simply add the values corresponding to each permission.

For instance a permission of 5 refers to 4+1 i.e. Read +Execute


Number Permission
0 ---
1  --x
2 -w-
3 -wx
4 r-- 
5 r-x
6 rw-
7  rwx


Thus  to specify a full set of permissions we use a triplet , with one digit for  each use

For instance 741 imples 7 for owner , 4 for group members and 1 for others


chmod command

To change the permissions of a file use the chmod command


chmod  new_permissons filename



ls –ld  abc.txt

-rwxr-xr--  2   botskOOl    mygroup  0  Sep  6 00:27    abc.txt

chmod  741  abc.txt

ls –ld  abc.txt

-rwxr----x  2   botskOOl    mygroup  0  Sep  6 00:27    abc.txt


Another way of using chmod


To change the permissions for only a specific type of user we use the following syntax


chmod who=permissions filename

This gives “who” the specified permissions for a given filename.


The “who” is a list of letters that specifies whom you’re going to be giving permissions to. These may be specified in any order.


Letter Meaning
u owner
g group
o others
a all


Ls –ld  abc.txt

-rwxr-xr--  2   botskOOl    mygroup  0  Sep  6 00:27    abc.txt

Chmod  g=rw  abc.txt

Ls –ld  abc.txt

-rwxrw-r--  2   botskOOl    mygroup  0  Sep  6 00:27    abc.txt