Linux/Unix Permissions Explained

Contact me at [Google+] [FaceBook] [Twitter] [Steam] [YouTube]

Posted on: Mon, 02/01/2016 - 21:50 By: Fratm

Lock IconAs a new user to the Linux world, some people find the permissions system a little bit confusing.  I know many years ago when I started out I struggled with permissions.. I even know a few professionals who still have problems remembering how the permissions system works.   Well fret no more, I am going to give you a quicker primer on how the permissions work.   This Intro to the Linux permissions system will attempt to breal down to a basic system that is easy to remember and hopefully will demistify how permissions work on your Linux, or any Unix based system.



Permissions Explained

To prepare for this tip we will need to make a copy of a program to work on.  When we are done you can delete the program if you’d like.

cp /usr/bin/free ~/


The Unix/Linux permission system is fairly straightforward, you have 3 sets of permission with 3 permissions per set.  The sets are:

U =    User
G =    Group
O =    Other or World

When you look at a file the permissions look like a group of 10 letters, each one having a special meaning, let’s look at an example of this.

$ ls -la ~/free

-rwxr-xr-x 1 fratm fratm 14648 Feb 10  2015 /home/fratm/free

Here is a breakdown of what this output means.

Column    Content               Description    
1         -rwxr-xr-x         File Permissions.
2         1                  Link count to file.
3         fratm              Owner’s username.
4         fratm              Group name.
5         14648               File size.
6         Feb 10 2015         Date of last modification.
7         /home/fratm/free    Path to the file and filename.

The first column on a file or directory listing is the permissions column, It is actually 3 sets of permissions, with the first character being the file type, a - for a file, and a d for a directory, l for a symbolic link, etc.. 

Let’s break this file’s permissions down by set.  the first bit is the file type, and since it is a - that tells us that it is a regular file, the next 3 bits is the user/owner’s (U) permissions, the following 3 is the groups (G) permissions, and the last 3 is the (O) Other or World permissions.

The reason I call these bits, is because that’s what they are, a bit can either be on or off, a 1 or a 0.   It just happens that the ls command displays those bits as letters to make it easier to read and understand.  If the directory listing looked like this :

0111101101 1 fratm fratm 14648 Feb 10  2015 /home/fratm/free

It may be a little hard to understand, so the ls command uses letters in each spot to represent what that bit is used for.

So to break this down even more, we could do this.

Set            Permission                    Binary        Octal
T = -          This is a file.               0             0
U = rwx        Read, Write, Execute          111           7
G = r-x        Read, Execute                 101           5
O = r-x        Read, Execute                 101           5

The Octal representation of the permissions on this file is 0755

You can see from this chart that the file at ~/free can be read, written to and executed by the owner of the file, which in this case is fratm.  You can also see that anyone in the group fratm can read and execute the file, but unless they are the user fratm cannot write to the file, and then lastly Other (Or world) users can read and execute the file too.

If we wanted to change the permissions of a file we can use a program call chmod, we can either specify the new permissions with the set plus the letters we want to add or remove, or we can pass the Octal representation of the new permissions to the file.

For example, if we didn’t want the Other/World users to be able to execute this program we could change it like this :

    chmod o-x ~/free

Then the permissions would look like this :

    -rwxr-xr-- 1 fratm fratm 14648 Feb 10  2015 /home/fratm/free

Or to break it down more clearly :

Set            Permission                     Binary        Octal
T = -           This is a file.                 0              0
U = rwx         Read, Write, Execute            111            7
G = r-x         Read, Execute                   101            5
O = r--         Read                            100            4

with a Octal representation of 0754

If you wanted to change the permissions using Octal, it would look like this:

    chmod 0754 ~/free

You may be wondering why you would even want to use Octal since the letter version is so much easier to understand.  Well, if you want to make changes to more than one permission set, it is easier to figure out the Octal mode and issue it, then it is to do multiple character versions of the command.

For example, if you wanted to make it so group and other could not execute the file, you would issue this command :
    chmod 0744 ~/free


    chmod g-x ~/free
    chmod o-x ~/free

One command vs 2 commands.    It is also a good idea to use the Octal representation when you need to make difference changes on different sets.   

There is a shortcut that you can use when you want all 3 permission sets to be the same, and that is to use the a set instead of the one of the 3 sets listed.  the a set actually means all.  So if you want no one to be able to execute that file you would issue the command like this :

    chmod a-x ~/free

That would make the new permissions -rw-r--r--  or 0644

So far we covered how to remove a permissions from a file.  Now we may want to add a permission.  If you followed the steps above then our ~/free program is no longer executable to anyone. 

We can either re-add the execute bit to each group using the Octal method.  Which would look something like this :

 Set            Permission                     Binary        Octal
T = -           This is a file.                  0              0
U = rwx         Read, Write, Execute             111            7
G = r-x         Read, Execute                    101            5
O = r-x         Read, Execute                    101            5

Our Octal number would be 0755, our chmod would look like this :

    chmod 0755 ~/free

Or we can set the x bit on each set with the character version of chmod and use the a to represent all 3 sets like this :

    chmod a+x ~/free

There are other bits that can be used with the chmod command that make files and directories act differently.  This is a more advanced topic that this tutorial is not meant to cover, but if you are curious, then I recommend reading this article which has a great set of examples on the different bit types, how to set them and what they do.