Linux File Permissions and Security - Complete Guide

September 7, 2025 CodeWithGarry Ulinux 10 min read

Comprehensive guide covering essential concepts, practical examples, and best practices. Learn with step-by-step tutorials and real-world applications.

Back to Articles

Understanding Linux File Permissions

Linux file permissions are a fundamental security feature that controls who can read, write, or execute files and directories. Understanding and properly managing these permissions is crucial for maintaining system security and preventing unauthorized access.

"Security is not a product, but a process. Linux file permissions are your first line of defense in creating a secure system environment."

The Permission System Overview

Linux uses a permission system based on three types of users and three types of permissions:

User Types

  • Owner (u): The user who owns the file
  • Group (g): Users in the file's group
  • Other (o): All other users

Permission Types

  • Read (r): View file contents or list directory
  • Write (w): Modify file or directory contents
  • Execute (x): Run file or access directory

Reading Permission Strings

When you run ls -l, you see permission strings like this:

-rwxr-xr--

Let's break this down:

Position Meaning Example Description
1 File type - Regular file (d for directory, l for link)
2-4 Owner permissions rwx Owner can read, write, execute
5-7 Group permissions r-x Group can read and execute
8-10 Other permissions r-- Others can only read

Using chmod to Change Permissions

The chmod command changes file permissions. You can use it in two ways:

Symbolic Mode

# Add execute permission for owner
chmod u+x script.sh

# Remove write permission for group
chmod g-w file.txt

# Set read-only for others
chmod o=r document.txt

# Add read permission for all
chmod a+r public.txt

Numeric (Octal) Mode

Each permission has a numeric value:

Octal Binary Permissions Description
7 111 rwx Read, write, execute
6 110 rw- Read, write
5 101 r-x Read, execute
4 100 r-- Read only
0 000 --- No permissions

Common Permission Examples

# Make file executable for owner only
chmod 700 private_script.sh

# Standard file permissions (owner: rw, group: r, other: r)
chmod 644 document.txt

# Directory permissions (owner: rwx, group: rx, other: rx)
chmod 755 public_directory/

# Secure file (owner: rw, no access for others)
chmod 600 secrets.txt

Changing Ownership with chown

The chown command changes file ownership:

# Change owner
sudo chown newuser file.txt

# Change owner and group
sudo chown newuser:newgroup file.txt

# Change only group
sudo chown :newgroup file.txt

# Recursive change for directories
sudo chown -R user:group directory/

Special Permissions

Linux has three special permission bits:

Setuid (SUID)

File executes with owner's privileges

chmod u+s file

Setgid (SGID)

File executes with group's privileges

chmod g+s file

Sticky Bit

Only owner can delete files in directory

chmod +t directory

Access Control Lists (ACLs)

For more granular control, Linux supports Access Control Lists:

# Set ACL for specific user
setfacl -m u:username:rwx file.txt

# Set ACL for specific group
setfacl -m g:groupname:r file.txt

# View ACLs
getfacl file.txt

# Remove ACL
setfacl -x u:username file.txt

Security Best Practices

Security Guidelines

  • Follow the principle of least privilege
  • Regularly audit file permissions
  • Be cautious with SUID/SGID files
  • Protect sensitive files with 600 permissions
  • Use groups for shared access management

Common Security Scenarios

# Secure SSH keys
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub

# Secure web directory
sudo chmod -R 755 /var/www/html
sudo chown -R www-data:www-data /var/www/html

# Secure configuration files
sudo chmod 640 /etc/some-config.conf
sudo chown root:admin /etc/some-config.conf

Troubleshooting Permission Issues

Common permission problems and solutions:

Problem Cause Solution
Permission denied Insufficient permissions Check and adjust with chmod/chown
Cannot execute script Missing execute permission chmod +x script.sh
Cannot access directory Missing execute on directory chmod +x directory
Web files not accessible Wrong ownership/permissions chown www-data:www-data files

Advanced Permission Management

For enterprise environments, consider these advanced tools:

Using umask

# Set default permissions for new files
umask 022  # Default: 644 for files, 755 for directories

# View current umask
umask

# Set more restrictive umask
umask 077  # Default: 600 for files, 700 for directories

Finding Files by Permissions

# Find world-writable files
find /path -type f -perm -o+w

# Find SUID files
find /usr -type f -perm -4000

# Find files with specific permissions
find /home -type f -perm 644

Conclusion

Understanding Linux file permissions is essential for maintaining system security and proper access control. Start with the basics of chmod and chown, then gradually explore advanced features like ACLs and special permissions as your needs grow.

Remember: good security practices begin with proper permission management. Regular audits and following the principle of least privilege will help keep your Linux systems secure and well-organized.