Linux file permissions cheat sheet

Linux File Permissions Cheat Sheet

File permissions, i.e., controlling access to files and directories (folders), are indispensable. If you have written custom Bash scripts, chances are you’ve lost count of how many times you invoke the chmod +x myscript.sh command. In performing system administrative tasks, you need to be familiar with the su or sudo commands.

From time to time, you may need a refresher on file permissions. At work, you may have to protect classified data from prying eyes on company servers, often hosted on Linux. Also, imagine the losses you incur if you fail to prevent accidental changes to critical files or malicious behavior.

This Linux file permissions cheat sheet is the refresher you need. It covers types of file permissions, user categories to which they apply, chmod, su/sudo, and related Linux commands.

You may download the PDF of this cheat sheet here. If you’re still here, let’s dive in.

Permissions

The following commands display file/directory permissions:

CommandDescription
ls -l foo.shCheck permissions of file foo.sh
ls -ld barCheck permissions of directory bar
Permission Scope and file details

Permissions, scope and file details upon executing ls -l or ls -ld

Permission in symbolic notation

Permissions in symbolic notation

The permissions on files and directories span four scopes:

ScopeSymbolDescription
UseruThe owner of the file or directory
GroupgThe group of users to who can access the file or directory
OtheroOther users (world)
AllaAll users

File Permissions

Permission typeSymbolIf a file has this permission, you can:If a directory has this permission, you can:
ReadrOpen and view file contents (cat, head, tail)Read directory contents (ls, du)
WritewEdit, delete or rename file (vi)Edit, delete or rename directory and files within it; create files within it (touch)
ExecutexExecute the fileEnter the directory (cd); without x, the directory’s r and w permissions are useless
None-Do nothingDo nothing

Permission-Related Commands

CommandDescription
chmod permission fooChange the permissions of a file or directory foo according to a permission in symbolic or octal notation format. Examples:
chmod +x fooGrant execute permissions to all users to foo using symbolic notation.
chmod 777 fooGrant read, write and execute permissions to all users to foo using octal notation.
chown user2 fooChange the owner of foo to user2.
chgrp group2 fooChange the group to which foo belongs to group2.
umaskGet a four-digit subtrahend.
Recall in subtraction: minuend subtrahend = difference
If the minuend is 777, the difference is your default directory permissions; if it’s 666, the difference is your default file permissions.
su / sudo / sudo -iInvoke superuser privileges.
idFind your user id and group id.
groupsFind all groups to which you belong.

If you run a command beyond the permissions granted, you get errors such as “Permission denied” or “Operation not permitted”.

Changing Permissions

There are two methods to represent permissions on the command line. The first argument of the chmod command admits both representations.

MethodFormat of permissionExamplesNon-chmod application
Symbolic notationA short text string consisting of one character of [u/g/o/a], one of the assignment symbols [+/-/=] and at least one of [r/w/x]. If you omit u/g/o/a, the default is a.u+rg-wxo=rx+x (i.e., a+x)ls -l and ls -ld command outputs, e.g.
-rwxrw-r--x
Here, - denotes the absence, not the removal, of a permission.
Octal notationthree-digit octal number ranging from 000 to 777774
640
Computing default permissions with umask

Symbolic Notation

This notation is used in the ls -l and ls -ld command outputs, and it uses a combination of u/g/o/a (denoting the scope ), +/-/=, and r/w/x to change permissions. If you omit u/g/o/a, the default is a.

The notation +/-/= refers to granting/removing/setting various permissions.

Here are some examples of chmod usage with symbolic notation. You may change more than one permission at a time, joining symbolic notations with a comma (,) as shown in the fourth example below.

Command in symbolic notationChange in user (u) permissionsChange in group (g) permissionsChange in world (o) permissions
chmod +x foo Execute Execute Execute
chmod a=x foo Read
Write
Execute
Read
Write
Execute
Read
Write
Execute
chmod u-w foo Write(No change)(No change)
chmod u+wx,g-x,o=rx foo Write
Execute
Execute Read
Write
Execute

Octal Notation

This notation is a three-digit number, in which each digit represents permissions as the sum of four addends 4, 2, and 1 corresponding to the read (r), write (w) and execute (x) permissions respectively.

  • The first digit applies to the user (owner) (u).
  • The second digit applies to the group (g).
  • The third digit applies to the world (other users) (o).
Octal digitPermission(s) grantedSymbolic
0None[u/g/o]-rwx
1Execute permission only[u/g/o]=x
2Write permission only[u/g/o]=w
3Write and execute permissions only: 2 + 1 = 3[u/g/o]=wx
4Read permission only[u/g/o]=r
5Read and execute permissions only: 4 + 1 = 5[u/g/o]=rx
6Read and write permissions only: 4 + 2 = 6[u/g/o]=rw
7All permissions: 4 + 2 + 1 = 7[u/g/o]=rwx

Here are some examples of chmod usage with octal notation:

Command in octal notationChange in user (u) permissionsChange in group (g) permissionsChange in world (o) permissions
chmod 777 foo Read
Write
Execute
Read
Write
Execute
Read
Write
Execute
chmod 501 foo Read
Write
Execute
Read
Write
Execute
Read
Write
Execute
chmod 365 foo Read
Write
Execute
Read
Write
Execute
Read
Write
Execute
chmod 177 foo Read
Write
Execute
Read
Write
Execute
Read
Write
Execute

Conversion Between Symbolic and Octal Notations

To visualize octal notation, let ↔ map symbolic notation to binary numbers (0 = permission denied, 1 = permission granted), and let ⇔ convert between the binary and octal numeric system. You have:

  • r ↔ 1002 ⇔ 48,
  • w ↔ 0102 ⇔ 28, and
  • x ↔ 0012 ⇔ 18.

Therefore, each combination of r, w, and x corresponds to the unique sum of their numerical representations, such as full rwx permissions ↔ 111 111 1112 ⇔ 7778, as follows:

Symbolic notation (ls -l)Binary representationOctal notation
rwxr-xr-x111 101 101755
rw-r--r--110 100 100644
rwx------111 000 000700
r-xr-xr-x101 101 101555

Default Permissions

Apart from being an alternative to symbolic notation, octal notation has a special use case with the umask command.

To check what permissions you have as the current user, use the umask command to get a four-digit number which, if subtracted from 0777, gives your default permissions for creating a directory and, if subtracted from 0666, gives your default permissions for creating a file.

Usage: 

CommandDescription
umaskFind your default user and group permissions when you create a new file or directory

Examples:

umask outputDefault directory permissionsDefault file permissions
0002Octal: 777 – 2 = 775
Symbolic: rwxrwxr-x
Octal: 666 – 2 = 664
Symbolic: rw-rw-r--
0022Octal: 777 – 22 = 755
Symbolic: rwxr-xr-x
Octal: 666 – 22 = 644
Symbolic: rw-r--r--
0314Octal: 777 – 314 = 463
Symbolic: r--rw–wx
Octal: 666 – 314 = 352
Symbolic: -wxr-x-w-

Changing Ownership

Before changing the ownership of any file or directory, you need to know how your computer identifies users and groups. Two useful commands are id and groups.

Usage:

CommandDescription
idFind your user id (uid) and your group id (gid)
groupsFind the group(s) your user belongs to

Example:

id outputDescription
uid=501(teacher) gid=20(staff) groups=20(staff),12(everyone),61(localaccounts)Your user id (uid) is 501.
Your group id (gid) is 20.
Your user belongs to three groups: staff, everyone and localaccounts.
groups outputDescription
staff everyone localaccountsYour user belongs to three groups: staff, everyone and localaccounts.

Superuser

Most Linux distributions contain a program which lets you access the terminal as the superuser (or root user). This program helps experienced users perform system administration tasks.

The two ways to invoke this program are the commands su (short for substitute user) to open up a dedicated root shell and sudo to execute commands appended to it inline. In both cases, you will need to enter the superuser’s password to proceed with the task you intend to perform.

Modern distributions don’t set the superuser password, so in that situation, use the sudo -i command to enter the root shell.

The shell symbol changes from $ to # in the root shell. It is a reminder that with great power comes great responsibility. To quit the root shell, use the exit command.

Command (includes shell symbol)symbol)
Description of command
Output prompt and (new) shell symbol
$ suInvoke superuser shellPassword: 
#
$ sudo some_commandInvoke superuser privilege in running some_commandPassword:
$
$ sudo -iInvoke superuser shell if su is disabledPassword:
#

Use these superuser commands with care.

Changing File Ownership

If you have superuser privileges, you may change the (user) owner of a file or directory by using the chown command. If you know the uid of the new owner, you may replace user2 below with the corresponding uid as well.

CommandDescription
sudo chown user2 fooTransfer user ownership of foo to user2
sudo chown 102 fooTransfer user ownership of foo to the user with uid=102

Changing Group Ownership

If you’re the owner of a file or directory, you may change the group ownership of a file or directory by using the chgrp command.

CommandDescription
chgrp group2 fooTransfer the ownership of file/directory foo to group group2
chgrp 2 fooTransfer the ownership of file/directory foo to group with gid=2
sudo chown user2:group2 foo(Superuser privileges required) Change the user and group ownership simultaneously to user2 and group2 respectively

If you’re looking to become a Linux power user, check out our collection of Linux courses.

Frequently Asked Questions

CATEGORIES
>