Linux File Permission Explained

Linux file permission is a security mechanism that protects files and directories from unauthorized access. The tutorial explains the core components of this mechanism and how they work through various examples.

Linux protects resources with a set of permissions. These permissions define how a user can access resources. A user is anyone who accesses the resource, such as a user account, system process or an application. A resource is an object the user accesses, such as a file, directory or device.

User types (Owner, Group, and Others)

There are three types of users: owner, group, and others.

An owner is the user who creates the object. An owner can designate another user as the owner of his object. The root user can make any user the owner of any object.

A group is a collection of user accounts. A user can belong to single or multiple groups. When we create a user account, Linux automatically creates a group (same as the username) for the user account and adds the user account. This group is called the user's primary group. We can create additional groups and add the user account as required. These groups are called secondary groups. Groups provide a flexible way to define and manage file permissions. Group members get the permission we define on the object. The default group of an object is the user's primary group.

The other defines a user who is neither the object owner nor belongs to the object group.

Permission types (Read, Write, and Execute)

Linux provides three permission types: read, write, and execute. The following table describes how these permissions work with files and directories.

Permission File Directory
Read View the file contents List the directory contents
Write Edit, modify, and delete the file Create a new file or directory
Execute Execute the file contents Navigate through the directory

User types and permission types mapping

Linux assigns file permission types to user types in sections. Since there are three user types, it uses three sections. Each section includes all three permission types. The configuration uses characters instead of complete words to denote the user and permission types. It uses u for owner, g for group, o for other, r for read, w for write, and x for execute. Linux assigns the permission types to each user type in the following sequence.

Owner (Read, Write, Execute), Group (Read, Write, Execute) and Other (Read, Write, Execute)
file permission

The ls command lists the contents of the specified directory. It supports various options. The -l option provides detailed information about the objects. It lists objects in lines. Each line represents a single object and displays specific information in fields. The first field shows file permission.

#ls -l

ls command

File permission example

Login with the root account and create three user accounts: James, Michael and John.

default file permission

Create a test directory on the / partition and check its default permission.

#mkdir /test
#ls -l | grep test

make directory

Since we used the root account to create the /test directory, the root user became its owner and group owner. The default directory permission grants full access only to the owner. The owner of the /test directory is the root. Users added above are neither the file owners nor the group owners. They get the permission listed in the other field. The other field permission grants them only the Read permission. With this permission, they can navigate the directory and list its contents. However, they can not create a new file or directory. To verify this, switch the user account to james and list the /test directory. The Read and Execute permissions allow him to do this. Create a new file to check the write permission. The Shell denies this action since he does not have this permission.

#su james
$cd
$ls /test
$cat > /test/testfile

verifying file permission

Exit the James account and transfer the ownership of the /test directory. Make James the owner. As the owner, James gets the default directory permission. The default directory permission allows the owner to perform all three actions: read, write, and navigate.

Switch the user account to James and create a test script that displays hello on the terminal. Since James has the Write permission, Shell allows him to create the script file. Shell attaches the default file to the created script file. The default file permission does not allow the owner to execute the file. Execute the file to verify this.

$exit
#chown james /test
#ls -l / | grep test
#su james
$cd
$cat > /test/testfile
echo 'hello'
CTRL + D
$/test/testfile

owner file permission verification

Exit the james user account and log in from the michael user account. Michael gets the permission defined in the other section. The other section allows Michael to read the file. However, it does not allow him to edit or run the file.

$exit
#su michael
$cd
$ls /test
$cat /test/testfile
$cat >> /test/testfile
$/test/testfile

Other user permission verification

Exit the michael user account, create a group, and add James and Michael. Transfer group ownership of the /test/testfile file to the created group. Change the default file permission of the /test/testfile to 764. The next part of this tutorial explains how to configure and manage file permission. For this example, use this value. It changes the file permission to grant the following access.

Owner:- read, write, execute
Group:- read, write
Other: read

To verify the updated permission, change the user account to James and run the /test/testfile. With the updated permission, James can run the script. Exit the james account and log in with the michael account. Now, Michael is the group owner. As a group owner, he gets Read and Write access. To verify this, display and append the /test/testfile file contents. This permission does not allow Michael to execute the script file.

$exit
#groupadd developer
#usermod -G developer james
#usermod -G developer michael
#chgrp developer /test/testfile
#chmod 764 /test/testfile
#ls -l /test
#su james
$/test/testfile
$exit
#su michael
$cat /test/testfile
$cat >> /test/testfile
echo 'hi'
Ctrl + D
$/test/testfile
$exit
#

group owner permission verification

To verify the permission configured in the other section, change the user account to John. Display the /test/testfile contents. Shell allows it. Edit and run the file. Shell denies both actions.

#su john
$cat /test/testfile
$/test/testfile
$cat >> /test/testfile
$exit
#

The following commands clean up what we created and tested in this tutorial.

#rm -rf /test
#userdel -r james
#userdel -r michael
#userdel -r john
#groupdel developer

other file permission verification

This tutorial is part of the tutorial " Linux file permission Explained with Examples.". Other parts of this tutorial are as follows:

Chapter 1  Linux File Permission Explained in Easy Language
Chapter 2  How to use chmod command in Linux Explained with Examples
Chapter 3  How to change default umask permission in Linux
Chapter 4  SUID, SGID, and Sticky Bit Explained
Chapter 5  How to set immutable bit with chattr command

Conclusion

Linux file permission is a complex topic. This tutorial introduced basic concepts and fundamentals of it in easy words through examples. Understanding these core components helps work with Linux file permission more effectively.

Author Laxmi Goswami Updated on 2025-12-21

ComputerNetworkingNotes Linux Tutorials Linux File Permission Explained

We do not accept any kind of Guest Post. Except Guest post submission, for any other query (such as adverting opportunity, product advertisement, feedback, suggestion, error reporting and technical issue) or simply just say to hello mail us ComputerNetworkingNotes@gmail.com