Master Linux File & Directory Permissions: Commands, Examples, and Best Practices
This guide explains Linux file and directory permission concepts, shows how to view, interpret, and modify permissions using numeric and symbolic modes, manage owners and groups, apply special bits and ACLs, locate and fix issues, and implement regular audits for secure system administration.
Basic Permission Concepts
Viewing Permissions
# Example: use ls to view permissions
ls -l filenameInterpreting Permission Strings
# Example: -rwxr-xr--Meaning of File and Directory Permissions
File Permissions
r(read): allows viewing file contents. w (write): allows modifying file contents. x (execute): allows running the file as a program.
# Set file permissions: owner read/write, group read, others none
chmod 644 filenameDirectory Permissions
r(read): allows listing directory contents. w (write): allows creating, deleting, renaming files. x (execute): allows entering the directory.
# Set directory permissions: owner rwx, group rx, others none
chmod 750 directoryModifying Permissions
Numeric Representation
# Set file permissions to -rwxr-xr--
chmod 754 filenameSymbolic Representation
# Same effect using symbolic mode
chmod u=rwx,g=rx,o=r filenameUser and Group Management
Changing File Owner
# Change owner to newuser
chown newuser filenameChanging File Group
# Change group to newgroup
chown :newgroup filenameSpecial Permissions and ACL
SUID
# Set SUID so file runs with owner's privileges
chmod u+s executable_fileSGID
# Set SGID so new files inherit directory's group
chmod g+s directoryACL
# Grant specific user read/write via ACL
setfacl -m u:specialuser:rw filenameInheritance and Default Permissions
Directory Inheritance
# Enable sticky bit for directory
chmod +t directoryDefault Permissions (umask)
# Set default mask to 027
umask 027Finding and Fixing Permission Issues
Locate Files with Specific Permissions
# Find files with others write permission
find /path -type f -perm -o+wRepair Permissions
# Reset all files to 644
find /path -type f -exec chmod 644 {} \;Practical Use Cases
Protect Sensitive Files
# Owner-only access
chmod 600 sensitive_fileShared Directory
# Group read/write
chmod 770 shared_directoryWeb Server Directory
# Owner rwx, group rx
chmod 750 web_directoryConfiguration Files
# Owner read/write, group read
chmod 644 config_fileDatabase Files
# Owner and group read/write
chmod 660 database_fileSystem Scripts
# Owner rwx, group rx
chmod 750 system_scriptRegular Review and Updates
Audit Permissions
# Find world-writable files
find /path -type f -perm -o+rwx -lsBulk Update
# Set all files to 644
find /path -type f -exec chmod 644 {} \;Tracking Changes with auditd
Monitor Permission Changes
# Watch a file for attribute changes
auditctl -w /path/to/file -p waReview Audit Logs
# Search audit logs for a file
ausearch -f /path/to/fileConclusion
Applying these commands and strategies enables administrators to fine‑tune Linux file and directory permissions, protect sensitive data, and maintain system security through regular audits and updates.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Liangxu Linux
Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.