Master Linux File Permissions: From Basics to Advanced Management

Linux Permission Model

Every file and directory in Linux has three basic permissions—read ( r), write ( w) and execute ( x)—applied to three classes of users:

Owner (user u ) : the account that created the file.

Group (group g ) : the primary group of the owner.

Others (others o ) : all remaining users.

Permissions can be shown symbolically (e.g. rwxr-xr--) or as an octal number (e.g. 754). The symbolic form lists the three permission bits for each class; the octal form encodes the bits as a three‑digit base‑8 number.

File‑type symbols

d

– directory - – regular file l – symbolic link b – block device c – character device p – pipe s – socket

Basic permissions

Read ( r ) : view file contents or list a directory.

Write ( w ) : modify a file or create/delete entries in a directory.

Execute ( x ) : run a file as a program or enter a directory.

– : permission not granted.

Permission‑management commands

chmod – change mode

chmod [options] mode file

chmod u+rwx file.txt

# give owner read, write, execute chmod g-w file.txt # remove write from group chmod o=rx file.txt # others get read & execute only chmod 755 file.txt # set

rwxr-xr-x

chmod -R 755 directory

# recursive change

chown – change owner (and optionally group)

chown [options] owner[:group] file

chown alice file.txt

chown alice:staff file.txt

chown -R alice:staff directory

chgrp – change group ownership

chgrp [options] group file

chgrp staff file.txt

chgrp -R staff directory

umask – default permission mask

When a new file or directory is created, the kernel first assigns the maximum permissions ( 666 for files, 777 for directories) and then removes the bits set in the umask.

umask [mask]

umask 022

# new files become 644, directories

755

umask 077

# new files become 600, directories 700 View the current mask with umask. To make it permanent, add the desired umask line to .bashrc or .profile.

Sticky bit (special permission)

The sticky bit (symbol t or T) is used on directories to restrict deletion or renaming of files to the file’s owner or the superuser, even if other users have write permission. It is commonly set on shared directories such as /tmp. t: others have execute permission and the sticky bit is set. T: others lack execute permission but the sticky bit is set.

Set or clear the sticky bit with:

chmod +t directory   # enable

chmod -t directory   # disable

Example:

mkdir mydir
chmod 1777 mydir   # rwxrwxrwt, sticky bit enabled
ls -ld mydir

Note: the sticky bit applies only to directories; it has no effect on regular files.

Key takeaways

Understanding and correctly using symbolic or octal notation, the chmod, chown, chgrp utilities, and configuring umask and the sticky bit are essential for maintaining Linux system security and ensuring appropriate access control.