Master Linux File Permissions: rwx, chmod, umask, and ACL Explained

Permission Overview

In Linux, a permission defines what actions a user or group can perform on a file or directory. Permissions are attached to the file resource, not to the user.

Basic Permission Bits (rwx)

Read (r) – For directories, allows listing contents; for files, allows viewing content (e.g., cat).

Write (w) – For directories, permits creating, deleting, or renaming entries; for files, permits modifying content (e.g., vi).

Execute (x) – For directories, permits entering the directory ( cd); for files, permits executing the file as a program or script.

None (-) – No permission, represented by 0.

UGO Model

The three letters in a permission string correspond to three user categories:

U (owner) – The file’s owner.

G (group) – Users belonging to the file’s group.

O (others) – All other users.

Optionally, a represents all three categories together.

Viewing Permissions

# ls -l

Example output:

-rw-r--r--. 1 root root 9 Mar 2 20:38 1.sh

Changing Ordinary Permissions (chmod)

Symbolic Form

Use letters to specify which category and which bits to add or remove.

# chmod u+x test1          # add execute for owner

# chmod g+w test1          # add write for group

# chmod o-r test1          # remove read for others

Numeric Form

Map bits to numbers: r=4, w=2, x=1, -=0. Combine three digits for owner‑group‑others.

# chmod 644 file1          # rw‑r‑‑‑r‑‑‑

# chmod 700 file2          # rwx------

# chmod -R 755 dir1        # recursive change

Advanced Permissions

Setuid (4xxx) – When set on an executable, the process runs with the file owner’s privileges. Set with chmod u+s filename or chmod 4755 filename.

Setgid (2xxx) – When set on a directory, new files inherit the directory’s group. Set with chmod g+s dirname or chmod 2755 dirname.

Sticky (1xxx) – Common on public directories; only the file’s owner or root can delete files. Set with chmod o+t dirname or chmod 1777 dirname.

Default Permissions and umask

Newly created files inherit default permissions determined by the umask value.

Temporary umask

# umask          # show current value

# umask 0007     # set for current session

Calculation example: with umask 0007, a directory’s default becomes 0777‑0007 = 0770 (rwxrwx---), and a file’s default becomes 0666‑0007 = 0660 (rw‑rw‑‑‑).

Permanent umask

Set in shell configuration files such as /etc/bashrc (global) or ~/.bashrc (per‑user) by adding a line like umask 0007 and re‑sourcing the file.

Changing Ownership

chown

# chown user file               # change owner

# chown user:group file         # change owner and group

# chown :group file             # change only group

Use -R for recursive changes.

chgrp

# chgrp group file

Access Control Lists (ACL)

ACLs provide fine‑grained permission control beyond the traditional rwx model.

Setting ACLs (setfacl)

# setfacl -m u:user:rwx file      # grant user rwx

# setfacl -m g:group:rwx file     # grant group rwx

# setfacl -x u:user file          # remove user entry

# setfacl -b file                 # delete all ACLs

Viewing ACLs (getfacl)

# getfacl file

Common options: -m modify, -R recursive, -x delete entry, -b remove all, -d set default ACL for directories.