Table of Contents
Understanding Permission Types
In Linux, each file and directory has permissions that control what different users can do with it. The three basic permission types are r, w, and x. They have slightly different meanings for files and for directories, so it is important to distinguish between the two.
Remember: Linux checks permissions every time you access a file or directory. If the required permission bit is not set for you (as owner, group, or others), the action is denied.
Read Permission: `r`
Read on regular files
For a normal file, r means the ability to read the contents of the file.
If you have read permission on a file, you can:
- Open it in a text editor in read-only mode.
- Use commands like
cat,less, orheadto display its content. - Copy its content to another file with commands like
cpor output redirection.
You cannot modify or delete the file just with r. Reading does not imply writing.
When you run ls -l, a file that is readable by its owner might look like:
-rw-r----- 1 alice staff 1200 Jan 7 10:00 notes.txt
Here, the first r after the - indicates read permission for the owner.
Read on directories
For a directory, r means you are allowed to list the names of the entries in that directory. It is similar to being able to see a table of contents.
If you have r on a directory but not x, you may see names but still cannot access inside those entries.
With read permission on a directory, you can:
- Run
lsto see filenames in that directory. - Use shell completion to see candidate names, if execute permission allows it.
Without r on a directory, the contents of that directory are hidden from you, even if you know specific filenames in it.
Write Permission: `w`
Write on regular files
For a normal file, w means the ability to modify the file’s contents. This includes:
- Editing the file in a text editor and saving changes.
- Truncating it to zero size.
- Appending new data.
- Overwriting parts of the file.
Write permission alone does not allow you to execute the file or read it. It only allows changing the data stored in it.
In ls -l output, write permission for the owner is represented as:
-rw-r----- 1 alice staff 1200 Jan 7 10:00 notes.txt
Here the w in rw- indicates the file is writable by alice.
Write on directories
For a directory, w allows you to change the directory’s contents, which means:
- Creating new files or subdirectories in it.
- Deleting files or subdirectories from it.
- Renaming files or subdirectories inside it.
- Moving files into or out of it.
Write permission affects the directory’s list of entries, not the content of the files themselves. You can often delete a file from a directory if you have w and x on the directory, even if you have no permissions on the file’s data.
To create, delete, or rename entries in a directory, Linux requires both w and x on that directory. Write without execute does not let you perform these operations.
Without w on a directory, you cannot add or remove entries there, even if individual files are writable.
Execute Permission: `x`
Execute on regular files
For a normal file, x means you can run the file as a program or script.
If a file has x for you, and the file’s content is a valid binary or script, you can:
- Run it directly, for example
./program. - Use it as a command in your shell.
If a file is missing x for you, the shell will refuse to run it as a program, even if you can read or write its contents.
Typical executable files appear like:
-rwxr-xr-x 1 root root 12345 Jan 7 09:00 /usr/bin/ls
Here, x appears in all three permission triplets, so everyone can execute it.
Execute on directories
For a directory, x has a different meaning. It controls the ability to enter and traverse the directory.
With execute permission on a directory, you can:
- Use
cdto enter that directory. - Access files and subdirectories inside it, provided you know their names and you have appropriate permissions on those entries.
- Use a path that passes through this directory, such as
/home/alice/docs/file.txt.
Without x on a directory:
- You cannot
cdinto it. - You cannot access any files or subdirectories inside it, even if you know their names and their own permissions are permissive.
To access a file by path, you must have execute permission on every directory in that path. One missing x on any directory along the path blocks access.
Read and execute together on a directory are common for directories you want to browse and enter. For example:
drwxr-xr-x 2 alice staff 4096 Jan 7 11:00 docsThis allows the owner to read, write, and enter the directory, and others to read and enter it, but not modify it.
Combining `r`, `w`, and `x`
Permissions are usually combined as triplets, for example rwx, rw-, or r-x.
For files:
r--means readable only.rw-means readable and writable, but not executable.r-xmeans readable and executable, but not writable.rwxmeans full access, can read, write, and execute.
For directories:
r--means you can list names, but you cannot enter or manipulate entries.-w-is rare and not very useful on its own, since entry changes still requirex.--xlets you traverse if you know names, but prevents listing.r-xis typical for directories that are browseable and traversable, but not modifiable.rwxgives full control over listing, traversing, and changing entries.
You will see these combinations in the first column of ls -l output, where each set of three characters shows the r, w, x bits for owner, group, and others.
Numeric Representation of Permissions
Permissions are often represented with numbers, where each type has a value:
- Read
ris 4. - Write
wis 2. - Execute
xis 1.
These values are added within each triplet. For example:
$rwx = 4 + 2 + 1 = 7$$rw- = 4 + 2 + 0 = 6$$r-x = 4 + 0 + 1 = 5$$r-- = 4 + 0 + 0 = 4$
So a permission string like rwxr-xr-- corresponds to:
- Owner:
rwxwhich is 7. - Group:
r-xwhich is 5. - Others:
r--which is 4.
This is written as 754.
Rule: For each user class (owner, group, others), compute the permission digit as
$digit = 4 \times r + 2 \times w + 1 \times x$,
where each of $r, w, x$ is 1 if present and 0 if absent.
Commands that change permissions often use this numeric form. The details of changing permissions are handled in a separate chapter, but understanding the meaning of r, w, and x and how they combine into numbers is essential before using those tools.