Master the fundamentals of Linux file permissions, ownership, and security - the foundation of Linux system administration.
Save
Complete lesson & earn 250 PX
Learn how controls who can read, write, and execute files through its powerful permission system.
EXERCISE
1Understand why Linux treats everything as a file and how this impacts permissions.
Save
In , there's a fundamental principle that might sound strange at first: everything is a file.
This means your keyboard, mouse, hard drive, network connections, and even directories are all treated as files by the Linux system. This unified approach makes Linux incredibly powerful and consistent.
Why does this matter for permissions? Since everything is a file, the same permission system applies to:
The Big Picture: Understanding that everything is a file helps explain why Linux has such a comprehensive and consistent permission system. Every single thing in your Linux system can be secured and controlled using the same set of rules.
This is why mastering file permissions isn't just about protecting documents - it's about understanding how Linux secures your entire system!
EXERCISE
3Explore how Linux assigns ownership through users and groups for flexible access control.
Save
EXERCISE
4Master the commands that transfer file ownership between users and groups.
Save
EXERCISE
2Learn how to reveal the hidden permission details of every file and folder.
Save
EXERCISE
5Crack the code of the cryptic permission string that controls file access.
Save
doesn't just ask "who owns this file?" - it asks "which user owns this file and which group owns this file?"
Every file has two owners:
Why two owners? Imagine you're working on a project with your team:
Real Example:
When you create a file called test.txt:
-rw-r--r-- 1 nana nana 0 Mar 15 10:30 test.txt
nana (you)nana (your primary group)The Power: This dual ownership system lets you create sophisticated access controls. You can give yourself full access, your team partial access, and everyone else limited access - all for the same file!
What if you need to transfer ownership of a file? provides powerful commands to change who owns what.
The chown Command (Change Owner)
# Change both user and group owner
sudo chown tom:admin test.txt
# Change only the user owner
sudo chown admin test.txt
The chgrp Command (Change Group)
# Change only the group owner
sudo chgrp devops test.txt
Why sudo?
Changing ownership is a powerful operation that affects system security, so you need administrator privileges.
Real-World Scenario: Imagine you created a configuration file but now need to hand it over to the system administrator (root) and the admin group:
sudo chown root:admin config.yml
Key Insight: Ownership changes are permanent and immediate. The moment you run these commands, the file belongs to its new owners with all the rights and restrictions that come with that ownership.
You already know ls shows files and ls -a shows hidden files. But there's a third flag that reveals the secret life of your files: ls -l
When you run ls -l, suddenly each file displays a cryptic string of letters and dashes:
-rwxr-xr-- 1 user group 1024 Mar 15 10:30 myfile.txt
drwxr-xr-x 2 user group 4096 Mar 15 09:15 myfolder
This isn't random gibberish - it's a permission blueprint that tells you:
Pro Tip: Want to see permissions for hidden files too? Combine the flags: ls -la
The Revelation: Every file in has been quietly carrying this detailed security information all along. The ls -l command is like putting on X-ray glasses to see the permission structure that's always been there, silently protecting your system.
Let's decode this mysterious string: -rwxr-xr--
First Character - File Type:
- = Regular filed = Directoryl = Link (we'll learn about these later)Next 9 Characters - Permissions (3 blocks of 3):
Block 1 (positions 2-4): User Owner Permissions
r = Read (can view file contents)w = Write (can edit/modify file)x = Execute (can run the file as a program)Block 2 (positions 5-7): Group Owner Permissions
r, w, x meanings, but for the groupBlock 3 (positions 8-10): Everyone Else Permissions
r, w, x meanings, but for all other usersExample Breakdown:
-rwxr-xr-- means:
- = Regular filerwx = User owner can read, write, and executer-x = Group owner can read and execute (but not write)r-- = Everyone else can only readThe Dash Rule: A dash (-) means "permission denied" for that specific action.
EXERCISE
6Understand what read, write, and execute permissions actually mean in practice.
Save
has exactly three permission types, but their meaning changes depending on whether you're dealing with files or directories.
For Regular Files:
Read (r) - "Can I see what's inside?"
Write (w) - "Can I change it?"
Execute (x) - "Can I run it?"
For Directories:
Read (r) - "Can I list what's inside?"
Write (w) - "Can I modify the contents?"
Execute (x) - "Can I enter this directory?"
cd command)Important: You need execute permission on a directory to access files inside it, even if you have read permission on those files!
EXERCISE
8Master the intuitive method of adding and removing specific permissions.
Save
EXERCISE
9Discover the shorthand system that lets you set all permissions with just three digits.
Save
The chmod (change mode) command is your tool for modifying permissions. The symbolic method is intuitive and precise.
Basic Syntax:
chmod [who][action][permission] filename
Who:
u = User ownerg = Group ownero = Other usersa = All (user + group + other)Action:
+ = Add permission- = Remove permission= = Set exact permissionsPermission:
r = Readw = Writex = ExecutePractical Examples:
# Give execute permission to user owner
chmod u+x script.sh
# Remove write permission from group
chmod g-w document.txt
# Give read permission to everyone
chmod a+r public_file.txt
# Set exact permissions for group (read and execute only)
chmod g=rx program.exe
Pro Tip: You can combine actions: chmod u+x,g-w,o=r filename
Typing chmod u+r,g+w,o-x gets tedious. offers a shortcut: numeric permissions.
The Magic Numbers: Each permission has a value:
r (read) = 4w (write) = 2x (execute) = 1How it works: Add the numbers for each permission block:
rwx = 4+2+1 = 7 (all permissions)rw- = 4+2+0 = 6 (read and write)r-x = 4+0+1 = 5 (read and execute)r-- = 4+0+0 = 4 (read only)-wx = 0+2+1 = 3 (write and execute)-w- = 0+2+0 = 2 (write only)--x = 0+0+1 = 1 (execute only)--- = 0+0+0 = 0 (no permissions)Common Examples:
# Everyone gets all permissions
chmod 777 file.txt # rwxrwxrwx
# Owner: all, Group: read, Other: none
chmod 740 file.txt # rwxr-----
# Owner: read/write, Group: read, Other: read
chmod 644 file.txt # rw-r--r--
Memory Trick: 644 is the most common permission for regular files, 755 for executable files and directories.
EXERCISE
10Learn how to view and modify permissions for hidden files and system files.
Hidden files (those starting with .) have permissions too, but ls -l won't show them by default.
Revealing Hidden File Permissions:
# Show permissions for all files, including hidden ones
ls -la
# Show permissions for a specific hidden file
ls -l .bashrc
Common Hidden Files You'll Encounter:
.bashrc - Your shell configuration.ssh/ - SSH keys and config.gitconfig - configuration.vimrc - Vim editor settingsTypical Hidden File Permissions:
-rw------- .ssh/id_rsa # Private key: owner only
-rw-r--r-- .bashrc # Config: owner write, others read
drwx------ .ssh/ # SSH directory: owner only
Security Note: Hidden files often contain sensitive configuration or private keys. They typically have restrictive permissions (600 or 700) to prevent unauthorized access.
Save
EXERCISE
7Learn about the 'other' category that controls access for all remaining users.
We've covered user owners and group owners, but who is the mysterious third owner?
Meet "Other" - this represents everyone else on the system who isn't:
Why is this important? systems often have multiple users:
Example Scenario:
File owned by user nana and group developers:
developers group get the second blockReal Permission String:
-rw-r--r-- means:
rw- = nana can read and writer-- = developers group can only readr-- = everyone else can only readThe "other" category is your safety net. It defines the minimum level of access that any user on the system could potentially have to your file.
Save
Modifying Hidden File Permissions:
# Make .bashrc readable by group
chmod 640 .bashrc
# Secure SSH private key (very important!)
chmod 600 ~/.ssh/id_rsa
Remember: Hidden files follow the same permission rules as regular files - they're just not displayed by default.