FixPedia
Linux

Complete Guide to Linux Permissions: chmod, chown, and the rwx Model

In this guide, you'll learn in detail how the Linux permission system works, what the numbers and letters r, w, x mean, and how to properly use chmod and chown commands to manage file access.

Updated at February 17, 2026
15-30 min
Medium
FixPedia Team
Применимо к:Linux (any distribution)Ubuntu 20.04+CentOS/RHEL 8+Debian 11+

Introduction / Why This Matters

Understanding the Linux permissions system is fundamental to system security and stability. Without proper configuration, you either leave critical files open to everyone or, conversely, block legitimate processes due to insufficient privileges. This guide explains the Linux security model (rwx) with simple examples and shows how to manage access to files and directories using the chmod and chown commands. You will learn to read permissions, modify them safely, and understand special bits like SUID.

Requirements / Preparation

  1. Access to a Linux terminal (any distribution: Ubuntu, CentOS, Debian, Fedora, etc.).
  2. Basic command-line skills: navigation (cd, ls), file creation (touch, echo).
  3. Superuser privileges (sudo) to change ownership (chown) or modify permissions on system files. For experimentation, you can use your own home directory (/home/your_user).

Step-by-Step Guide

Step 1: Checking Current Permissions

The primary command for viewing permissions is ls -l. It provides a detailed file listing.

ls -l /home/user/Documents/

Example output:

-rwxr-xr-- 1 alice developers 2048 Feb 17 10:30 report.pdf
drwxr-xr-x 2 bob   users     4096 Feb 17 10:31 projects

Breaking down the first line (-rwxr-xr--):

  • The first character (-): object type (- = regular file, d = directory, l = symbolic link).
  • The next 9 characters are split into three triplets: owner (alice), group (developers), others.
  • r = read, w = write, x = execute.
  • For the owner: rwx (full access).
  • For the group: r-x (read and execute, no write).
  • For others: r-- (read-only).

💡 Tip: For a quick check of a specific file, use ls -l <filename>.

Step 2: Changing Permissions with Symbolic Mode (chmod)

This mode is intuitive: you address the user class (u = owner, g = group, o = others, a = all) and an operator (+ = add, - = remove, = = set exactly), then list the permissions (r, w, x).

Example 1: Grant write permission to the group for the file config.ini.

chmod g+w config.ini

The group's permissions will change from r-- to rw-.

Example 2: Remove execute permission from everyone except the owner for the script backup.sh.

chmod o-x backup.sh

Or for everyone except the owner and group:

chmod go-x backup.sh

Example 3: Set exact permissions: owner = all, group = read and execute, others = none.

chmod u=rwx,g=rx,o= script.sh
# Or equivalently: chmod 750 script.sh (see next step)

Step 3: Changing Permissions with Octal (Numeric) Mode

This is the most compact and commonly used method. Each permission (r, w, x) is assigned a number:

  • r = 4
  • w = 2
  • x = 1
  • - (absence) = 0

The sum of these numbers for each of the three triplets (owner, group, others) gives the final octal number (0 to 7).

Common preset values:

  • 7 = rwx (4+2+1)
  • 6 = rw- (4+2)
  • 5 = r-x (4+1)
  • 4 = r-- (4)
  • 0 = ---

Example 1: chmod 755 script.sh

  • Owner: 7 = rwx
  • Group: 5 = r-x
  • Others: 5 = r-x This is standard for executable scripts and public directories.

Example 2: chmod 644 config.conf

  • Owner: 6 = rw- (can read and modify)
  • Group: 4 = r-- (read-only)
  • Others: 4 = r-- (read-only) This is standard for regular configuration files.

Example 3: chmod 600 secret.key

  • Only the owner can read and write. Group and others have no access. Critical for private keys and passwords.

Step 4: Changing Owner and Group (chown)

The chown command changes a file's metadata: who owns it and which group it belongs to.

sudo chown alice:developers project_folder/

This command sets the owner to alice and the group to developers for the project_folder/ directory.

Important nuances:

  • To change only the group, you can omit the owner: sudo chown :developers project_folder/.
  • To change only the owner, you can omit the group: sudo chown alice project_folder/.
  • Superuser privileges (sudo) are required if you are not the current file owner.

Step 5: Applying Changes Recursively

The -R flag (recursive) applies the command to all nested files and subdirectories. Use with extreme caution, especially with chmod 777 or chown on system paths.

# Correct: Give the owner (bob) full access to all files in his project, and the group/others read-only access.
sudo chown -R bob:bob /srv/www/myproject/
sudo chmod -R 755 /srv/www/myproject/

⚠️ Important: Recursive chmod can remove special bits (SUID/SGID) from files. To preserve them, use chmod -R --preserve-root (on some distributions) or apply permissions more selectively.

Step 6: Understanding and Configuring Special Bits (SUID, SGID, Sticky Bit)

These bits augment standard permissions and alter behavior.

  1. SUID (Set User ID) — 4xxx (works only for executable files).
    • Indicator: -rwsr-xr-x (see s instead of x for the owner).
    • Effect: The file executes with the privileges of its owner, not the user who launched it.
    • Example: /usr/bin/passwd has SUID so a regular user can change the system password (the /etc/shadow file is root-only).
    • Setting: chmod 4755 /path/to/file or chmod u+s /path/to/file.
  2. SGID (Set Group ID) — 2xxx.
    • For files: Similar to SUID, but execution happens with the privileges of the file's group-owner. -rwxr-sr-x.
    • For directories: Group inheritance. All new files created in this directory will belong to the directory's group, not the creating user's group. drwxrwsr-x.
    • Example: Shared development folders (/srv/shared).
    • Setting: chmod 2770 /shared_folder or chmod g+s /shared_folder.
  3. Sticky Bit — 1xxx (typically for directories).
    • Indicator: drwxrwxrwt (see t instead of x for "others").
    • Effect: A user can only delete/rename files in a directory if they are the owner of that file (or the directory itself).
    • Classic example: /tmp — any user can create files, but only the file's owner can delete them.
    • Setting: chmod 1777 /tmp or chmod o+t /some/folder.

Verifying the Result

  1. After making changes, run ls -l <file> again to ensure the permission column updated as expected.
  2. Practical test: Try an action that should be allowed/denied.
    • For a file: cat file.txt (read), echo "test" >> file.txt (write), ./script.sh (execute).
    • For a directory: cd /folder/ (directory access requires x), touch /folder/newfile (creating a file requires w and x on the folder).
  3. If the action fails but permissions look correct, check if the file/directory is a symbolic link (l at the start of the ls -l line). The link's permissions are irrelevant; the target object's permissions matter.

Common Issues

  • Operation not permitted error during chown or chmod on system files: You are not the file owner and are not using sudo. Alternatively, the file is on a filesystem mounted with noexec/nosuid.
  • Permission denied when trying to run chmod/chown: You lack privileges to modify this file's metadata (you are not root and not the owner). Use sudo for system files, or change the owner if it's your file.
  • Nothing works after chmod -R 777 /some/dir: You removed all special bits (SUID/SGID) from executables. Some system utilities (like sudo) will stop working. Restore permissions from a backup or reinstall the affected package.
  • Can't write to a folder even though I have rwx on the file: Remember: creating/deleting files in a folder requires permissions on the folder itself (w and x), not on the file.
  • The s bit (SUID/SGID) doesn't show after chmod? Ensure you are setting it on an executable file (with the x bit). If x is absent, s won't appear. chmod 4755 file (not chmod 4766).

F.A.Q.

What to do if you get 'Permission denied' when trying to run a script?
What's the difference between chmod 777 and chmod 755?
How to safely give execute permissions only to the owner?
What is SUID and why is it needed?

Hints

Check current permissions
Change permissions using symbolic mode (chmod u/g/o/a +/- r/w/x)
Change permissions using octal (numeric) mode
Change owner and group (chown)
Apply recursively to folders and files
Understanding and configuring special bits (SUID, SGID, Sticky Bit)

Did this article help you solve the problem?

FixPedia

Free encyclopedia for fixing errors. Step-by-step guides for Windows, Linux, macOS and more.

© 2026 FixPedia. All materials are available for free.

Made with for the community