🕷️ Crawler Inspector

URL Lookup

Direct Parameter Lookup

Raw Queries and Responses

1. Shard Calculation

Query:
Response:
Calculated Shard: 14 (from laksa095)

2. Crawled Status Check

Query:
Response:

3. Robots.txt Check

Query:
Response:

4. Spam/Ban Check

Query:
Response:

5. Seen Status Check

ℹ️ Skipped - page is already crawled

đź“„
INDEXABLE
âś…
CRAWLED
19 days ago
🤖
ROBOTS ALLOWED

Page Info Filters

FilterStatusConditionDetails
HTTP statusPASSdownload_http_code = 200HTTP 200
Age cutoffPASSdownload_stamp > now() - 6 MONTH0.7 months ago
History dropPASSisNull(history_drop_reason)No drop reason
Spam/banPASSfh_dont_index != 1 AND ml_spam_score = 0ml_spam_score=0
CanonicalPASSmeta_canonical IS NULL OR = '' OR = src_unparsedNot set

Page Details

PropertyValue
URLhttps://www.redhat.com/en/blog/linux-file-permissions-explained
Last Crawled2026-04-03 09:55:53 (19 days ago)
First Indexed2024-08-09 11:14:53 (1 year ago)
HTTP Status Code200
Content
Meta TitleLinux file permissions explained
Meta DescriptionFile permissions are core to the security model used by Linux systems. They determine who can access files and directories on a system and how. This article ...
Meta Canonicalnull
Boilerpipe Text
File permissions are core to the security model used by Linux systems. They determine who can access files and directories on a system and how. This article provides an overview of Linux file permissions, how they work, and how to change them. How do you view Linux file permissions? The ls command along with its -l (for long listing) option will show you metadata about your Linux files, including the permissions set on the file. $ ls -l drwxr-xr-x. 4 root root 68 Jun 13 20:25 tuned -rw-r--r--. 1 root root 4017 Feb 24 2022 vimrc In this example, you see two different listings. The first field of the ls -l output is a group of metadata that includes the permissions on each file. Here are the components of the vimrc listing: File type: - Permission settings: rw-r--r-- Extended attributes: dot ( . ) User owner: root Group owner: root The fields "File type" and "Extended attributes" are outside the scope of this article, but in the featured output above, the vimrc file is a normal file, which is file type - (that is, no special type). The tuned listing is for a d , or directory, type file. There are other file types as well, but these two are the most common. Available attributes are dependent on the filesystem format that the files are stored on. For Red Hat Enterprise Linux 7, 8, and 9, the default filesystem format is XFS. How do you read file permissions? This article is about the permission settings on a file. The interesting permissions from the vimrc listing are: rw-r--r– This string is actually an expression of three different sets of permissions: rw- r-- r-- The first set of permissions applies to the owner of the file. The second set of permissions applies to the user group that owns the file. The third set of permissions is generally referred to as "others." All Linux files belong to an owner and a group. When permissions and users are represented by letters, that is called symbolic mode. For users, u stands for user owner, g for group owner, and o for others. For permissions, r stands for read, w for write, and x for execute. [ Learn how to manage your Linux environment for success . ] When the system is looking at a file's permissions to determine what information to provide you when you interact with a file, it runs through a series of checks: It first checks to see whether you are the user that owns the file. If so, then you are granted the user owner's permissions, and no further checks will be completed. If you are not the user that owns the file, next your group membership is validated to see whether you belong to the group that matches the group owner of the file. If so, then you're covered under the group owner field of permissions, and no further checks will be made. "Others" permissions are applied when the account interacting with the file is neither the user owner nor in the group that owns the files. Or, to put it another way, the three fields are mutually exclusive: You can not be covered under more than one of the fields of permission settings on a file. Permissions go beyond the different types of people that can interact with a file. Each user gets an expression that includes the three basic types of permissions. In the example above, the owner of the file is given the following permissions: rw- Each character in the expression indicates whether a specific permission is granted or not. In the example above, read ( r ) permission and write ( w ) permission have been granted on the file. However, the execute permission ( x ) is not granted, which is why there's a - sign in the expression. The permission in this field is disabled. Consider the group owner's permissions in this example: r-- The read ( r ) permission is granted to members of the group, but write and execute have both been disabled. [ Keep your most commonly used commands handy with the Linux commands cheat sheet . ] What are octal values? When Linux file permissions are represented by numbers, it's called numeric mode. In numeric mode, a three-digit value represents specific file permissions (for example, 744.) These are called octal values. The first digit is for owner permissions, the second digit is for group permissions, and the third is for other users. Each permission has a numeric value assigned to it: r (read): 4 w (write): 2 x (execute): 1 In the permission value 744, the first digit corresponds to the user, the second digit to the group, and the third digit to others. By adding up the value of each user classification, you can find the file permissions. For example, a file might have read, write, and execute permissions for its owner, and only read permission for all other users. That looks like this: Owner: rwx = 4+2+1 = 7 Group: r-- = 4+0+0 = 4 Others: r-- = 4+0+0 = 4 The results produce the three-digit value 744. What do Linux file permissions actually do? I've talked about how to view file permissions, who they apply to, and how to read what permissions are enabled or disabled. But what do these permissions actually do in practice? Read (r) Read permission is used to access the file's contents. You can use a tool like cat or less on the file to display the file contents. You could also use a text editor like Vi or view on the file to display the contents of the file. Read permission is required to make copies of a file, because you need to access the file's contents to make a duplicate of it. Write (w) Write permission allows you to modify or change the contents of a file. Write permission also allows you to use the redirect or append operators in the shell ( > or >> ) to change the contents of a file. Without write permission, changes to the file's contents are not permitted. Execute (x) Execute permission allows you to execute the contents of a file. Typically, executables would be things like commands or compiled binary applications. However, execute permission also allows someone to run Bash shell scripts, Python programs, and a variety of interpreted languages. [ Download now: A sysadmin's guide to Bash scripting . ] There are other ways to execute the contents of a file without execute permission. For example, you could use an interpreter that has execute permission to read a file with instructions for the interpreter to execute. An example would be invoking a Bash shell script: $ bash script.sh The executable being run is bash . The script.sh file is read by the Bash interpreter, and its commands are executed. The content in this article is general purpose, but in Linux, there are often additional ways to accomplish tasks . How do directory permissions work? Directory file types are indicated with d . Conceptually, permissions operate the same way, but directories interpret these operations differently. Read (r) Like regular files, this permission allows you to read the contents of the directory. However, that means that you can view the contents (or files) stored within the directory. This permission is required to have things like the ls command work. Write (w) As with regular files, this allows someone to modify the contents of the directory. When you are changing the contents of the directory, you are either adding files to the directory or removing files from the directory. As such, you must have write permission on a directory to move ( mv ) or remove ( rm ) files from it. You also need write permission to create new files (using touch or a file-redirect operator) or copy ( cp ) files into the directory. Execute (x) This permission is very different on directories compared to files. Essentially, you can think of it as providing access to the directory. Having execute permission on a directory authorizes you to look at extended information on files in the directory (using ls -l , for instance) but also allows you to change your working directory (using cd ) or pass through this directory on your way to a subdirectory underneath. Lacking execute permission on a directory can limit the other permissions in interesting ways. For example, how can you add a new file to a directory (by leveraging the write permission) if you can't access the directory's metadata to store the information for a new, additional file? You cannot. It is for this reason that directory-type files generally offer execute permission to one or more of the user owner, group owner, or others. [ Want to test your sysadmin skills? Take a skills assessment today . ] How do you modify Linux file permissions? You can modify file and directory permissions with the chmod command, which stands for "change mode." To change file permissions in numeric mode, you enter chmod and the octal value you desire, such as 744, alongside the file name. To change file permissions in symbolic mode, you enter a user class and the permissions you want to grant them next to the file name. For example: $ chmod ug+rwx example.txt $ chmod o+r example2.txt This grants read, write, and execute for the user and group, and only read for others. In symbolic mode, chmod u represents permissions for the user owner, chmod g represents other users in the file's group, chmod o represents other users not in the file's group. For all users, use chmod a . Maybe you want to change the user owner itself. You can do that with the chown command. Similarly, the chgrp command can be used to change the group ownership of a file. What are special file permissions? Special permissions are available for files and directories and provide additional privileges over the standard permission sets that have been covered. SUID is the special permission for the user access level and always executes as the user who owns the file, no matter who is passing the command. SGID allows a file to be executed as the group owner of the file; a file created in the directory has its group ownership set to the directory owner. This is helpful for directories used collaboratively among different members of a group because all members can access and execute new files. The "sticky bit" is a directory-level special permission that restricts file deletion, meaning only the file owner can remove a file within the directory. Want to take a deeper dive into special permissions? Read Linux permissions: SUID, SGID, and sticky bit . Wrapping up Understanding Linux file permissions (how to find them, read them, and change them) is an important part of maintaining and securing your systems. You can learn more about file permissions for Red Hat Enterprise Linux  by checking out the  documentation or by practicing with a self-paced lab on using file permissions . [ Cheat sheet: Get a list of Linux utilities and commands for managing servers and networks . ]
Markdown
[Skip to content](https://www.redhat.com/en/blog/linux-file-permissions-explained#rhdc-main-content) AI - ### Overview - [AI news](https://www.redhat.com/en/blog/channel/artificial-intelligence) - [Technical blog](https://developers.redhat.com/blog?field_tax_product_target_id%5B37288%5D=37288&extIdCarryOver=true&intcmp=7013a000003Sl59AAC&sc_cid=RHCTG0250000454096&_gl=1%2A1jal9i8%2A_gcl_au%2ANjU2NDY1NTAwLjE3NjQ2MTY4NTU.&percmp=RHCTG0250000466729) - [Live AI events](https://www.redhat.com/en/events/ai) - [Inference explained](https://www.redhat.com/en/ai/inference/what-you-should-know-about-inference) - [See our approach](https://www.redhat.com/en/artificial-intelligence) - ### Products - [Red Hat AI Enterprise](https://www.redhat.com/en/products/ai/enterprise) - [Red Hat AI Inference Server](https://www.redhat.com/en/products/ai/inference-server) - [Red Hat Enterprise Linux AI](https://www.redhat.com/en/products/ai/enterprise-linux-ai) - [Red Hat OpenShift AI](https://www.redhat.com/en/products/ai/openshift-ai) - [Explore Red Hat AI](https://www.redhat.com/en/products/ai) - ### Engage & learn - [Learning hub](http://docs.redhat.com/en/learn/ai) - [AI topics](https://www.redhat.com/en/topics/ai) - [AI partners](https://catalog.redhat.com/categories/ai#ai-partners) - [Services for AI](https://www.redhat.com/en/services/consulting/red-hat-consulting-for-ai) Hybrid cloud - ### Platform solutions - [Artificial intelligence](https://www.redhat.com/en/hybrid-cloud-solutions/ai) Build, deploy, and monitor AI models and apps. - [Linux standardization](https://www.redhat.com/en/hybrid-cloud-solutions/linux-standardization) Get consistency across operating environments. - [Application development](https://www.redhat.com/en/hybrid-cloud-solutions/application-development) Simplify the way you build, deploy, and manage apps. - [Automation](https://www.redhat.com/en/hybrid-cloud-solutions/automation) Scale automation and unite tech, teams, and environments. - ### Use cases - [Virtualization](https://www.redhat.com/en/hybrid-cloud-solutions/virtualization) Modernize operations for virtualized and containerized workloads. - [Digital sovereignty](https://www.redhat.com/en/products/digital-sovereignty) Control and protect critical infrastructure. - [Security](https://www.redhat.com/en/solutions/trusted-software-supply-chain) Code, build, deploy, and monitor security-focused software. - [Edge computing](https://www.redhat.com/en/products/edge) Deploy workloads closer to the source with edge technology. - [Explore solutions](https://www.redhat.com/en/hybrid-cloud-solutions) - ### Solutions by industry - [Automotive](https://www.redhat.com/en/solutions/automotive) - [Financial services](https://www.redhat.com/en/solutions/financial-services) - [Healthcare](https://www.redhat.com/en/solutions/healthcare) - [Industrial sector](https://www.redhat.com/en/solutions/industrial-sector) - [Media and entertainment](https://www.redhat.com/en/solutions/media-entertainment) - [Public sector (Global)](https://www.redhat.com/en/solutions/public-sector) - [Public sector (U.S.)](https://www.redhat.com/en/solutions/public-sector/us) - [Telecommunications](https://www.redhat.com/en/solutions/telecommunications) ### [Discover cloud technologies](https://www.redhat.com/en/hybrid-cloud-console) Learn how to use our cloud products and solutions at your own pace in the Red Hat® Hybrid Cloud Console. Products - ### Platforms - [Red Hat AI](https://www.redhat.com/en/products/ai) Develop and deploy AI solutions across the hybrid cloud. - [Red Hat Enterprise Linux](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) Support hybrid cloud innovation on a flexible operating system. - [Red Hat OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) Build, modernize, and deploy apps at scale. - [Red Hat Ansible Automation Platform](https://www.redhat.com/en/technologies/management/ansible) Implement enterprise-wide automation. - ### Featured - [Red Hat OpenShift Virtualization Engine](https://www.redhat.com/en/technologies/cloud-computing/openshift/virtualization-engine) - [Red Hat OpenShift Service on AWS](https://www.redhat.com/en/technologies/cloud-computing/openshift/aws) - [Microsoft Azure Red Hat OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift/azure) - [See all products](https://www.redhat.com/en/technologies/all-products) - ### Try & buy - [Start a trial](https://www.redhat.com/en/products/trials) - [Buy online](https://www.redhat.com/en/store) - [Integrate with major cloud providers](https://www.redhat.com/en/partners/certified-cloud-and-service-providers) - ### Services & support - [Consulting](https://www.redhat.com/en/services/consulting) - [Product support](https://www.redhat.com/en/services/support) - [Services for AI](https://www.redhat.com/en/services/consulting/red-hat-consulting-for-ai) - [Technical Account Management](https://www.redhat.com/en/services/support/technical-account-management) - [Explore services](https://www.redhat.com/en/services) Training - ### Training & certification - [Courses and exams](https://www.redhat.com/en/services/training/all-courses-exams) - [Certifications](https://www.redhat.com/en/services/certifications) - [Skills assessments](https://www.redhat.com/en/services/skills-assessment) - [Red Hat Academy](https://www.redhat.com/en/services/training/red-hat-academy) - [Learning subscription](https://www.redhat.com/en/services/training/learning-subscription) - [Explore training](https://www.redhat.com/en/services/training-and-certification) - ### Featured - [Red Hat Certified System Administrator exam](https://www.redhat.com/en/services/training/ex200-red-hat-certified-system-administrator-rhcsa-exam) - [Red Hat System Administration I](https://www.redhat.com/en/services/training/rh124-red-hat-system-administration-i) - [Red Hat Learning Subscription trial (No cost)](https://www.redhat.com/en/services/training/learning-subscription/trial) - [Red Hat Certified Engineer exam](https://www.redhat.com/en/services/training/ex294-red-hat-certified-engineer-rhce-exam-red-hat-enterprise-linux) - [Red Hat Certified OpenShift Administrator exam](https://www.redhat.com/en/services/training/red-hat-certified-openshift-administrator-exam) - ### Services - [Consulting](https://www.redhat.com/en/services/consulting) - [Partner training](https://connect.redhat.com/en/training) - [Product support](https://www.redhat.com/en/services/support) - [Services for AI](https://www.redhat.com/en/services/consulting/red-hat-consulting-for-ai) - [Technical Account Management](https://www.redhat.com/en/services/support/technical-account-management) Learn - ### Build your skills - [Documentation](https://docs.redhat.com/en) - [Hands-on labs](https://www.redhat.com/en/interactive-labs) - [Hybrid cloud learning hub](https://cloud.redhat.com/learn) - [Interactive learning experiences](https://www.redhat.com/en/interactive-experiences) - [Training and certification](https://www.redhat.com/en/services/training-and-certification) - ### More ways to learn - [Blog](https://www.redhat.com/en/blog) - [Events and webinars](https://www.redhat.com/en/events) - [Podcasts and video series](https://www.redhat.com/en/red-hat-original-series) - [Red Hat TV](https://tv.redhat.com/) - [Resource library](https://www.redhat.com/en/resources) ### [For developers](https://developers.redhat.com/) Discover resources and tools to help you build, deliver, and manage cloud-native applications and services. Partners - ### For customers - [Our partners](https://www.redhat.com/en/partners) - [Red Hat Ecosystem Catalog](https://catalog.redhat.com/) - [Find a partner](https://catalog.redhat.com/partners) - ### For partners - [Partner Connect](https://connect.redhat.com/) - [Become a partner](https://connect.redhat.com/en/benefits-of-being-a-partner) - [Training](https://connect.redhat.com/en/training) - [Support](https://connect.redhat.com/en/support) - [Access the partner portal](https://connect.redhat.com/partner-admin/dashboard) ### [Build solutions powered by trusted partners](https://catalog.redhat.com/en/solutions) Find solutions from our collaborative community of experts and technologies in the Red Hat® Ecosystem Catalog. Search ### I'd like to: - [Start a trial](https://www.redhat.com/en/products/trials) - [Buy a learning subscription](https://www.redhat.com/en/services/training/learning-subscription/how-to-buy) - [Manage subscriptions](https://access.redhat.com/management) - [Contact sales](https://www.redhat.com/en/contact) - [Contact customer service](https://www.redhat.com/en/contact/customer-service) - [See Red Hat jobs](https://www.redhat.com/en/jobs) ### Help me find: - [Documentation](https://docs.redhat.com/en) - [Developer resources](https://developers.redhat.com/) - [Tech topics](https://www.redhat.com/en/topics) - [Architecture center](https://www.redhat.com/architect/portfolio/) - [Security updates](https://access.redhat.com/security/security-updates/cve) - [Customer support](https://access.redhat.com/support) ### I want to learn more about: - [AI](https://www.redhat.com/en/topics/ai) - [Application modernization](https://www.redhat.com/en/topics/application-modernization) - [Automation](https://www.redhat.com/en/topics/automation) - [Cloud-native applications](https://www.redhat.com/en/topics/cloud-native-apps) - [Linux](https://www.redhat.com/en/topics/linux) - [Virtualization](https://www.redhat.com/en/topics/virtualization) [Console](https://www.redhat.com/en/hybrid-cloud-console) [Docs](https://docs.redhat.com/en) [Support](https://access.redhat.com/) New For you ### Recommended We'll recommend resources you may like as you browse. Try these suggestions for now. - [Product trial center](https://www.redhat.com/en/products/trials) - [Courses and exams](https://www.redhat.com/en/services/training/all-courses-exams) - [All products](https://www.redhat.com/en/technologies/all-products) - [Tech topics](https://www.redhat.com/en/topics) - [Resource library](https://www.redhat.com/en/resources) Log in ### Get more with a Red Hat account - Console access - Event registration - Training & trials - World-class support A subscription may be required for some services. [Log in or register](https://sso.redhat.com/) Change page language [Contact us](https://www.redhat.com/en/contact) [Red Hat Blog](https://www.redhat.com/en/blog) - [By product]() - [Red Hat AI](https://www.redhat.com/en/blog/channel/red-hat-ai "Red Hat AI") - [Red Hat Ansible Automation Platform](https://www.redhat.com/en/blog/channel/red-hat-ansible-automation "Red Hat Ansible Automation Platform") - [Red Hat Enterprise Linux](https://www.redhat.com/en/blog/channel/red-hat-enterprise-linux "Red Hat Enterprise Linux") - [Red Hat OpenShift](https://www.redhat.com/en/blog/channel/red-hat-openshift "Red Hat OpenShift") *** [More products](https://www.redhat.com/en/blog/products "More products") - [By topic]() - [AI](https://www.redhat.com/en/blog/channel/artificial-intelligence "AI") - [Virtualization](https://www.redhat.com/en/blog/channel/red-hat-virtualization "Virtualization") - [Digital sovereignty](https://www.redhat.com/en/blog/channel/digital-sovereignty "Digital sovereignty") - [Applications](https://www.redhat.com/en/blog/channel/applications "Applications") - [Automation](https://www.redhat.com/en/blog/channel/management-and-automation "Automation") - [Cloud services](https://www.redhat.com/en/blog/channel/cloud-services "Cloud services") - [Edge computing](https://www.redhat.com/en/blog/channel/edge-computing "Edge computing") - [Infrastructure](https://www.redhat.com/en/blog/channel/infrastructure "Infrastructure") - [Open hybrid cloud](https://www.redhat.com/en/blog/channel/hybrid-cloud-infrastructure "Open hybrid cloud") - [Original shows](https://www.redhat.com/en/red-hat-original-series "Original shows") - [Security](https://www.redhat.com/en/blog/channel/security "Security") *** [All topics](https://www.redhat.com/en/blog/channels "All topics") - [Podcasts]() - [Technically Speaking with Chris Wright](https://www.redhat.com/en/technically-speaking "Technically Speaking with Chris Wright") - [Code Comments](https://www.redhat.com/en/code-comments-podcast "Code Comments") - [Command Line Heroes](https://www.redhat.com/en/command-line-heroes "Command Line Heroes") - [Compiler](https://www.redhat.com/en/compiler-podcast "Compiler") - [More blogs]() - [Red Hat Developer blog](https://developers.redhat.com/blog "Red Hat Developer blog") - [Red Hat Partner Connect blog](https://connect.redhat.com/en/blog "Red Hat Partner Connect blog") # Linux file permissions explained January 10, 2023[Scott McBrien](https://www.redhat.com/en/authors/scott-mcbrien "See more by Scott McBrien")*7*\-minute read [Linux](https://www.redhat.com/en/blog?f[0]=taxonomy_topic_tid:27061#rhdc-search-listing) [Security](https://www.redhat.com/en/blog?f[0]=taxonomy_topic_tid:4491#rhdc-search-listing) Share Subscribe to RSS - [Back to all posts](https://www.redhat.com/en/blog) *** File permissions are core to the security model used by Linux systems. They determine who can access files and directories on a system and how. This article provides an overview of Linux file permissions, how they work, and how to change them. ## How do you view Linux file permissions? The `ls` command along with its `-l` (for long listing) option will show you metadata about your Linux files, including the permissions set on the file. ``` $ ls -l drwxr-xr-x. 4 root root 68 Jun 13 20:25 tuned -rw-r--r--. 1 root root 4017 Feb 24 2022 vimrc ``` In this example, you see two different listings. The first field of the `ls -l` output is a group of metadata that includes the permissions on each file. Here are the components of the `vimrc` listing: - File type: `-` - Permission settings: `rw-r--r--` - Extended attributes: dot (`.`) - User owner: `root` - Group owner: `root` The fields "File type" and "Extended attributes" are outside the scope of this article, but in the featured output above, the `vimrc` file is a normal file, which is file type `-` (that is, no special type). The `tuned` listing is for a `d`, or directory, type file. There are other file types as well, but these two are the most common. Available attributes are dependent on the filesystem format that the files are stored on. For [Red Hat Enterprise Linux](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) 7, 8, and 9, the default filesystem format is XFS. ## How do you read file permissions? This article is about the permission settings on a file. The interesting permissions from the `vimrc` listing are: ``` rw-r--r– ``` This string is actually an expression of three different sets of permissions: - rw- - r-- - r-- The first set of permissions applies to the owner of the file. The second set of permissions applies to the user group that owns the file. The third set of permissions is generally referred to as "others." All Linux files belong to an owner and a group. When permissions and users are represented by letters, that is called symbolic mode. For users, `u` stands for user owner, `g` for group owner, and `o` for others. For permissions, `r` stands for read, `w` for write, and `x` for execute. ***\[ Learn*** how to manage your Linux environment for success***. \]*** When the system is looking at a file's permissions to determine what information to provide you when you interact with a file, it runs through a series of checks: 1. It first checks to see whether you are the user that owns the file. If so, then you are granted the user owner's permissions, and no further checks will be completed. 2. If you are not the user that owns the file, next your group membership is validated to see whether you belong to the group that matches the group owner of the file. If so, then you're covered under the group owner field of permissions, and no further checks will be made. 3. "Others" permissions are applied when the account interacting with the file is neither the user owner nor in the group that owns the files. Or, to put it another way, the three fields are mutually exclusive: You can not be covered under more than one of the fields of permission settings on a file. Permissions go beyond the different types of people that can interact with a file. Each user gets an expression that includes the three basic types of permissions. In the example above, the owner of the file is given the following permissions: ``` rw- ``` Each character in the expression indicates whether a specific permission is granted or not. In the example above, read (`r`) permission and write (`w`) permission have been granted on the file. However, the execute permission (`x`) is not granted, which is why there's a `-` sign in the expression. The permission in this field is disabled. Consider the group owner's permissions in this example: ``` r-- ``` The read (`r`) permission is granted to members of the group, but write and execute have both been disabled. ***\[ Keep your most commonly used commands handy with the*** [***Linux commands cheat sheet***](https://developers.redhat.com/cheat-sheets/linux-commands-cheat-sheet?intcmp=701f20000012ngPAAQ)***. \]*** ## What are octal values? When Linux file permissions are represented by numbers, it's called numeric mode. In numeric mode, a three-digit value represents specific file permissions (for example, 744.) These are called octal values. The first digit is for owner permissions, the second digit is for group permissions, and the third is for other users. Each permission has a numeric value assigned to it: - r (read): 4 - w (write): 2 - x (execute): 1 In the permission value 744, the first digit corresponds to the user, the second digit to the group, and the third digit to others. By adding up the value of each user classification, you can find the file permissions. For example, a file might have read, write, and execute permissions for its owner, and only read permission for all other users. That looks like this: - Owner: rwx = 4+2+1 = 7 - Group: r-- = 4+0+0 = 4 - Others: r-- = 4+0+0 = 4 The results produce the three-digit value 744. ## What do Linux file permissions actually do? I've talked about how to view file permissions, who they apply to, and how to read what permissions are enabled or disabled. But what do these permissions actually do in practice? ### Read (r) Read permission is used to access the file's contents. You can use a tool like `cat` or `less` on the file to display the file contents. You could also use a text editor like Vi or `view` on the file to display the contents of the file. Read permission is required to make copies of a file, because you need to access the file's contents to make a duplicate of it. ### Write (w) Write permission allows you to modify or change the contents of a file. Write permission also allows you to use the redirect or append operators in the shell (`>` or `>>`) to change the contents of a file. Without write permission, changes to the file's contents are not permitted. ### Execute (x) Execute permission allows you to execute the contents of a file. Typically, executables would be things like commands or compiled binary applications. However, execute permission also allows someone to run Bash shell scripts, Python programs, and a variety of interpreted languages. ***\[ Download now:*** [***A sysadmin's guide to Bash scripting***](https://opensource.com/downloads/bash-scripting-ebook?intcmp=701f20000012ngPAAQ)***. \]*** There are other ways to execute the contents of a file without execute permission. For example, you could use an interpreter that has execute permission to read a file with instructions for the interpreter to execute. An example would be invoking a Bash shell script: ``` $ bash script.sh ``` The executable being run is `bash`. The `script.sh` file is read by the Bash interpreter, and its commands are executed. The content in this article is general purpose, but in Linux, there are often [additional ways to accomplish tasks](https://opensource.com/downloads/linux-command-replacements?intcmp=701f20000012ngPAAQ). ## How do directory permissions work? Directory file types are indicated with `d`. Conceptually, permissions operate the same way, but directories interpret these operations differently. ### Read (r) Like regular files, this permission allows you to read the contents of the directory. However, that means that you can view the contents (or files) stored within the directory. This permission is required to have things like the `ls` command work. ### Write (w) As with regular files, this allows someone to modify the contents of the directory. When you are changing the contents of the directory, you are either adding files to the directory or removing files from the directory. As such, you must have write permission on a directory to move (`mv`) or remove (`rm`) files from it. You also need write permission to create new files (using `touch` or a file-redirect operator) or copy (`cp`) files into the directory. ### Execute (x) This permission is very different on directories compared to files. Essentially, you can think of it as providing access to the directory. Having execute permission on a directory authorizes you to look at extended information on files in the directory (using `ls -l`, for instance) but also allows you to change your working directory (using `cd`) or pass through this directory on your way to a subdirectory underneath. Lacking execute permission on a directory can limit the other permissions in interesting ways. For example, how can you add a new file to a directory (by leveraging the write permission) if you can't access the directory's metadata to store the information for a new, additional file? You cannot. It is for this reason that directory-type files generally offer execute permission to one or more of the user owner, group owner, or others. ***\[ Want to test your sysadmin skills?*** [***Take a skills assessment today***](https://www.redhat.com/rhtapps/assessment/?intcmp=701f20000012ngPAAQ)***. \]*** ## How do you modify Linux file permissions? You can modify file and directory permissions with the `chmod` command, which stands for "change mode." To change file permissions in numeric mode, you enter `chmod` and the octal value you desire, such as 744, alongside the file name. To change file permissions in symbolic mode, you enter a user class and the permissions you want to grant them next to the file name. For example: ``` $ chmod ug+rwx example.txt $ chmod o+r example2.txt ``` This grants read, write, and execute for the user and group, and only read for others. In symbolic mode, `chmod u` represents permissions for the user owner, `chmod g` represents other users in the file's group, `chmod o` represents other users not in the file's group. For all users, use `chmod a`. Maybe you want to change the user owner itself. You can do that with the `chown` command. Similarly, the `chgrp` command can be used to change the group ownership of a file. ## What are special file permissions? Special permissions are available for files and directories and provide additional privileges over the standard permission sets that have been covered. - SUID is the special permission for the user access level and always executes as the user who owns the file, no matter who is passing the command. - SGID allows a file to be executed as the group owner of the file; a file created in the directory has its group ownership set to the directory owner. This is helpful for directories used collaboratively among different members of a group because all members can access and execute new files. The "sticky bit" is a directory-level special permission that restricts file deletion, meaning only the file owner can remove a file within the directory. Want to take a deeper dive into special permissions? [Read Linux permissions: SUID, SGID, and sticky bit](https://www.redhat.com/sysadmin/suid-sgid-sticky-bit). ## Wrapping up Understanding Linux file permissions (how to find them, read them, and change them) is an important part of maintaining and securing your systems. You can learn more about file permissions for [Red Hat Enterprise Linux](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) by checking out the [documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_managing-file-permissions_configuring-basic-system-settings) or by practicing with a self-paced lab on [using file permissions](https://lab.redhat.com/tracks/using-file-permissions?intcmp=701f20000012ngPAAQ). ***\[ Cheat sheet: Get a list of*** [***Linux utilities and commands for managing servers and networks***](https://opensource.com/downloads/cheat-sheet-networking?intcmp=701f20000012ngPAAQ)***. \]*** *** ### About the author [![Scott McBrien](https://www.redhat.com/themes/custom/rhdc/img/author-default-img.svg)](https://www.redhat.com/en/authors/scott-mcbrien) [Scott McBrien](https://www.redhat.com/en/authors/scott-mcbrien) ## More like this Blog post ### [Red Hat Enterprise Linux now supported for Microsoft SQL Server on Azure VMs with SQL IaaS Agent extension](https://www.redhat.com/en/blog/red-hat-enterprise-linux-now-supported-microsoft-sql-server-azure-vms-sql-iaas-agent-extension) Blog post ### [Announcing Red Hat Advanced Cluster Security for Kubernetes 4.10](https://www.redhat.com/en/blog/announcing-red-hat-advanced-cluster-security-kubernetes-410) Original podcast ### [Collaboration In Product Security \| Compiler](https://www.redhat.com/en/compiler-podcast/collaboration-in-product-security) Original podcast ### [Keeping Track Of Vulnerabilities With CVEs \| Compiler](https://www.redhat.com/en/compiler-podcast/keeping-track-of-CVEs) ## Keep exploring - [Managing infrastructure at cloud scaleE-book](https://www.redhat.com/en/engage/managing-infrastructure-cloud-20221226?intcmp=7013a000003Sq0iAAC "Managing infrastructure at cloud scale") - Build an efficient IT foundation for modern business successE-book - [Start your trial: Red Hat Enterprise LinuxTrial](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/server/trial?intcmp=7013a000003Sq0iAAC "Red Hat Enterprise Linux | Product trial") ## Browse by channel [Explore all channels](https://www.redhat.com/en/blog/channels "Explore all channels") ![automation icon](https://www.redhat.com/cms/managed-files/automation.svg) ### [Automation](https://www.redhat.com/en/blog/channel/management-and-automation) The latest on IT automation for tech, teams, and environments ![AI icon](https://www.redhat.com/cms/managed-files/AI.svg) ### [Artificial intelligence](https://www.redhat.com/en/blog/channel/artificial-intelligence) Updates on the platforms that free customers to run AI workloads anywhere ![open hybrid cloud icon](https://www.redhat.com/cms/managed-files/open-hybrid-cloud.svg) ### [Open hybrid cloud](https://www.redhat.com/en/blog/[[url-nid:292921;title:Open%20Hybrid%20Cloud]]) Explore how we build a more flexible future with hybrid cloud ![security icon](https://www.redhat.com/cms/managed-files/security.svg) ### [Security](https://www.redhat.com/en/blog/channel/security) The latest on how we reduce risks across environments and technologies ![edge icon](https://www.redhat.com/cms/managed-files/edge_2.svg) ### [Edge computing](https://www.redhat.com/en/blog/channel/edge-computing) Updates on the platforms that simplify operations at the edge ![Infrastructure icon](https://www.redhat.com/cms/managed-files/infrastructure.svg) ### [Infrastructure](https://www.redhat.com/en/blog/channel/infrastructure) The latest on the world’s leading enterprise Linux platform ![application development icon](https://www.redhat.com/cms/managed-files/application-development.svg) ### [Applications](https://www.redhat.com/en/blog/channel/applications) Inside our solutions to the toughest application challenges ![Virtualization icon](https://www.redhat.com/rhdc/managed-files/Icon-Red_Hat-Virtual_server-A-Black-RGB.svg) ### [Virtualization](https://www.redhat.com/en/blog/channel/red-hat-virtualization) The future of enterprise virtualization for your workloads on-premise or across clouds [![Red Hat logo](https://static.redhat.com/libs/redhat/brand-assets/2/corp/logo--on-dark.svg)](https://www.redhat.com/en) [LinkedIn](https://www.linkedin.com/company/red-hat) [YouTube](https://www.youtube.com/user/RedHatVideos) [Facebook](https://www.facebook.com/RedHat/) [X](https://twitter.com/RedHat) [Instagram](https://www.instagram.com/red_hat/) ### Platforms - [Red Hat AI](https://www.redhat.com/en/products/ai) - [Red Hat Enterprise Linux](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) - [Red Hat OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) - [Red Hat Ansible Automation Platform](https://www.redhat.com/en/technologies/management/ansible) - [See all products](https://www.redhat.com/en/technologies/all-products) ### Tools - [Training and certification](https://www.redhat.com/en/services/training-and-certification) - [My account](https://www.redhat.com/wapps/ugc/protected/personalInfo.html) - [Customer support](https://access.redhat.com/) - [Developer resources](https://developers.redhat.com/) - [Find a partner](https://catalog.redhat.com/partners) - [Red Hat Ecosystem Catalog](https://catalog.redhat.com/) - [Documentation](https://docs.redhat.com/en) ### Try, buy, & sell - [Product trial center](https://www.redhat.com/en/products/trials) - [Red Hat Store](https://www.redhat.com/en/store) - [Buy online (Japan)](https://www.redhat.com/en/about/japan-buy) - [Console](https://www.redhat.com/en/hybrid-cloud-console) ### Communicate - [Contact sales](https://www.redhat.com/en/contact/sales) - [Contact customer service](https://www.redhat.com/en/contact/customer-service) - [Contact training](https://www.redhat.com/en/services/training-and-certification/contact-us) - [Social](https://www.redhat.com/en/about/social) ### About Red Hat Red Hat is an open hybrid cloud technology leader, delivering a consistent, comprehensive foundation for transformative IT and artificial intelligence (AI) applications in the enterprise. As a [trusted adviser to the Fortune 500](https://www.redhat.com/en/about/company), Red Hat offers cloud, developer, Linux, automation, and application platform technologies, as well as [award-winning](https://access.redhat.com/recognition) services. - [Our company](https://www.redhat.com/en/about/company) - [How we work](https://www.redhat.com/en/about/our-culture) - [Customer success stories](https://www.redhat.com/en/success-stories) - [Analyst relations](https://www.redhat.com/en/about/analysts) - [Newsroom](https://www.redhat.com/en/about/newsroom) - [Open source commitments](https://www.redhat.com/en/about/open-source) - [Our social impact](https://www.redhat.com/en/about/community-social-responsibility) - [Jobs](https://www.redhat.com/en/jobs) ### Change page language ### Red Hat legal and privacy links - [About Red Hat](https://www.redhat.com/en/about/company) - [Jobs](https://www.redhat.com/en/jobs) - [Events](https://www.redhat.com/en/events) - [Locations](https://www.redhat.com/en/about/office-locations) - [Contact Red Hat](https://www.redhat.com/en/contact) - [Red Hat Blog](https://www.redhat.com/en/blog) - [Inclusion at Red Hat](https://www.redhat.com/en/about/our-culture/inclusion) - [Cool Stuff Store](https://coolstuff.redhat.com/) - [Red Hat Summit](https://www.redhat.com/en/summit) © 2026 Red Hat ### Red Hat legal and privacy links - [Privacy statement](https://www.redhat.com/en/about/privacy-policy) - [Terms of use](https://www.redhat.com/en/about/terms-use) - [All policies and guidelines](https://www.redhat.com/en/about/all-policies-guidelines) - [Digital accessibility](https://www.redhat.com/en/about/digital-accessibility)
Readable Markdown
File permissions are core to the security model used by Linux systems. They determine who can access files and directories on a system and how. This article provides an overview of Linux file permissions, how they work, and how to change them. ## How do you view Linux file permissions? The `ls` command along with its `-l` (for long listing) option will show you metadata about your Linux files, including the permissions set on the file. ``` $ ls -l drwxr-xr-x. 4 root root 68 Jun 13 20:25 tuned -rw-r--r--. 1 root root 4017 Feb 24 2022 vimrc ``` In this example, you see two different listings. The first field of the `ls -l` output is a group of metadata that includes the permissions on each file. Here are the components of the `vimrc` listing: - File type: `-` - Permission settings: `rw-r--r--` - Extended attributes: dot (`.`) - User owner: `root` - Group owner: `root` The fields "File type" and "Extended attributes" are outside the scope of this article, but in the featured output above, the `vimrc` file is a normal file, which is file type `-` (that is, no special type). The `tuned` listing is for a `d`, or directory, type file. There are other file types as well, but these two are the most common. Available attributes are dependent on the filesystem format that the files are stored on. For [Red Hat Enterprise Linux](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) 7, 8, and 9, the default filesystem format is XFS. ## How do you read file permissions? This article is about the permission settings on a file. The interesting permissions from the `vimrc` listing are: ``` rw-r--r– ``` This string is actually an expression of three different sets of permissions: - rw- - r-- - r-- The first set of permissions applies to the owner of the file. The second set of permissions applies to the user group that owns the file. The third set of permissions is generally referred to as "others." All Linux files belong to an owner and a group. When permissions and users are represented by letters, that is called symbolic mode. For users, `u` stands for user owner, `g` for group owner, and `o` for others. For permissions, `r` stands for read, `w` for write, and `x` for execute. ***\[ Learn*** how to manage your Linux environment for success***. \]*** When the system is looking at a file's permissions to determine what information to provide you when you interact with a file, it runs through a series of checks: 1. It first checks to see whether you are the user that owns the file. If so, then you are granted the user owner's permissions, and no further checks will be completed. 2. If you are not the user that owns the file, next your group membership is validated to see whether you belong to the group that matches the group owner of the file. If so, then you're covered under the group owner field of permissions, and no further checks will be made. 3. "Others" permissions are applied when the account interacting with the file is neither the user owner nor in the group that owns the files. Or, to put it another way, the three fields are mutually exclusive: You can not be covered under more than one of the fields of permission settings on a file. Permissions go beyond the different types of people that can interact with a file. Each user gets an expression that includes the three basic types of permissions. In the example above, the owner of the file is given the following permissions: ``` rw- ``` Each character in the expression indicates whether a specific permission is granted or not. In the example above, read (`r`) permission and write (`w`) permission have been granted on the file. However, the execute permission (`x`) is not granted, which is why there's a `-` sign in the expression. The permission in this field is disabled. Consider the group owner's permissions in this example: ``` r-- ``` The read (`r`) permission is granted to members of the group, but write and execute have both been disabled. ***\[ Keep your most commonly used commands handy with the*** [***Linux commands cheat sheet***](https://developers.redhat.com/cheat-sheets/linux-commands-cheat-sheet?intcmp=701f20000012ngPAAQ)***. \]*** ## What are octal values? When Linux file permissions are represented by numbers, it's called numeric mode. In numeric mode, a three-digit value represents specific file permissions (for example, 744.) These are called octal values. The first digit is for owner permissions, the second digit is for group permissions, and the third is for other users. Each permission has a numeric value assigned to it: - r (read): 4 - w (write): 2 - x (execute): 1 In the permission value 744, the first digit corresponds to the user, the second digit to the group, and the third digit to others. By adding up the value of each user classification, you can find the file permissions. For example, a file might have read, write, and execute permissions for its owner, and only read permission for all other users. That looks like this: - Owner: rwx = 4+2+1 = 7 - Group: r-- = 4+0+0 = 4 - Others: r-- = 4+0+0 = 4 The results produce the three-digit value 744. ## What do Linux file permissions actually do? I've talked about how to view file permissions, who they apply to, and how to read what permissions are enabled or disabled. But what do these permissions actually do in practice? ### Read (r) Read permission is used to access the file's contents. You can use a tool like `cat` or `less` on the file to display the file contents. You could also use a text editor like Vi or `view` on the file to display the contents of the file. Read permission is required to make copies of a file, because you need to access the file's contents to make a duplicate of it. ### Write (w) Write permission allows you to modify or change the contents of a file. Write permission also allows you to use the redirect or append operators in the shell (`>` or `>>`) to change the contents of a file. Without write permission, changes to the file's contents are not permitted. ### Execute (x) Execute permission allows you to execute the contents of a file. Typically, executables would be things like commands or compiled binary applications. However, execute permission also allows someone to run Bash shell scripts, Python programs, and a variety of interpreted languages. ***\[ Download now:*** [***A sysadmin's guide to Bash scripting***](https://opensource.com/downloads/bash-scripting-ebook?intcmp=701f20000012ngPAAQ)***. \]*** There are other ways to execute the contents of a file without execute permission. For example, you could use an interpreter that has execute permission to read a file with instructions for the interpreter to execute. An example would be invoking a Bash shell script: ``` $ bash script.sh ``` The executable being run is `bash`. The `script.sh` file is read by the Bash interpreter, and its commands are executed. The content in this article is general purpose, but in Linux, there are often [additional ways to accomplish tasks](https://opensource.com/downloads/linux-command-replacements?intcmp=701f20000012ngPAAQ). ## How do directory permissions work? Directory file types are indicated with `d`. Conceptually, permissions operate the same way, but directories interpret these operations differently. ### Read (r) Like regular files, this permission allows you to read the contents of the directory. However, that means that you can view the contents (or files) stored within the directory. This permission is required to have things like the `ls` command work. ### Write (w) As with regular files, this allows someone to modify the contents of the directory. When you are changing the contents of the directory, you are either adding files to the directory or removing files from the directory. As such, you must have write permission on a directory to move (`mv`) or remove (`rm`) files from it. You also need write permission to create new files (using `touch` or a file-redirect operator) or copy (`cp`) files into the directory. ### Execute (x) This permission is very different on directories compared to files. Essentially, you can think of it as providing access to the directory. Having execute permission on a directory authorizes you to look at extended information on files in the directory (using `ls -l`, for instance) but also allows you to change your working directory (using `cd`) or pass through this directory on your way to a subdirectory underneath. Lacking execute permission on a directory can limit the other permissions in interesting ways. For example, how can you add a new file to a directory (by leveraging the write permission) if you can't access the directory's metadata to store the information for a new, additional file? You cannot. It is for this reason that directory-type files generally offer execute permission to one or more of the user owner, group owner, or others. ***\[ Want to test your sysadmin skills?*** [***Take a skills assessment today***](https://www.redhat.com/rhtapps/assessment/?intcmp=701f20000012ngPAAQ)***. \]*** ## How do you modify Linux file permissions? You can modify file and directory permissions with the `chmod` command, which stands for "change mode." To change file permissions in numeric mode, you enter `chmod` and the octal value you desire, such as 744, alongside the file name. To change file permissions in symbolic mode, you enter a user class and the permissions you want to grant them next to the file name. For example: ``` $ chmod ug+rwx example.txt $ chmod o+r example2.txt ``` This grants read, write, and execute for the user and group, and only read for others. In symbolic mode, `chmod u` represents permissions for the user owner, `chmod g` represents other users in the file's group, `chmod o` represents other users not in the file's group. For all users, use `chmod a`. Maybe you want to change the user owner itself. You can do that with the `chown` command. Similarly, the `chgrp` command can be used to change the group ownership of a file. ## What are special file permissions? Special permissions are available for files and directories and provide additional privileges over the standard permission sets that have been covered. - SUID is the special permission for the user access level and always executes as the user who owns the file, no matter who is passing the command. - SGID allows a file to be executed as the group owner of the file; a file created in the directory has its group ownership set to the directory owner. This is helpful for directories used collaboratively among different members of a group because all members can access and execute new files. The "sticky bit" is a directory-level special permission that restricts file deletion, meaning only the file owner can remove a file within the directory. Want to take a deeper dive into special permissions? [Read Linux permissions: SUID, SGID, and sticky bit](https://www.redhat.com/sysadmin/suid-sgid-sticky-bit). ## Wrapping up Understanding Linux file permissions (how to find them, read them, and change them) is an important part of maintaining and securing your systems. You can learn more about file permissions for [Red Hat Enterprise Linux](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) by checking out the [documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/assembly_managing-file-permissions_configuring-basic-system-settings) or by practicing with a self-paced lab on [using file permissions](https://lab.redhat.com/tracks/using-file-permissions?intcmp=701f20000012ngPAAQ). ***\[ Cheat sheet: Get a list of*** [***Linux utilities and commands for managing servers and networks***](https://opensource.com/downloads/cheat-sheet-networking?intcmp=701f20000012ngPAAQ)***. \]***
ML Classification
ML Categories
/Computers_and_Electronics
97.4%
/Computers_and_Electronics/Computer_Security
81.2%
/Computers_and_Electronics/Computer_Security/Network_Security
70.2%
Raw JSON
{
    "/Computers_and_Electronics": 974,
    "/Computers_and_Electronics/Computer_Security": 812,
    "/Computers_and_Electronics/Computer_Security/Network_Security": 702
}
ML Page Types
/Article
99.6%
/Article/Tutorial_or_Guide
56.9%
Raw JSON
{
    "/Article": 996,
    "/Article/Tutorial_or_Guide": 569
}
ML Intent Types
Informational
99.9%
Raw JSON
{
    "Informational": 999
}
Content Metadata
Languageen
AuthorScott McBrien
Publish Timenot set
Original Publish Time2024-08-09 11:14:53 (1 year ago)
RepublishedNo
Word Count (Total)2,918
Word Count (Content)1,864
Links
External Links13
Internal Links177
Technical SEO
Meta NofollowNo
Meta NoarchiveNo
JS RenderedNo
Redirect Targetnull
Performance
Download Time (ms)21
TTFB (ms)15
Download Size (bytes)69,584
Shard14 (laksa)
Root Hash4780968593380432814
Unparsed URLcom,redhat!www,/en/blog/linux-file-permissions-explained s443