Linux File Permissions Cheat Sheet – StationX

File permissions, that is, controlling access to files and directories (folders), are indispensable. If you’ve written custom Bash scripts, you’ve probably lost count of how many times you invoke the chmod +x command myscript.sh. When performing system administrative tasks, you should be familiar with the su or sudo commands.

From time to time, you may need a refresher on file permissions. At work, you may have to protect classified data from prying eyes on company servers, often hosted on Linux. Also, imagine the losses you incur if you don’t prevent accidental changes to critical files or malicious behavior.

This Linux file permissions cheat sheet is the refresher you need. It covers file permission types, user categories to which they apply, chmod, su/sudo, and related Linux commands.

You can download the PDF of this cheat sheet here. If you’re still here, let’s dive in.

Permissions The

following commands display file/directory permissions

:

Permissions, scope, and file details when executing ls -l or ls -ld

Permissions in

symbolic notation

Permissions on files and directories span four scopes:

Description of the scope symbol

File permissions

Type of permissionSymbol If a file has this permission, it can:If a directory has this permission, it can:

Permission-related commands

Command Description

If you run a command beyond the granted permissions, you will get errors like “Permission denied” or “Operation not allowed”.

Changing permissions

There are two methods for rendering permissions on the command line. The first argument to the chmod command supports both representations.

MethodPermission FormatExamples Application no chmod

Symbolic notation

This notation is used in the ls -l and ls -ld command outputs, and uses a combination of u/g/o/a (indicating the scope), +/-/=, and r/w/x to change permissions. If you omit u/g/o/a, the default value is a.

The +/-/= notation refers to grant/delete/set multiple permissions.

Here are some examples of using chmod with symbolic notation. You can change more than one permission at a time by joining symbolic notations with a comma (,) as shown in the fourth example below.

Command in symbolic notation Change in user permissions (u) Change in group permissions (g) Change in the world (or) permissions✓✓✓✓✓✓ ☐☐ ☐☐ ☐☐ ☐ ✓ ☐ ✓✓☐ Octal

notation

This notation is a three-digit number, in which each digit represents permissions as the sum of four sums 4, 2, and 1 corresponding to the read (r), write (w), and execute (x) permissions respectively.

The first digit applies to the user (owner) (u). The second digit applies to

• the group (g). The third digit applies to the

world (

• other users) (

or).

Octal digit Permission(s

) granted Symbolic

Here are some examples of using chmod with

octal notation:

Command in octal notation Change in user permissions (u) Change in group permissions (g) Change in the world (or) permissions✓✓✓✓ ✓ ✓✓✓✓✓✓✓✓✓✓✓✓✓✓✓ ☐☐ ☐☐☐☐☐ ☐ ☐ ☐ ☐ ✓✓✓✓✓Conversion

between symbolic and octal notations To display octal notation, assign

↔ symbolic notation to binary numbers (0 = permission denied, 1 = permission granted) and let ⇔ convert between binary and octal number system. You have

: r 1002 ⇔ 48, w 0102 ⇔ 28, and x

0012 ⇔ 18.
• ↔

Therefore, each combination of r, w

• ↔, and x
• ↔

corresponds to the unique sum of its numeric representations, such as full rwx permissions 111 111 1112 ⇔ 7778, as follows: Symbolic notation (ls -l)Binary representation Octal notation Default permissions ↔

In addition to being an alternative to symbolic notation, octal notation has a special use case with the umask command.

To check what permissions you have as the current user, use the umask command to get a four-digit number that, if subtracted from 0777, grants your default permissions to create a directory, and if subtracted from 0666, grants your default permissions to create a file.

Usage

:

Commanddescription

Examples:

Mask output Default directory permissions Default file permissions

Change

ownership Before you

change ownership of any file or directory, you need to know how your computer identifies users and groups. Two useful commands are id and groups.

Usage

:

Command

Description

Example:

id outpu Description groups output Description

Superuser

Most Linux distributions contain a program that allows you to access the terminal as superuser (or root user). This program helps experienced users to perform system administration tasks.

The two ways to invoke this program are the su commands (short for surrogate user) to open a dedicated root shell and sudo to execute inline attachment commands. In both cases, you will need to enter the superuser’s password to proceed with the task you want to perform.

Modern distributions do not set the superuser password, so in that situation, use the sudo -i command to enter the root shell.

The shell symbol changes from $ to # in the root shell. It is a reminder that with great power comes great responsibility. To exit the root shell, use the exit command.

Command (includes shell prompt)

symbol)Command description Output prompt and (new) shell prompt

Use these superuser commands

carefully. Change file

ownership

If you have superuser privileges, you can change the owner (user) of a file or directory by using the chown command. If you know the new owner’s uid, you can also replace user2 below with the corresponding uid.

Description

of

the Changing Group Ownership Command If you are the owner of a file or

directory, you can change the group ownership of a file or directory by using the chgrp command

.

Description

of the

command

If you’re looking to become a Linux power user, check out our collection of Linux courses.

Frequently Asked Questions