File permissions, that is, controlling access to files and directories (folders), are indispensable. If you’ve written custom Bash scripts, you’ve probably lost count of how many times you invoke the chmod +x command myscript.sh. When performing system administrative tasks, you should be familiar with the su or sudo commands.
From time to time, you may need a refresher on file permissions. At work, you may have to protect classified data from prying eyes on company servers, often hosted on Linux. Also, imagine the losses you incur if you don’t prevent accidental changes to critical files or malicious behavior.
This Linux file permissions cheat sheet is the refresher you need. It covers file permission types, user categories to which they apply, chmod, su/sudo, and related Linux commands.
You can download the PDF of this cheat sheet here. If you’re still here, let’s dive in.
following commands display file/directory permissions
Permissions, scope, and file details when executing ls -l or ls -ld
Permissions on files and directories span four scopes:
Description of the scope symbol
If you run a command beyond the granted permissions, you will get errors like “Permission denied” or “Operation not allowed”.
There are two methods for rendering permissions on the command line. The first argument to the chmod command supports both representations.
This notation is used in the ls -l and ls -ld command outputs, and uses a combination of u/g/o/a (indicating the scope), +/-/=, and r/w/x to change permissions. If you omit u/g/o/a, the default value is a.
The +/-/= notation refers to grant/delete/set multiple permissions.
Here are some examples of using chmod with symbolic notation. You can change more than one permission at a time by joining symbolic notations with a comma (,) as shown in the fourth example below.
This notation is a three-digit number, in which each digit represents permissions as the sum of four sums 4, 2, and 1 corresponding to the read (r), write (w), and execute (x) permissions respectively.
The first digit applies to the user (owner) (u). The second digit applies to
- the group (g). The third digit applies to the
- other users) (
Octal digit Permission(s
Here are some examples of using chmod with
between symbolic and octal notations To display octal notation, assign
↔ symbolic notation to binary numbers (0 = permission denied, 1 = permission granted) and let ⇔ convert between binary and octal number system. You have
: r 1002 ⇔ 48, w 0102 ⇔ 28, and x
- 0012 ⇔ 18.
- ↔, and x
Therefore, each combination of r, w
corresponds to the unique sum of its numeric representations, such as full rwx permissions 111 111 1112 ⇔ 7778, as follows: Symbolic notation (ls -l)Binary representation Octal notation Default permissions ↔
In addition to being an alternative to symbolic notation, octal notation has a special use case with the umask command.
To check what permissions you have as the current user, use the umask command to get a four-digit number that, if subtracted from 0777, grants your default permissions to create a directory, and if subtracted from 0666, grants your default permissions to create a file.
ownership Before you
change ownership of any file or directory, you need to know how your computer identifies users and groups. Two useful commands are id and groups.
Most Linux distributions contain a program that allows you to access the terminal as superuser (or root user). This program helps experienced users to perform system administration tasks.
The two ways to invoke this program are the su commands (short for surrogate user) to open a dedicated root shell and sudo to execute inline attachment commands. In both cases, you will need to enter the superuser’s password to proceed with the task you want to perform.
Modern distributions do not set the superuser password, so in that situation, use the sudo -i command to enter the root shell.
The shell symbol changes from $ to # in the root shell. It is a reminder that with great power comes great responsibility. To exit the root shell, use the exit command.
Command (includes shell prompt)
Use these superuser commands
carefully. Change file
If you have superuser privileges, you can change the owner (user) of a file or directory by using the chown command. If you know the new owner’s uid, you can also replace user2 below with the corresponding uid.
the Changing Group Ownership Command If you are the owner of a file or
directory, you can change the group ownership of a file or directory by using the chgrp command
If you’re looking to become a Linux power user, check out our collection of Linux courses.