Permission Basics
Every file and directory on Linux has three permission sets: owner, group, and others. Each set can have read (r), write (w), and execute (x) permissions.
ls -la
# -rwxr-xr-- 1 john developers 4096 Feb 25 10:00 script.sh
# ^^^ owner permissions (rwx = read, write, execute)
# ^^^ group permissions (r-x = read, execute)
# ^^^ others permissions (r-- = read only)
Numeric Permissions
| Permission | Value |
|---|
| Read (r) | 4 |
| Write (w) | 2 |
| Execute (x) | 1 |
# Common permission sets
chmod 755 script.sh # rwxr-xr-x (owner full, others read+execute)
chmod 644 index.html # rw-r--r-- (owner read+write, others read)
chmod 600 secrets.key # rw------- (owner only)
chmod 700 private_dir # rwx------ (owner only, directory)
Changing Ownership
# Change owner
chown john file.txt
# Change owner and group
chown john:developers file.txt
# Recursive (entire directory)
chown -R www-data:www-data /var/www/html
Special Permissions
| Permission | Numeric | Effect |
|---|
| SUID | 4000 | File executes as file owner |
| SGID | 2000 | File executes as group; new files in directory inherit group |
| Sticky bit | 1000 | Only file owner can delete in directory |
# Set SGID on directory (new files inherit group)
chmod g+s /var/www/shared
# Set sticky bit (like /tmp)
chmod +t /shared
Web Server Permissions
# Typical web directory setup
chown -R www-data:www-data /var/www/html
find /var/www/html -type d -exec chmod 755 {} \;
find /var/www/html -type f -exec chmod 644 {} \;