Reading Permissions

Let's learn to read that cryptic ls -l output without thinking twice.

Decoding ls -l

Terminal

$ls -l

-rw-r--r-- 1 alice developers 4096 Jan 14 10:00 report.txt drwxr-xr-x 5 alice developers 4096 Jan 14 09:30 projects/ lrwxrwxrwx 1 alice developers 15 Jan 14 08:00 link -> target

Let's break down each column.

The Permission String

-rw-r--r--
│├─┤├─┤├─┤
│ │  │  └── Others: r--  (read only)
│ │  └───── Group:  r--  (read only)
│ └──────── Owner:  rw-  (read + write)
└────────── Type:   -    (regular file)

File Types

The first character indicates type:

Character	Type
`-`	Regular file
`d`	Directory
`l`	Symbolic link
`c`	Character device
`b`	Block device
`s`	Socket
`p`	Named pipe

Terminal

$ls -la /dev | head -5

drwxr-xr-x 19 root root 4080 Jan 14 08:00 . drwxr-xr-x 19 root root 4096 Jan 14 08:00 .. crw-rw-rw- 1 root root 1, 3 Jan 14 08:00 null brw-rw---- 1 root disk 8, 0 Jan 14 08:00 sda

Notice c for character device (null) and b for block device (sda).

Common Permission Patterns

644 (-rw-r--r--)

Terminal

$ls -l config.txt

-rw-r--r-- 1 user user 1024 Jan 14 config.txt

Standard for files. Owner can edit, everyone can read.

755 (-rwxr-xr-x)

Terminal

$ls -l script.sh

-rwxr-xr-x 1 user user 2048 Jan 14 script.sh

Standard for executables and directories. Owner has full control, everyone can read and execute.

700 (-rwx------)

Terminal

$ls -ld ~/.ssh

drwx------ 2 user user 4096 Jan 14 /home/user/.ssh

Private. Only owner has access.

777 (-rwxrwxrwx)

Avoid 777

Everyone can do everything. Almost never appropriate. If you're using 777 to "fix" a permission issue, you're creating a security hole.

Reading the Other Columns

Terminal

$ls -l report.txt

-rw-r--r-- 1 alice developers 4096 Jan 14 10:00 report.txt

Column	Value	Meaning
Permissions	`-rw-r--r--`	File type and access
Hard links	`1`	Number of hard links
Owner	`alice`	User who owns the file
Group	`developers`	Group assignment
Size	`4096`	Size in bytes
Modified	`Jan 14 10:00`	Last modification time
Name	`report.txt`	Filename

Quick Permission Check

Terminal

$stat -c '%A %a %n' *

-rw-r--r-- 644 config.txt -rwxr-xr-x 755 script.sh drwxr-xr-x 755 projects

stat shows both symbolic (rwx) and numeric (755) formats.

Who Can Do What?

Terminal

$ls -l project/

-rw-r----- 1 alice developers 1024 Jan 14 secret.txt

For secret.txt:

alice (owner): read + write
Members of developers group: read only
Everyone else: no access

Can bob access it? Only if bob is in the developers group.

Terminal

$groups bob

bob : bob users developers

Yes, bob is in developers, so bob gets group permissions (read only).

Knowledge Check

What does `-rw-------` mean?

Key Takeaways

First character = file type (-, d, l, etc.)
Next 9 characters = permissions in groups of 3
Each group: owner, group, others
Each position: read, write, execute (or - if denied)
Common patterns: 644 (files), 755 (executables/dirs), 700 (private)
777 is almost always wrong

Next: changing permissions with symbolic mode (chmod u+x).

Reading Permissions

Let's learn to read that cryptic ls -l output without thinking twice.

Decoding ls -l

Terminal

$ls -l

-rw-r--r-- 1 alice developers 4096 Jan 14 10:00 report.txt drwxr-xr-x 5 alice developers 4096 Jan 14 09:30 projects/ lrwxrwxrwx 1 alice developers 15 Jan 14 08:00 link -> target

Let's break down each column.

The Permission String

-rw-r--r--
│├─┤├─┤├─┤
│ │  │  └── Others: r--  (read only)
│ │  └───── Group:  r--  (read only)
│ └──────── Owner:  rw-  (read + write)
└────────── Type:   -    (regular file)

File Types

The first character indicates type:

Character	Type
`-`	Regular file
`d`	Directory
`l`	Symbolic link
`c`	Character device
`b`	Block device
`s`	Socket
`p`	Named pipe

Terminal

$ls -la /dev | head -5

drwxr-xr-x 19 root root 4080 Jan 14 08:00 . drwxr-xr-x 19 root root 4096 Jan 14 08:00 .. crw-rw-rw- 1 root root 1, 3 Jan 14 08:00 null brw-rw---- 1 root disk 8, 0 Jan 14 08:00 sda

Notice c for character device (null) and b for block device (sda).

Common Permission Patterns

644 (-rw-r--r--)

Terminal

$ls -l config.txt

-rw-r--r-- 1 user user 1024 Jan 14 config.txt

Standard for files. Owner can edit, everyone can read.

755 (-rwxr-xr-x)

Terminal

$ls -l script.sh

-rwxr-xr-x 1 user user 2048 Jan 14 script.sh

Standard for executables and directories. Owner has full control, everyone can read and execute.

700 (-rwx------)

Terminal

$ls -ld ~/.ssh

drwx------ 2 user user 4096 Jan 14 /home/user/.ssh

Private. Only owner has access.

777 (-rwxrwxrwx)

Avoid 777

Everyone can do everything. Almost never appropriate. If you're using 777 to "fix" a permission issue, you're creating a security hole.

Reading the Other Columns

Terminal

$ls -l report.txt

-rw-r--r-- 1 alice developers 4096 Jan 14 10:00 report.txt

Column	Value	Meaning
Permissions	`-rw-r--r--`	File type and access
Hard links	`1`	Number of hard links
Owner	`alice`	User who owns the file
Group	`developers`	Group assignment
Size	`4096`	Size in bytes
Modified	`Jan 14 10:00`	Last modification time
Name	`report.txt`	Filename

Quick Permission Check

Terminal

$stat -c '%A %a %n' *

-rw-r--r-- 644 config.txt -rwxr-xr-x 755 script.sh drwxr-xr-x 755 projects

stat shows both symbolic (rwx) and numeric (755) formats.

Who Can Do What?

Terminal

$ls -l project/

-rw-r----- 1 alice developers 1024 Jan 14 secret.txt

For secret.txt:

alice (owner): read + write
Members of developers group: read only
Everyone else: no access

Can bob access it? Only if bob is in the developers group.

Terminal

$groups bob

bob : bob users developers

Yes, bob is in developers, so bob gets group permissions (read only).

Knowledge Check

What does `-rw-------` mean?

Key Takeaways

First character = file type (-, d, l, etc.)
Next 9 characters = permissions in groups of 3
Each group: owner, group, others
Each position: read, write, execute (or - if denied)
Common patterns: 644 (files), 755 (executables/dirs), 700 (private)
777 is almost always wrong

Next: changing permissions with symbolic mode (chmod u+x).