Linux

Understanding Permissions

You try to run a script: "Permission denied." You try to edit a config: "Permission denied." You try to access a directory: "Permission denied."

This chapter fixes that. Let's understand how Linux permissions work.

Why Permissions Exist

Linux is a multi-user system. Even on your personal laptop, there's:

  • Your user account
  • The root superuser
  • System service accounts (nginx, mysql, etc.)

Permissions control who can do what. Without them, any user could read your private files, delete system configs, or crash services.

The Three Permissions

Every file has three basic permissions:

PermissionLetterMeaning
ReadrView file contents
WritewModify file contents
ExecutexRun the file as a program

For directories, they mean slightly different things:

PermissionFor FilesFor Directories
Read (r)View contentsList files
Write (w)Modify contentsCreate/delete files
Execute (x)Run as programEnter the directory

Directory Execute - The Most Confusing Part

You need x (execute) permission on a directory to cd into it or access files inside. This is the #1 source of permission confusion:

  • Read (r) on a directory = can list filenames
  • Execute (x) on a directory = can enter and access files
  • Without x, you can see names but can't access anything inside

The Three User Classes

Permissions apply to three classes of users:

ClassSymbolDescription
OwneruThe user who owns the file
GroupgUsers in the file's group
OthersoEveryone else

Every file has:

  • One owner (a user)
  • One group (a collection of users)

Permissions are checked in order:

  1. If you're the owner → owner permissions apply
  2. Else if you're in the group → group permissions apply
  3. Else → others permissions apply

Visualizing Permissions

-rwxr-xr--
│└┬┘└┬┘└┬┘
│ │  │  └── Others: read only
│ │  └───── Group: read + execute
│ └──────── Owner: read + write + execute
└────────── File type (- = file, d = directory)

This is what you see with ls -l.

Permission Examples

PermissionMeaning
rwx------Owner has full access, nobody else
rw-r--r--Owner can edit, others can read
rwxr-xr-xOwner can edit+run, others can run
rw-rw----Owner and group can edit
---------Nobody can do anything
Terminal
$ls -l
-rw-r--r-- 1 user user 1024 Jan 14 notes.txt -rwxr-xr-x 1 user user 4096 Jan 14 script.sh drwxr-xr-x 2 user user 4096 Jan 14 projects/

The Numeric System (Preview)

Each permission has a number:

  • r = 4
  • w = 2
  • x = 1

Add them up for each class:

  • rwx = 4+2+1 = 7
  • r-x = 4+0+1 = 5
  • r-- = 4+0+0 = 4

So rwxr-xr-- = 754

We'll cover this in detail later.

Knowledge Check

What does it mean if you have 'r' but not 'x' permission on a directory?

Key Takeaways

  • Three permissions: read (r), write (w), execute (x)
  • Three user classes: owner (u), group (g), others (o)
  • Directories need execute (x) permission to enter
  • Permissions are checked in order: owner → group → others
  • ls -l shows permissions in the format rwxrwxrwx

Next: how to read and interpret permission strings from ls -l.