Setting File Permissions In Linux: Octal Vs Symbolic Modes

ByThe Aha Unix Team

Understanding File Permissions in Linux

Linux uses a permissions system based on the owner, group, and other users to control access to files and directories. Each file and directory has an associated owner user and group. Permissions define the ability of the owner, group members, and all other users to read, write (modify), or execute (run) the file.

The permission settings are viewable using the ‘ls -l’ command which shows a 10 character sequence for each file indicating the permissions. The first character is the file type (- for regular file, d for directory). The next three characters define the actual permissions, and there are three groups of permissions – for owner, group, and others.

Permission Types

  • Read (r) – View what is in the file, see file contents.
  • Write (w) – Edit, change, or delete the file.
  • Execute (x) – Run a file as a script or program.

Permission Groups

  • Owner permissions – Apply only to a file’s owner user.
  • Group permissions – Apply to members of the file’s group.
  • Others permissions – Apply to all other users on the system.

So for example a file with ‘rwxr-xr–‘ permissions allows the owner full read/write/execute access, the group read/execute access, and everyone else only read access.

Octal Notation for File Permissions

The standard chmod command for changing permissions uses a numeric octal (base 8) mode as an argument. Octal notation provides a convenient compact way to represent the standard rwxrwxrwx permission set.

Each rwx group is represented by a digit from 0 to 7. Read is assigned a value of 4, write is 2, and execute is 1. You add up the numbers for the permissions you want to set. So for example:

  • 7 = read + write + execute (rwx)
  • 6 = read + write (rw)
  • 5 = read + execute (r-x)
  • 4 = read only (r–)
  • 3 = write + execute (-wx)
  • 2 = write only (-w-)
  • 1 = execute only (–x)
  • 0 = none (—)

Putting the three digits together gives the full set of permissions. For standard files the first digit is the owner permissions. Directory and special files vary slightly. For example:

755 = Owner rwx, Group r-x, Others r-x
644 = Owner rw, Group rw, Others r-- 
711 = Owner rwx, Group --x, Others --x

Symbolic Notation for Permissions

Many chmod operations are easier to perform if you use symbolic notation instead of octal numbers. The format for symbolic notation is:

chmod [ugoa][+-=][rwx] FILE

The components in the square brackets are:

  • u – User/Owner permissions
  • g – Group permissions
  • o – Other/world permissions
  • a – All/everyone (Applies to all of user, group and other permissions)
  • + – Add designated permission
  • – Remove designated permission
  • = – Explicitly set exact permission
  • r – Read permission
  • w – Write permission
  • x – Execute permission

Some examples would be:

  • chmod g+w FILE – Add group write permission
  • chmod o-x FILE – Remove other execute permission
  • chmod a= FILE – Remove all permissions for everyone
  • chmod ug=rwx,o= FILE – Set owner/group full access, others none

Setting Permissions with chmod

Whether you want to use octal or symbolic notation, the chmod command is the tool used to actually set Linux file permissions on disk. The basic syntax is:

chmod [options] mode FILE

Where mode can either be an octal value like 755 or a symbolic value like g+w.

Here are some examples of using chmod to modify permissions on files:

Numeric Octal Examples

chmod 755 file.txt
chmod 644 file.txt
chmod 600 file.txt
chmod 700 directory

Symbolic Examples

chmod g+w file.txt
chmod o-x * 
chmod a+r file.txt
chmod g=rwx dir/

Common Permission Issues

One of the most common file permission issues stem from directories that are not executable for a user. If a directory’s execute bit is not set for a user, they cannot access anything under that directory even if individual file permissions allow access.

Web servers, ftp servers, and other network services may fail to start correctly if their configuration directories to not have the correct permissions set. Core operating system directories also require root or administrator level permissions.

Permission issues can lock users out of important files or block access to required network services. If a user cannot read a file, or a service cannot access a configuration it needs to run, it renders the system or application non-functional.

Troubleshooting Tips

  • Use ls -l to verify a file or folder’s permissions
  • Try accessing file as owner, group, and other user to test which fails
  • Set base permissions to open up access (755 directories, 644 files etc)
  • Check parent directory permissions allow access
  • Reset ownership with chown if required

Best Practices for Permissions

Following best practices and standards for permission settings ensures proper security and functionality:

  • System files – Restrict as much as possible, root only if able
  • User files – Start with 700/600, open up as needed
  • Application files – Set owners correctly, default to 750 for directories, 640 for files
  • Shared files – Add group permissions generously so all collaborators can access
  • Sensitive files – Tighten as needed, 600 prevents other users accessing even to read

Taking the time to properly configure file permissions goes a long way toward keeping a system secure and avoid cryptic access denied errors. Understanding the octal and symbolic modes provides the full flexibility to tightly control permission settings.

Leave a Reply

Your email address will not be published. Required fields are marked *