Linux File Permissions Cheat Sheet
Linux file permissions explained: chmod, chown, octal notation, symbolic notation, special permissions (SUID, SGID, sticky bit). Complete reference.
| Symbol | Description |
|---|
r (read) | Files: view contents. Directories: list files inside |
w (write) | Files: modify contents. Directories: create, delete, rename files inside |
x (execute) | Files: run as a program. Directories: enter the directory (cd) |
- | Permission not granted |
u (user) | The file owner |
g (group) | The file's group |
o (other) | Everyone else |
a (all) | All three: user, group, and other |
-rwxrwxrwx | Full permission string: [type][user rwx][group rwx][other rwx] |
ls -l | View permissions, owner, group, size, and date of files |
stat filename | View detailed file status including permissions in both symbolic and octal |
| Octal Value | Description |
|---|
0 | No permission --- |
1 | Execute only --x |
2 | Write only -w- |
3 | Write and execute -wx |
4 | Read only r-- |
5 | Read and execute r-x |
6 | Read and write rw- |
7 | Read, write, and execute rwx |
| Command | Description |
|---|
chmod u+x file | Add execute permission for the file owner |
chmod u-w file | Remove write permission from the file owner |
chmod g+r file | Add read permission for the group |
chmod g-x file | Remove execute permission from the group |
chmod o+r file | Add read permission for others |
chmod o-rwx file | Remove all permissions for others |
chmod a+r file | Add read permission for everyone (user, group, other) |
chmod u+x,g+r file | Add execute for owner and read for group in one command |
chmod u=rwx,g=rx,o=r file | Set exact permissions: owner rwx, group rx, other r |
chmod +x file | Add execute permission for all (equivalent to a+x) |
chmod -R u+rw dir/ | Recursively add read and write for owner to entire directory tree |
| Command | Description |
|---|
chmod 755 file | rwxr-xr-x — Owner full, group and others read/execute |
chmod 644 file | rw-r--r-- — Owner read/write, group and others read only |
chmod 700 file | rwx------ — Owner full, no access for anyone else |
chmod 600 file | rw------- — Owner read/write only, no one else |
chmod 777 file | rwxrwxrwx — Full access for everyone (use with caution) |
chmod 666 file | rw-rw-rw- — Read/write for everyone, no execute |
chmod 444 file | r--r--r-- — Read only for everyone |
chmod 555 file | r-xr-xr-x — Read and execute for everyone, no write |
chmod 750 file | rwxr-x--- — Owner full, group read/execute, others none |
chmod 640 file | rw-r----- — Owner read/write, group read, others none |
chmod -R 755 dir/ | Recursively set 755 permissions on an entire directory tree |
| Command | Description |
|---|
chown user file | Change the owner of a file |
chown user:group file | Change the owner and group of a file |
chown :group file | Change only the group of a file |
chown -R user:group dir/ | Recursively change owner and group for an entire directory |
chown --reference=ref file | Set ownership of file to match ref |
chgrp group file | Change the group of a file |
chgrp -R group dir/ | Recursively change the group for an entire directory |
| Permission | Description |
|---|
SUID (Set User ID) | When set on an executable, it runs with the permissions of the file owner (e.g., /usr/bin/passwd) |
chmod u+s file | Set the SUID bit on a file |
chmod 4755 file | Set SUID with octal notation (leading 4): -rwsr-xr-x |
SGID (Set Group ID) | Executables run with group permissions. Directories: new files inherit the group |
chmod g+s dir/ | Set the SGID bit on a directory |
chmod 2755 dir/ | Set SGID with octal notation (leading 2): drwxr-sr-x |
Sticky Bit | On directories, only the file owner can delete their files (e.g., /tmp) |
chmod +t dir/ | Set the sticky bit on a directory |
chmod 1755 dir/ | Set sticky bit with octal notation (leading 1): drwxr-xr-t |
-rwsr-xr-x | The s in owner execute position indicates SUID is set |
drwxr-sr-x | The s in group execute position indicates SGID is set |
drwxrwxrwt | The t in other execute position indicates sticky bit is set |
-rwSr--r-- | Uppercase S means SUID is set but execute is not (often an error) |
| Pattern | Description |
|---|
644 (rw-r--r--) | Standard for regular files — owner can edit, others can read |
755 (rwxr-xr-x) | Standard for directories and executables — owner full, others can read and execute |
600 (rw-------) | Private files (e.g., SSH keys, ~/.ssh/id_rsa) |
700 (rwx------) | Private directories (e.g., ~/.ssh) |
444 (r--r--r--) | Read-only for everyone — config files you don't want modified |
777 (rwxrwxrwx) | Full access for everyone — security risk, avoid in production |
750 (rwxr-x---) | Owner full, group can read/execute, others no access |
640 (rw-r-----) | Owner read/write, group read only, others no access |
400 (r--------) | Read-only for owner only (e.g., authorized_keys on some systems) |
| Command | Description |
|---|
umask | Display the current umask value |
umask -S | Display the current umask in symbolic notation |
umask 022 | Set umask to 022 — new files get 644, directories get 755 |
umask 077 | Set umask to 077 — new files get 600, directories get 700 (most restrictive) |
umask 002 | Set umask to 002 — new files get 664, directories get 775 (group-friendly) |
| How umask works | The umask is subtracted from 666 (files) or 777 (directories) to get default permissions |
Default umask: 022 | Files: 666 - 022 = 644. Directories: 777 - 022 = 755 |
Set in ~/.bashrc | Add umask 027 to your profile for persistent umask settings |