Linux File Permissions: The Complete Guide for Beginners and LFCS Prep

by

How Linux File Permissions Work

If you want to manage files securely and confidently on any Linux system—or you’re preparing for the LFCS exam—understanding file permissions is a must. File and directory permissions form the backbone of Linux security, and knowing how to read, modify, and troubleshoot them is a core skill for any sysadmin.

In this guide, you’ll learn how Linux file permissions work, how to use chmod, chown, and umask, and how to apply best practices across different scenarios.

Diagram showing Linux file permissions, user/group/other breakdown and symbolic vs numeric modes.

Why File Permissions Matter

Every file and directory in Linux has a set of permissions that control who can read, write, or execute them. Incorrect permissions can:

  • Expose sensitive data
  • Cause apps or services to crash
  • Prevent users from accessing files
  • Introduce security vulnerabilities

🎯 On the LFCS exam, expect tasks involving chmod, chown, symbolic links, sticky bits, and default permission settings.

Understanding Permission Structure

Each file has a 10-character string that defines its type and permissions:

-rwxr-xr-- 1 user group 1024 Apr 10 10:00 script.sh

Breakdown:

  • - = file (or d for directory)
  • rwx = user (owner) permissions
  • r-x = group permissions
  • r-- = others (everyone else)

What the Characters Mean:

Character Meaning
r Read
w Write
x Execute
No permission

Using chmod to Change Permissions

Symbolic Mode:

chmod u+x script.sh     # Add execute for user
chmod g-w file.txt      # Remove write for group
chmod o=r file.txt      # Set read-only for others

Numeric (Octal) Mode:

Each permission has a value:

  • r = 4
  • w = 2
  • x = 1

So:

chmod 755 script.sh  # rwxr-xr-x
chmod 644 file.txt   # rw-r--r--

chown and chgrp: Changing Ownership

Use chown to change file owner:

chown alice file.txt

To change both owner and group:

chown alice:devs file.txt

Change group only:

chgrp devs file.txt

Use -R to apply changes recursively to directories:

chown -R alice:devs /project

The umask Default Permission Mask

When new files or directories are created, Linux applies default permissions minus the user’s umask.

To check your current umask:

umask

Common defaults:

  • Files: 666 – umask
  • Dirs: 777 – umask

Example:

umask 022    # Results in 644 for files, 755 for directories

To set it temporarily:

umask 027

Special Permission Bits

1. Sticky Bit (t)

Prevents users from deleting each other’s files (e.g., /tmp):

chmod +t /shared

2. Setuid (s)

Run file as file owner:

chmod u+s script.sh

3. Setgid (s)

Inherit group ownership in directory:

chmod g+s /project

Permissions Quiz: What Do These Mean?

Mode Meaning
777 Anyone can read/write/execute
644 Owner read/write, others read
700 Owner full access only
2755 Setgid + rwxr-xr-x
drwxrwxrwt Sticky bit + full dir perms

Practice Tasks

✅ Create a file with read/write for owner only:

touch secure.txt
chmod 600 secure.txt

✅ Change ownership and permissions on a folder:

mkdir /data
chown user:group /data
chmod 770 /data

✅ Add execute permissions to a script for all users:

chmod a+x runme.sh

Internal Links

External Links

 

 

FAQ

What does 755 mean in Linux permissions?

Owner can read/write/execute; group and others can read and execute.

Is chmod permanent?

Yes, until changed manually or by a script.

Can I use chmod recursively?

Yes. Use chmod -R to apply to all files and subfolders.

Will file permissions show up on the LFCS exam?

Yes! Expect hands-on tasks involving permission modification, ownership changes, and sticky/setuid/setgid bits.

 

 

Call to Action

🔐 Master file permissions to pass the LFCS—and protect your systems.

📘 Study with The Linux Command Line and practice commands daily.

🎓 Get certified at the Linux Foundation and take control of your Linux career.

facebookShare on Facebook
TwitterPost on X
FollowFollow us