student@ubuntu:~$
unix-foundations Lesson 5 10 min read

File Permissions

The 10-character permission string, chmod, and why 'permission denied' happens

Reading: Shotts, The Linux Command Line: pp. 113–130

Quick check before you start: Do you know what rwxr-xr-- means? If not, read on. If you can decode each character, skip to Symbolic vs Octal chmod.

Practice this topic: File Permissions skill drill

After this lesson, you will be able to:

  • Read and interpret the 10-character permission string
  • Explain what rwx means for files vs directories
  • Change permissions with chmod using symbolic and octal notation
  • Recognize common permission patterns (755, 644, 700)

The Permission String

Run ls -l and look at the first column:

ls -l hello.c
# -rw-r--r-- 1 student student 85 Jan 10 14:32 hello.c

That -rw-r--r-- is the permission string — 10 characters that control who can do what with this file.

Breaking It Down

- rw- r-- r--
│ │   │   │
│ │   │   └── others: r-- (read only)
│ │   └────── group:  r-- (read only)
│ └────────── owner:  rw- (read + write)
└──────────── type:   - (regular file)

The first character is the file type: - for regular file, d for directory, l for symbolic link.

The next nine characters are three groups of three:

Position Who Meaning
chars 2–4 owner (u) The user who owns the file
chars 5–7 group (g) Members of the file’s group
chars 8–10 others (o) Everyone else

Each group has three slots: r (read), w (write), x (execute). A dash means that permission is denied.

What rwx Means for Files vs Directories

The same letters mean different things depending on whether the target is a file or directory:

Permission On a file On a directory
r (read) View contents (cat, less) List contents (ls)
w (write) Modify contents Create/delete files inside
x (execute) Run as a program Enter with cd

A directory without x is locked — you cannot cd into it even if you can see its name.

Symbolic vs Octal chmod

chmod changes permissions. It has two notations.

Symbolic Notation

Target (u, g, o, a) + operator (+, -, =) + permission (r, w, x):

chmod u+x script.sh       # owner gets execute
chmod go-w secret.txt      # group and others lose write
chmod a+r readme.txt       # everyone gets read
chmod u=rwx,go=rx program  # owner: rwx, group+others: rx

Octal Notation

Each permission has a numeric value: r=4, w=2, x=1. Add them per group:

Octal Binary Permission
7 111 rwx
6 110 rw-
5 101 r-x
4 100 r–
0 000

Three digits, one per group (owner, group, others):

chmod 755 program     # rwxr-xr-x — executable, everyone can run
chmod 644 data.txt    # rw-r--r-- — owner edits, others read
chmod 700 private/    # rwx------ — only owner can access
chmod 600 secret.key  # rw------- — only owner can read/write

Common Patterns

Pattern Octal Use case
rwxr-xr-x 755 Compiled executables, public scripts
rw-r--r-- 644 Source code, text files
rwx------ 700 Private directories
rw------- 600 SSH keys, passwords
Check Your Understanding
After running chmod 644 report.txt, which of the following is true?
AThe owner can read, write, and execute the file
BThe owner can read and write; group and others can only read
CEveryone can read and write the file
DOnly the owner can access the file
Answer: B. Octal 644 means owner = 6 (rw-), group = 4 (r--), others = 4 (r--). The owner can read and write. Everyone else gets read-only access. There is no execute permission for anyone.

What Comes Next

You now control who can access your files. Next, you will learn how to redirect command output and connect programs with pipes.