blog-image

Jul 05, 2018

17 min read

Linux permissions: making sense of 755 and rwxr-xr-x

Written by

Vippy The VPS
Understanding Linux permissions might seem like a near-impossible task—what does 755 or u=rwx,g=rw,o=r mean, anyway?—but it’s actually easier than you think. Let’s take a look. Linux is a multi-user operating system that can be accessed by many users simultaneously. This might make you to think that a user can manipulate files and directories of another user, but all Linux operating systems protect filesystems under two levels of authorization—ownership and permission—to prevent unauthorized access to the filesystem in an effective and easy manner.

Owners of files, directories, and processes

Before we try to explore who are the owners of files and directories, let’s get an overview of user types in Linux. In Linux, there are two types of users, system users and regular users. System users are created by the operating system itself and are used to manage background processes. We generally create regular users to create and run processes interactively through a GUI or terminal. Besides these two types of users, there is a superuser by the name root, which has access to entire system to manage and override any settings in the system. In Linux, the owners of the files, directories and processes will be assigned to these three types of users: regular, system, or root. Before we try to explore what permissions can be assigned to these three types of users, let’s try to understand the types of permission that are available in Linux. [cta_inline]

What Linux permissions types are there?

There are two levels of permissions assigned to the files, directories, and processes in Linux. The first one is permission groups, which is otherwise referred to as the ownership. The second one is permission types, which can be read, write, or execute.

Permission groups

For every file and directory in Linux, there are the sets of users for whom we specify permissions. They are:
  • Owners
  • Groups
  • Others
Owners: The user who creates a file, folder, or process is the owners. Groups: Groups refers to anyone who is in the same group as the owner. Others: Any user who is neither the owner of the file/directory and doesn’t belong to the same group is assigned to others group.

Permission types

What operations can each of the above three user groups can do is defined by permission types. There are three basic permission types that can be assigned to three groups of users and they are read (r) , write (w), and execute (x).

What do read, write and execute mean for files and directories ?

For files:
  • Read is the ability to view the contents of a file.
  • Write is the ability to edit or delete a file.
  • Execute is the ability to run a file as an executable program.
For directories:
  • Read is the ability to read the contents of a directory.
  • Write is the ability to write into the directory, like creating files and sub-directories inside a directory.
  • Execute is the ability to cd into the directory and to view the metadata of the files inside the directory using ls command.
[cta_inline]

How do I find the permissions of a file?

Let’s try to find the permissions of files and directories. To find the permissions that is already assigned to files or directories, use ls command with -l switch.
$ ls -l
drwxr-xr-x  3 dd users   4096 Jun  10 08:01 Pictures
...
...
The first ten characters in the format drwxrwxrwx, represents the permissions for all the three classes of users. Let’s try to understand what each of these letters means. The first character, d, signifies that the file is a directory. This position can be blank(-) or any of the following characters:
c: Character device
b: Block device
s: socket
p: pipe
D:
Continue reading this article
by subscribing to our newsletter.
Subscribe now

A note about tutorials: We encourage our users to try out tutorials, but they aren't fully supported by our team—we can't always provide support when things go wrong. Be sure to check which OS and version it was tested with before you proceed.

If you want a fully managed experience, with dedicated support for any application you might want to run, contact us for more information.