UNIX / Linux: Beginners Guide to File and Directory Permissions ( umask, chmod, read, write, execute )

by SathiyaMoorthy on April 5, 2010

Unix file and directory permission is in the form of a 3×3 structure. i.e Three permissions (read, write and execute) available for three types of users (owner, groups and others).

In the output of ls -l command, the 9 characters from 2nd to 10th position represents the permissions for the 3 types of users.

-rw-r--r--  1 sathiya sathiya  272 Mar 17 08:22 test.txt

In the above example:

  • User (sathiya) has read and write permission
  • Group has read permission
  • Others have read permission

Three file permissions:

  • read: permitted to read the contents of file.
  • write: permitted to write to the file.
  • execute: permitted to execute the file as a program/script.

Three directory permissions:

  • read: permitted to read the contents of directory ( view files and sub-directories in that directory ).
  • write: permitted to write in to the directory. ( create files and sub-directories in that directory )
  • execute: permitted to enter into that directory.

Numeric values for the read, write and execute permissions:

  • read 4
  • write 2
  • execute 1

To have combination of permissions, add required numbers. For example, for read and write permission, it is 4+2 = 6.

Change File and Directory Permissions Using Chmod Command

You can use either the octal representation or symbolic representation to change the permission of a file or directory.

Octal representation for permissions:

  • First number is for user
  • Second number is for group
  • Third number is for others

For example, give read, write ( 4+2 = 6 ) to user and read ( 4 ) to group and others.

$ chmod 644 filename

For example, give read, execute ( 4 + 1 = 5 ) to user and read (4 ) to group, and nothing ( 0 ) to others.

$ chmod 540 filename

For example, give read, write ( 4 + 2 = 6 ) to user and nothing ( 0 ) to group, and read ( 4 ) to others.

$ chmod 604 filename

Umask 022 is Responsible for the default permission of a file

The default umask value is 0022, which decides the default permission for a new file or directory. Default permission for a directory is 0777, for files the permissions are 0666 from which the default umask value 0022 is deducted to get the newly created files or directory permission.

Final default permission for a file is calculated as shown below:

  • Default file permission: 666
  • Default umask : 022
  • Final default file permission: 644

Final default permission for a directory is calculated as shown below:

  • Default directory permission: 777
  • Default umask: 022
  • Final default directory permission: 755

You can change the umask value to appropriate value of what you need based upon the above calculation. For example, if you don’t want anybody other than the user (owner) to do anything on the file or directory then you can give umask as 0077.

$ umask 0077

After this, if you create a file or directory, it will have permissions only for the user as shown below:

$ > testfile
$ ls -l testfile
-rw------- 1 sathiya sathiya 0 Mar 17 08:23 testfile

Linux Sysadmin Course Linux provides several powerful administrative tools and utilities which will help you to manage your systems effectively. If you don’t know what these tools are and how to use them, you could be spending lot of time trying to perform even the basic administrative tasks. The focus of this course is to help you understand system administration tools, which will help you to become an effective Linux system administrator.
Get the Linux Sysadmin Course Now!

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

{ 15 comments… read them below or add one }

1 roko April 5, 2010 at 7:32 am

Hi! Thanks for the clear explanation on using umask :-)

2 Anurag Rana April 7, 2010 at 9:58 am

thanks …. i m learning some thing atleast ..in easy steps ..and clearly..

3 krushna December 28, 2010 at 7:22 am

Really Superb.Thanks for sharing with us.The best part of your writing is the examples. Could you provide documentation on configuring LDAP which I badly need.No step by step guide are available in net.

4 GeeK September 17, 2011 at 3:24 am

hi…nice article…..
i want to know can we change the default permission of a directory “777″……
i am just wondering what will happen if let say default permission is 755 and then we set umask as 666 what will then be the final default permission ?

5 Gaurav December 28, 2011 at 4:29 am

HI , Brilliant notes. Hope you contunue to enrich our knowledge

6 Anonymous January 23, 2012 at 7:13 pm

sorry for being the dumb one here, but is there a way to add execute to file permissions? I know you can, but the assignment is asking to add them with umask.
Say the default is rw-rw-rw- for files, I am being asked to use umask to make the following..

7 SARMA January 24, 2012 at 5:01 am

THANK U SO MCH

8 Ankit Gupta September 25, 2012 at 5:27 am

Good basic article

9 Naveen October 31, 2012 at 4:07 am

Hi,

I have a doubt. Let’s say i dont have write permission for a folder “xyz”.
I have an application running that will try to write a file to this folder.
So now, WIll it thrown any exception or it will write to tmp space?

Please help me with this question.

Thanks in advance,
Naveen.

10 Anonymous March 19, 2013 at 4:31 am

thanks! this article explained in one page better than what a load of other articles have failed to explain in 10

11 Manoranjan May 7, 2013 at 1:54 am

Hi,
It’s really a nice post and very much helpful for beginer like me. Thanks a lot!!

12 Chung Nguyen July 18, 2013 at 10:49 pm

Good article, thank you very much.
And how to change umask recursive for folder

13 Nader Hussain August 14, 2013 at 7:33 pm

Here are some easy ways to understand chmod numbers.
For letters, it is, ugo.

For numbers, it is as follows.
0 – nothing
1 – execute
2 – write
4 – read

Execute, write, read is the order. Think of it as them following an order of need of people to undertake a given task.

1 person to execute a program.
2 people to write an article.
4 people to read a story in a library.

Another way to remember these numbers and their order is, Execute the right to read.
“Right” is in place of, “write”.

Examples:
chmod 777 foo
-rwxrwxrwx

chmod 142 foo
—xr—w-

chmod 624 foo
-rw—xr–

chmod 661 foo
-rw-rw—x

14 Akhilesh Balakrishnan September 25, 2013 at 11:18 pm

Just to add one more point, how the numbers 4,2 and 1 derived resepctively for read write execute. In the 3×3 structure ( 101 101 101), the first three bits are for users.
If its 111, then it indicates, user(owner) has all bits enabled on the file/folder. 1 at the first position indicates read, the next 1 for write, then the last one for execute.
So if the user(owner) needs ONLY read access to a file, then it will be 100. If you convert the binary100 to it corresponding decimal it will be
1*2^2 + 0*2^1 + 0*2^1 = 4. Similarly if ONLY need write permission then 010, which will be ( 0*2^2 + 1*2^1 + 0*2^0 = 2) number two(2) in decimal system. For read write combination on a file it will be turning on the corresponding bits, ie 110 = ( 1*2^2 + 1*2^1 + 0*2^0 = 6) decimal number 6.

15 kiran November 13, 2013 at 8:06 pm

very informative for resolving problems.

Leave a Comment

Previous post:

Next post: