≡ Menu

UNIX / Linux: Beginners Guide to File and Directory Permissions ( umask, chmod, read, write, execute )

Unix file and directory permission is in the form of a 3×3 structure. i.e Three permissions (read, write and execute) available for three types of users (owner, groups and others).

In the output of ls -l command, the 9 characters from 2nd to 10th position represents the permissions for the 3 types of users.

-rw-r--r--  1 sathiya sathiya  272 Mar 17 08:22 test.txt

In the above example:

  • User (sathiya) has read and write permission
  • Group has read permission
  • Others have read permission

Three file permissions:

  • read: permitted to read the contents of file.
  • write: permitted to write to the file.
  • execute: permitted to execute the file as a program/script.

Three directory permissions:

  • read: permitted to read the contents of directory ( view files and sub-directories in that directory ).
  • write: permitted to write in to the directory. ( create files and sub-directories in that directory )
  • execute: permitted to enter into that directory.

Numeric values for the read, write and execute permissions:

  • read 4
  • write 2
  • execute 1

To have combination of permissions, add required numbers. For example, for read and write permission, it is 4+2 = 6.

Change File and Directory Permissions Using Chmod Command

You can use either the octal representation or symbolic representation to change the permission of a file or directory.

Octal representation for permissions:

  • First number is for user
  • Second number is for group
  • Third number is for others

For example, give read, write ( 4+2 = 6 ) to user and read ( 4 ) to group and others.

$ chmod 644 filename

For example, give read, execute ( 4 + 1 = 5 ) to user and read (4 ) to group, and nothing ( 0 ) to others.

$ chmod 540 filename

For example, give read, write ( 4 + 2 = 6 ) to user and nothing ( 0 ) to group, and read ( 4 ) to others.

$ chmod 604 filename

Umask 022 is Responsible for the default permission of a file

The default umask value is 0022, which decides the default permission for a new file or directory. Default permission for a directory is 0777, for files the permissions are 0666 from which the default umask value 0022 is deducted to get the newly created files or directory permission.

Final default permission for a file is calculated as shown below:

  • Default file permission: 666
  • Default umask : 022
  • Final default file permission: 644

Final default permission for a directory is calculated as shown below:

  • Default directory permission: 777
  • Default umask: 022
  • Final default directory permission: 755

You can change the umask value to appropriate value of what you need based upon the above calculation. For example, if you don’t want anybody other than the user (owner) to do anything on the file or directory then you can give umask as 0077.

$ umask 0077

After this, if you create a file or directory, it will have permissions only for the user as shown below:

$ > testfile
$ ls -l testfile
-rw------- 1 sathiya sathiya 0 Mar 17 08:23 testfile

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

{ 16 comments… add one }

  • roko April 5, 2010, 7:32 am

    Hi! Thanks for the clear explanation on using umask :-)

  • Anurag Rana April 7, 2010, 9:58 am

    thanks …. i m learning some thing atleast ..in easy steps ..and clearly..

  • krushna December 28, 2010, 7:22 am

    Really Superb.Thanks for sharing with us.The best part of your writing is the examples. Could you provide documentation on configuring LDAP which I badly need.No step by step guide are available in net.

  • GeeK September 17, 2011, 3:24 am

    hi…nice article…..
    i want to know can we change the default permission of a directory “777”……
    i am just wondering what will happen if let say default permission is 755 and then we set umask as 666 what will then be the final default permission ?

  • Gaurav December 28, 2011, 4:29 am

    HI , Brilliant notes. Hope you contunue to enrich our knowledge

  • Anonymous January 23, 2012, 7:13 pm

    sorry for being the dumb one here, but is there a way to add execute to file permissions? I know you can, but the assignment is asking to add them with umask.
    Say the default is rw-rw-rw- for files, I am being asked to use umask to make the following..

  • SARMA January 24, 2012, 5:01 am

    THANK U SO MCH

  • Ankit Gupta September 25, 2012, 5:27 am

    Good basic article

  • Naveen October 31, 2012, 4:07 am

    Hi,

    I have a doubt. Let’s say i dont have write permission for a folder “xyz”.
    I have an application running that will try to write a file to this folder.
    So now, WIll it thrown any exception or it will write to tmp space?

    Please help me with this question.

    Thanks in advance,
    Naveen.

  • Anonymous March 19, 2013, 4:31 am

    thanks! this article explained in one page better than what a load of other articles have failed to explain in 10

  • Manoranjan May 7, 2013, 1:54 am

    Hi,
    It’s really a nice post and very much helpful for beginer like me. Thanks a lot!!

  • Chung Nguyen July 18, 2013, 10:49 pm

    Good article, thank you very much.
    And how to change umask recursive for folder

  • Nader Hussain August 14, 2013, 7:33 pm

    Here are some easy ways to understand chmod numbers.
    For letters, it is, ugo.

    For numbers, it is as follows.
    0 – nothing
    1 – execute
    2 – write
    4 – read

    Execute, write, read is the order. Think of it as them following an order of need of people to undertake a given task.

    1 person to execute a program.
    2 people to write an article.
    4 people to read a story in a library.

    Another way to remember these numbers and their order is, Execute the right to read.
    “Right” is in place of, “write”.

    Examples:
    chmod 777 foo
    -rwxrwxrwx

    chmod 142 foo
    —xr—w-

    chmod 624 foo
    -rw—xr–

    chmod 661 foo
    -rw-rw—x

  • Akhilesh Balakrishnan September 25, 2013, 11:18 pm

    Just to add one more point, how the numbers 4,2 and 1 derived resepctively for read write execute. In the 3×3 structure ( 101 101 101), the first three bits are for users.
    If its 111, then it indicates, user(owner) has all bits enabled on the file/folder. 1 at the first position indicates read, the next 1 for write, then the last one for execute.
    So if the user(owner) needs ONLY read access to a file, then it will be 100. If you convert the binary100 to it corresponding decimal it will be
    1*2^2 + 0*2^1 + 0*2^1 = 4. Similarly if ONLY need write permission then 010, which will be ( 0*2^2 + 1*2^1 + 0*2^0 = 2) number two(2) in decimal system. For read write combination on a file it will be turning on the corresponding bits, ie 110 = ( 1*2^2 + 1*2^1 + 0*2^0 = 6) decimal number 6.

  • kiran November 13, 2013, 8:06 pm

    very informative for resolving problems.

  • ammar September 13, 2014, 2:54 am

    Hi,

    I have a group named ftp and a user ranging from user1-8 and 2 admin users all part of the group. Now i want only 2 admins to delete files and rest of the users should have read and write permission. how tackle this.

Leave a Comment