Linux file permissions can be confusing for anyone not familiar with them, especially as they are often listed as something that looks like 644 or drwxr-xr-x which to the untrained eye may look like random characters.




File permissions may be listed in one of two ways, either via letters or via numbers. I will explain what both of these mean and how to read them below. One constant between the two is that they are always written in the order Owner, Group then Other. So the first part applies to the owner of the file, the second part applies to the group the file is owned by and the third part applies to everyone else (people that are neither the owner or in the group that the file belongs to).

Numeric Permissions

Numeric permissions are written as a set of 3 numbers, as explained above these three figures refer to the permissions for the owner, group and then everyone else. The way it works is each level of access is given a number and then those numbers are added together to make the final value. These values are:

0 - No Access 1 - Execute 2 - Write 4 - Read

So if a file was owned by you and you wanted to have full access to the file, other people in your group should read the file and everyone else are not allowed to do anything, the file would have the permission of 740.

So lets have a look at the numbers. First we have your permission: 7. This is because Execute (1) + Write (2) + Read (4) = 7. The group permission is 4 because Read = 4. Everyone else has a value of 0 which means no access. Another example is if you wanted yourself and other users in your group to have full access to a file or folder, while everyone else had only read access, you would set it to 774 (or 775 if you wanted it to be executable too, needed for scripts).

Written Permissions

These are shown more clearly because you get to see the letters instead which are almost self explanatory:

d - Directory r - Read w - Write x - Executable

So using the same example as before (a file was owned by you and you wanted to have full access to the file, other people in your group should read the file and everyone else are not allowed to do anything) would look like -rwxr----.

Breaking this down, it has 4 sections d | rwx | rwx | rwx. The first section you can ignore because it simply shows if it is a directory or not, the second section shows the owner's permissions, the third section shows the group's permissions and the fourth section shows what access everyone else has. If a value shows '-' instead of drwx then it simply means that user doesn't have that permission. So another example for you is drwxrwxr-x which means that this is a directory that everyone has read and execute permissions for, but only the owner and the group may write to this folder (note in the third section the 'w' has been replaced with '-').


Execute permissions, for anyone that isn't familiar with the term, means that if it's a script or program, that they are allowed to 'run' it. The user will receive an 'Access Denied' type message if they try to execute a file that they do not have execute permissions on.

After you have used these permissions a little you will find that it becomes easy to work with but memorising the numeric version can take a little while if you don't use them frequently.