Linux directory and file access permissions
Updated on December 20, 2025.
Why the subject of "permissions" is important in website maintenance?
In websites, users can read files, run scripts but their access to editing files is blocked or limited. In contrast to anonymous users, the website managers can edit, move and delete files. In Linux, accessibility to directories (folders) and files is limited by specific attributes of each entity. These attributes that grant or limit access to a file or a directory are called permissions.
Linux provides permissions on only three types of actions on files/directories. Permission for these three actions are abbreviated by a single letter and are assigned a numerical value:
| Permission | Abbr. | Value |
|---|---|---|
| Read | r | 4 |
| Write | w | 2 |
| Execute | x | 1 |
| None | - | 0 |
The first two permissions, Read and Write, are simple. If a file permission includes "r" it can be read. If the file permission includes "w", it can be written upon. If the file has both permissions then it can be both read and written upon.
The third permission "execute" can be understood to mean that a file is executable, and that it can be run as a program.
Users familiar with the Windows Operating system, know that files that can be run as a program in Windows must have a specific extension such as .com, .exe, or .bat.
In Linux, only files that have the "x" attribute can be executed. A file extension, if it exists, does not carry the meaning of "executability" as in Windows.
This then raises the question of what is the significance of the "execute" permission for a directory folder? For a directory, 'Execute' means the permission to enter/access the directory. If you want to block access to a directory, simply remove the x permission.
Now how are the permissions assigned to the webmaster, user team, and a far away guest visiting the website?
Linux makes this permission assignment very simple. Linux recognizes only three categories of users with the following names:
- Owner
- Group
- Others
Each of these three types of users can be provided permissions for three types of ACTIONS noted above: Read, Write and Execute.
The permission profile for a single user is represented by a 3-letter string abbreviation and by the sum of the values of each permission. For example, the permission profile of a user who can read, write and execute a file will be rwx. In numeric values the total for this user will be 4+2+1=7.
| Permission names | Permission string | Numeric value |
|---|---|---|
| read, write, execute | rwx | 7 |
| read, write | rw- | 6 |
| read, execute | r-x | 5 |
| read | r-- | 4 |
| write, execute | -wx | 3 |
| write | -w- | 2 |
| execute | --x | 1 |
| none | --- | 0 |
Each of the three user types (Owner, Group, Others) has permission for three types of actions (Read, Write, Execute) on a specific file. Thus, each file and folder should have altogether nine (3×3=9) permission attributes covering all three types of users.
When we list the files in a Linux directory using the command ls -l, each line for a file or directory starts with a string of 10 characters.
The first character in the 10-character string specifies the file type. This character can be one of the following:
| Letter | File type |
|---|---|
| - (hyphen) | a regular file |
| d | a directory |
| l | a symbolic link |
| c | a character device file |
| b | a block device file |
| p | a named pipe (FIFO) |
| s | a socket |
The remaining nine characters are the standard rwx permissions for the owner, group, and others, respectively.