Linux directory and file access permissions
Updated on December 20, 2025.
Why the subject of "permissions" is important in website maintenance?
In websites, users can read files, run scripts but their access to editing files is blocked or limited. In contrast to anonymous users, the website managers can edit, move and delete files. In Linux, accessibility to directories (folders) and files is limited by specific attributes of each entity. These attributes that grant or limit access to a file or a directory are called permissions.
Linux provides permissions for only three types of actions on files/directories. Permission for these three actions are abbreviated by a single letter and are assigned a numerical value:
| Permission | Abbr. | Value |
|---|---|---|
| Read | r | 4 |
| Write | w | 2 |
| Execute | x | 1 |
| None | - | 0 |
Practical meanings of the permissions
The permissions noted above provide access to three main types of entities in a computer. These include directories that contain files, files that can be read, and programs that can be executed. The table below summarizes how the permissions noted above apply to these three types of entities:
The first two permissions, Read and Write, are simple. If a file permission includes "r" its contents can be read. If the file permission includes "w", it can be written upon. If the file has both permissions then it can be both read and written upon.
The third permission "execute" can be understood to mean that a file is executable, and that it can be run as a program.
Users familiar with the Windows Operating system, know that files that can be run as a program must have a specific extension such as .com, .exe, or .bat.
In Linux, only files that have the "x" attribute can be executed. A file extension, if it exists, does not carry the meaning of "executability" as in Windows.
This then raises the question of what is the significance of the "execute" permission for a directory folder? For a directory, 'Execute' means the permission to enter/access the directory. If you want to block access to a directory, simply remove the x permission.
The following table summarizes permissions and associated actions:
| Entity | Permission | Action | Example command |
|---|---|---|---|
| Files | r | Read file content | cat |
| w | Modify file content | nano | |
| x | Run the file as a program or script | ||
| Directories | r | List directory content | ls |
| w | Create/delete files inside directory | mkdir, mv, rm | |
| x | Enter the directory | cd | |
| Programs | r | Read file content | |
| w | Modify file content | ||
| x | Run the program |
Assignment of permissions to users
How are the permissions assigned to the webmaster, user team, and a far away guest visiting the website?
Linux makes this permission assignment very simple. Linux recognizes only three categories of users with the following names:
- Owner
- Group
- Others
Each of these three types of users can be provided permissions for three types of ACTIONS noted above: Read, Write and Execute.
The permission profile for a single user is represented by a 3-letter string abbreviation and by the sum of the values of each permission. For example, the permission profile of a user who can read, write and execute a file will be rwx. In numeric values the total for this user will be 4+2+1=7.
| Permission names | Permission string | Numeric value |
|---|---|---|
| read, write, execute | rwx | 7 |
| read, write | rw- | 6 |
| read, execute | r-x | 5 |
| read | r-- | 4 |
| write, execute | -wx | 3 |
| write | -w- | 2 |
| execute | --x | 1 |
| none | --- | 0 |
Since each of the three user types (Owner, Group, Others) may have permission for three types of actions (Read, Write, Execute) on a specific file, each file and folder should have altogether nine (3×3=9) permission attributes covering all three types of users.
When we list the files in a Linux directory using the command ls -l, each line starts with a string of 10 characters. Example: -rwxrwxrwx. The first character in the string specifies the file type. A hyphen (-) specifies a regular file, and a d specifies a directory. The table below shows the symbols for different file types.
| Letter | File type |
|---|---|
| - (hyphen) | a regular file |
| d | a directory |
| l | a symbolic link |
| c | a character device file |
| b | a block device file |
| p | a named pipe (FIFO) |
| s | a socket |
The following nine characters in the string are the standard rwx permissions for the Owner, Group, and Others, respectively.