Skip to content

Shell Scripting for Beginners

File Permissions

KirkYagami/shell-scripting-for-beginners

File Permissions Cheat Sheet¶

Understand and change who can read, write, and execute files.

Reading Permission Strings¶

-rwxr-xr-x  1  user  group  4096  Jan 15  file.sh
│└──┘└──┘└──┘
│  │   │   └── Other (everyone else)
│  │   └────── Group
│  └────────── User (owner)
└───────────── File type

Permission Characters¶

Char	Position	Meaning
`r`	Any	Read permission
`w`	Any	Write permission
`x`	Any	Execute permission
`-`	Any	Permission not set
`d`	First	Directory
`l`	First	Symbolic link
`-`	First	Regular file
`s`	User x	Setuid
`s`	Group x	Setgid
`t`	Other x	Sticky bit

`chmod` — Symbolic Mode¶

chmod u+x file     # add execute for owner
chmod g-w file     # remove write for group
chmod o=r file     # set other to read only (exactly)
chmod a+r file     # add read for all (user, group, other)
chmod +x file      # add execute for all (shorthand)
chmod -R 755 dir/  # recursive

Letters: u=user/owner, g=group, o=other, a=all Operators: +=add, -=remove, ==set exactly

`chmod` — Numeric (Octal) Mode¶

r=4, w=2, x=1   → add them for each group

Octal	String	Meaning
`7`	`rwx`	Full access
`6`	`rw-`	Read and write
`5`	`r-x`	Read and execute
`4`	`r--`	Read only
`0`	`---`	No access

Common Permission Modes¶

Mode	String	Use case
`755`	`rwxr-xr-x`	Scripts, directories
`644`	`rw-r--r--`	Config files, docs
`600`	`rw-------`	SSH keys, secrets
`700`	`rwx------`	Private directories
`777`	`rwxrwxrwx`	Temporary scratch (avoid)
`1777`	`rwxrwxrwt`	`/tmp` — sticky bit

chmod 755 script.sh
chmod 644 config.txt
chmod 600 ~/.ssh/id_rsa
chmod -R 755 ~/scripts/

`chown` — Change Ownership¶

chown alice file.txt              # change owner
chown alice:devs file.txt         # change owner and group
chown :devs file.txt              # change group only
chown -R alice:devs dir/          # recursive

`chgrp` — Change Group¶

chgrp developers file.txt
chgrp -R developers project/

Special Bits¶

# Setuid — run as file owner, not executing user
chmod u+s /usr/bin/passwd   # chmod 4755

# Setgid — run as group owner; or inherit group for new files in dir
chmod g+s shared_dir/       # chmod 2755

# Sticky bit — only owner can delete in shared directory
chmod +t /tmp               # chmod 1777

View Permissions¶

ls -la                   # long listing with permissions
ls -la file.txt          # single file
stat file.txt            # detailed file info including octal mode
stat -c "%a %n" file.txt # octal mode and filename only

Default Permissions: `umask`¶

umask sets the bits removed from new files. Default is usually 022:

File default:   666 (rw-rw-rw-)
umask:        - 022
Result:         644 (rw-r--r--)

Directory default: 777 (rwxrwxrwx)
umask:           - 022
Result:            755 (rwxr-xr-x)

umask              # show current umask
umask 027          # set umask (group no write, others no access)
umask 0027         # same, in octal notation

Related: find (search by permissions), variables-quoting