Skip to content

Managing User Access Permissions

Permissions: Types

Linux employs a flexible permission system that helps control who can interact with files and directories and how. This greatly enhances system security.

Only the superuser root has full control over the entire system, which is why using root for everyday tasks is considered risky: any mistake can cause serious damage. Regular users, by default, can work only in their home directories and have no access to system files, preventing accidental or malicious changes.

For each file or directory, three types of permissions are defined:

  • r (read) – reading,
  • w (write) – writing (changing content),
  • x (execute) – executing (for files) or entering (for directories).

These permissions apply to three user categories:

  1. Owner – the user who owns the file (usually the creator).
  2. Group – a set of users in a group; they receive shared permissions on the file.
  3. Others – all remaining users not in the first two categories.

Each category can have its own independent set of permissions.

Permissions are expressed in two ways:

  • Alphanumeric format: e.g., rwxr-xr--.
  • Numeric format: each permission is encoded as a number (read = 4, write = 2, execute = 1), and the sum gives the final value.
    For example, 7 = 4+2+1 = rwx.

The numeric value is written in the order owner, group, others.
Thus, 755 (rwxr-xr-x) means:

  • The owner can read, write, and execute (or enter the directory).
  • Everyone else can read and execute (or view directory contents and enter it).

Typical permission examples:

  • 600 (rw-------) – only the owner can read and edit the file.
  • 644 (rw-r--r--) – the owner edits; others can only read.
  • 700 (rwx------) – full access only for the owner.
  • 755 (rwxr-xr-x) – the owner can do everything; others can only view and use (execute files or enter directories).

Note

Pay special attention to directory permissions: to allow a user to see not just the list of files but also their attributes (e.g., size or owner), they need at least read + execute r-x (i.e., 5). Read‑only r-- lets them see file names but not their properties, and without execute x they cannot even cd into the directory.

Configuring Permissions

Configuring Permissions via SSH

File and directory permissions in Linux are managed with the chmod command. There are two primary ways to use it.

Method 1: Numeric (Absolute) Mode

In this method, you immediately set the full set of permissions for all three user categories—owner, group, and others—using a three‑digit number.

Command format:

chmod XXX object_name

Examples:

  • chmod 755 test.php – the owner receives full rwx rights, while group and others get only read and execute (r-x).
  • chmod 644 test.php – the owner can read and edit; others can only read.
  • chmod 755 dir – similar rights for a directory.

To apply permissions recursively to all files and subdirectories within a folder, use the -R flag:

chmod -R 755 *

Note

Be careful with -R—the command will change permissions on all contents of the directory, including nested folders and files.

Method 2: Symbolic (Relative) Mode

Here you modify only the needed portion of permissions without touching the rest. This is handy for small tweaks.

Command format:

chmod [category][operation][permissions] object_name

Categories:

  • u – owner (user)
  • g – group
  • o – others
  • a – all

Operations:

  • + – add a permission
  • - – remove a permission
  • = – set an exact value (removing others)

Permissions are specified as r, w, x (e.g., rx, not r-x).

Examples:

  • chmod g+rx test.php – allow the group to read and execute the file.
  • chmod g-w test.php – deny the group write access.
  • chmod o-rw test.php – remove read and write for others.
  • chmod go+rx dir1 – give group and others permission to view and enter the directory.
  • chmod -R go+r new_directory – recursively allow group and others to read all files and directories inside new_directory.

This method is more flexible and safer, especially when it’s important not to disturb existing permissions.

Configuring Permissions via an FTP Client

Changing and setting permissions is also very convenient with an FTP client. Let’s walk through the process using the free FileZilla client.

  1. Connect to the server and select the desired file or directory.
  2. Right‑click and choose File Permissions… from the context menu.
  3. Set the required permissions.

Viewing Current Permissions

To view assigned permissions, use the ls command.

Permissions for files in the current directory:

username@server:~/my_directory$ ls -l

Permissions for a specific file or directory (e.g., text.doc or dir1):

ls -l text.doc
ls -l dir1

Permissions for files in all nested subdirectories of the current directory:

ls -Rl

Note

Do not close the current SSH session until you have verified that the new one works. Otherwise, you may lose access to the server.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×