We can determine the permissions of a file by looking at the mode bits of that file.

Mode Bits Structure

The mode bits structure of files and directories:

Option Meaning
r Read permission.
w Write permission.
x Execute permission.

Permissions of Directory and File

Let’s take a look at the default permissions for the newly created files and directories:

1
2
3
touch mode_bits_file
mkdir mode_bits_dir
ll | grep 'mode_bits*'
img

Directory Permissions

As we can see from the following table, the directory is:

  • readable, writable and executable to the user: the user called root;
  • readable and executable to the group: everyone in the root group;
  • readable and executable to others: other users.
User Group Others
rwx r-x r-x

Without execute permission, we can’t access the directory.

Without write permission, we can’t add new files or delete existing files in a directory.

File Permissions

As we can see from the following table, the file is:

  • readable and writable to the user: the user called root;
  • readable to the group: everyone in the root group;
  • readable to others: other users.
User Group Others
rw- r– r–

Symbolic Modes

We can set permissions for users, groups, others, and everyone in symbolic mode.

Permissions Assignment

We can assign read, write, and execute permissions to the file owner, file group, others or everyone through the plus, equal sign operator, or remove the appropriate permissions from the user by the minus sign operator:

Users Operation Permissions
ugoa +-= rwx

Users

There are four users, file’s owner, file’s group, others, and all:

User Meaning
u Owner of the file
g Group of the file
o Any other users
a All users, this is equivalent to ugo

Operations

There are three actions, append, remove, and assign:

Operation Meaning
+ Append the permission(s) to user(s)
- Remove the permission(s) from user(s)
= Assign the permission(s) to user(s)

Permissions

There are three permissions, read, write, and execute, respectively:

Permission Meaning
r Readable or Viewable permission
w Writable or Editable permission
x Executable or Runnable permission

Copying Permissions

We can append the permissions of the user after the addition symbol to the permissions of the user before the addition symbol:

Copy To Operation Copy From
ugoa + ugoa

Changing Special Mode Bits

Set User or Group ID Mode Bit

Users Operation Copy From
uga +- s

Impact on Directories

If a directory has the group id set up, the files created in this directory belong to the group of the directory, but setting the user id does not seem to have much effect. A child directory created in this directory inherits the group to which the parent directory belongs and also inherits the special mode bit set group id.

Impact on Programs or Files

If a program is set up with user id, then whoever executes it, the operator is always the owner of the program. If a program is set up with group id, then no matter who executes it, the runtime group is always the group to which the application belongs.

Set Restricted Deletion Flag or Sticky Bit

If we don’t want the files we created to be deleted by others; we can add a special mode bit the so-called sticky bit to the permission of the directory containing those files:

User Operation Flag
o (This is optional) +-= t

A file in the flagged directory can only be deleted by the root user, the owner of the directory and the file’s owner.

Making Multiple Changes

We can use commas to separate multiple actions that change permissions:

1
u+r,g+w,o-x    # Readable to the owner, writable to the group, executable to others.

Numeric Modes

Linux also gives us another way to change user permissions more quickly. We can provide a range of numbers to represent their corresponding permissions. A complete numeric model has four digits

Special Mode Bits

The first digit represents a special mode bit:

Mode Mode Bit
4000 Set User ID
2000 Set Group ID
1000 Restricted delete flag or sticky bit

The Owner of the File

The second digit represents the owner of the file:

Mode Mode Bit
0400 Readable or Viewable to owner
0200 Writable or Controllable to owner
0100 Executable or Accessible to owner

Usually only displayed as 400, 200 and 100.

The Group of the File

The third digit represents the group of the file:

Mode Mode Bit
0040 Readable or Viewable to users belonging to the file’s group
0020 Writable or Controllable to users belonging to the file’s group
0010 Executable or Accessible to users belonging to the file’s group

Usually only displayed as 40, 20 and 10.

Others

The fourth digit represents for others:

Mode Mode Bit
0004 Readable or Viewable to other users
0002 Writable or Controllable to other users
0001 Executable or Accessible to other users

Usually only displayed as 4, 2 and 1.

When used, the preceding zeros are usually removed. Next, we’ll show you how to use most of the mode bits listed above.

References 27 File permissions, 27.1 Structure of File Mode Bits, 27.2 Symbolic Modes, 27.3 Numeric Modes, 27.4 Operator Numeric Modes, 27.5 Directories and the Set-User-ID and Set-Group-ID Bits

Buy me a coffeeBuy me a coffee