█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/DevOps and Infrastructure/Linux and the Command Line/File Permissions
35 minBeginner

File Permissions

After this lesson, you will be able to: Read and modify Linux file permissions: rwx, the octal model, ownership with chown, and when to use sudo.

File permissions are the most-misunderstood part of Linux. Master them and most 'permission denied' headaches vanish.

Prerequisites:Essential Commands

Read, Write, Execute × User, Group, Other

Every file has nine permission bits, three groups of three: Owner (the user who owns it) read/write/execute. Group (the group that owns it) read/write/execute. Other (everyone else) read/write/execute. `ls -l` shows them as `-rwxr-xr--`. The first char is file type (`-` regular, `d` directory, `l` symlink).

Decoding ls -l output

Read this line by line until the format clicks.

bash
$ ls -l deploy.sh
-rwxr-xr-- 1 alex devs 4096 Mar 12 14:33 deploy.sh
# Breakdown:
# - regular file (d = dir, l = symlink)
# rwx owner can read, write, execute
# r-x group can read, execute (not write)
# r-- other can read only
# 1 number of hard links
# alex owner user
# devs owner group
# 4096 size in bytes
# Mar 12 14:33 last modified time
# deploy.sh filename

The octal model

Each permission position is a bit: r=4, w=2, x=1. Add them per role. `chmod 755` = owner: 7 (4+2+1=rwx), group: 5 (4+1=r-x), other: 5 (r-x). The default for executables. `chmod 644` = owner: 6 (rw-), group: 4 (r--), other: 4 (r--). The default for non-executable files. `chmod 600` = owner: rw-, group: ---, other: ---. The default for secrets (SSH keys, env files). Memorise 755, 644, 600. You'll use them daily.

chmod, chown, and sudo

The three commands you'll use to fix 99% of permission problems.

bash
chmod 755 script.sh # set permissions (octal)
chmod +x script.sh # add execute for everyone
chmod u+x script.sh # add execute for owner only
chmod o-r secrets.txt # remove read for 'other'
chmod -R 644 dir/ # recursive
chown alex file.txt # change owner
chown alex:devs file.txt # change owner AND group
chown -R www-data:www-data /var/www
sudo command # run command as root (admin)
sudo -i # become root shell (use sparingly)
sudo -u alice command # run as different user

💡 Why sudo, not 'just become root'

Sudo logs every command (in /var/log/auth.log) and lets you grant fine-grained privilege via /etc/sudoers. Running as root all the time = no audit trail + one typo = catastrophe. Real ops shops disable root login over SSH entirely (PermitRootLogin no in sshd_config); admins log in as themselves and `sudo` for specific commands.

Common mistakes only experienced ops engineers avoid

`chmod 777 file.txt` to 'fix' a permission issue. Never the answer in production. SSH key with 644 permissions. OpenSSH refuses to use it (must be 600). Editing files in `/etc` as a normal user, then `sudo cp` over (loses ownership). Edit with `sudo nano /etc/...` directly. Forgetting that directory `x` permission controls 'can enter the directory', NOT 'execute as a program'. Granting full sudo to deploy users (instead of specific commands in /etc/sudoers.d/).

Quick Check

Your SSH connection fails with 'Permissions are too open' on ~/.ssh/id_rsa. What fix?

Pick the correct command.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←Essential Commands
Back to Linux and the Command Line
Processes and systemd→