Consent to the use of Personal Data and Cookies

This website needs your consent to use cookies in order to customize ads and content.

If you give us your consent, data may be shared with Google.

File permissions in Unix-like systems

Understanding file permissions in Unix / Linux based systems, and how to make files immutable.


By. Jacob

Edited: 2023-01-19 09:38

You do not have to remember permissions for the chmod command; Linux / UNIX permissions has a system to them that makes it easier to figure out how to arrive at various configurations, so simply by remembering the following:

  1. read (r) = 4
  2. write (w) = 2
  3. execute (x) = 1
  4. no permission = 0

You should be able to deduce the correct chmod number for the specific configurations. For example, 4+2 = read and write

, and 4+2+1 = read, write and execute.

Setting permissions

Permissions is mainly controlled with chmod and chown. The following sections deals with some common configurations.

Apache and Nginx

Permissions for a web server root would be 0775 while www-data is the owner, as well as the group; you can adopt this configuration recursively by using the -R parameter:

chown www-data:www-data -R /var/www
chmod 775 -R /var/www

Key files for connecting with ssh / SFTP

Permissions for ssh key files would be 0400. E.g:

chmod 400 $USER/keyfiles/my-key-file.pem

Understanding unix Permissions

4+2 = 6 read and write
4+1 = 5 read and execute
4+2+1 = 7 read, write, and execute
2+1 = 3 write and execute
400 owner has read access, everyone else has nothing. Used for ssh key files.
755 full access to owner, everyone else only has read and execute.
775 full access to owner and group, everyone else only has read and execute.

The order is: owner (7)|group (7)|others (5). E.g.: chmod 775 -R /var/www, which is commonly used for web servers.

Strange permission combinations

The careful observer will have noticed examples like 2+1 = 3, making it possible to do things like chmod 333 some-file-path; this allows you to make a file writable and executable but not readable. This is useful on directories, for example, and will allow users to write a file to a directory, but not read files from it.

The fact that a file is executable does not automatically grant read access to the file. Binaries will be executable without being readable, but bash scripts will need both to be readable and executable. This is because /bin/bash needs to read the file in order to execute it – note there may be loopholes to such limitations, but it is beyond the point of this article.

File permissions are not inherited, so the permissions on a directory is not passed on to files inside the directory. You can however change permissions recursively (-R). E.g:

chown www-data:www-data -R /var/www
chmod 775 -R /var/www

Making files unmodifiable, even to root

Files can be made immutable, which means that not even the root user will be able to modify or delete the file until the immutable attribute is removed. This is done with the chattr command. E.g to add immutable +i:

chattr +i path/to/file

And to remove the immutable attribute -i:

chattr -i path/to/file

Tell us what you think:

  1. Worth knowing in order to make a bootable USB memory stick with Windows on from Linux.
  2. This is why I decided to encrypt my new Flash Drive, and why I think you should too.
  3. About the problem with using sudo with graphical programs in Linux.
  4. My experience with do-release-upgrade is that it rarely breaks anything, so I would say it is generally a safe and reliable way to upgrade Ubuntu.

More in: Linux Tutorials