Linux permission numberic table

Permissions in Linux (or UNIX) can be difficult to understand. Here is a step-plan to determine the right combination of permissions.

Either read in the "Explanation" field in the table below what you want to do, or do ls -l and see what it means. Each object (file, directory, sockets, device, etc) has 10 positions to indicate what's possible with the object. For example you could see -rwxr-x---. You can split the 10 positions up into these parts:

  • The 1st character: what kind of object is it; - for file, d for directory, s for socket.
  • The 2nd until and including the 4th character: the permissions for the owner of the object.
  • The 5th until and including the 7th character: the permissions for the group that owns the object.
  • The 8th until and including the 10th character: the permissions for others.
Numeric Readable Explanation
0 --- No access.
1 --x Execute access.*
2 -w- Write access.**
3 -wx Write and execute access.***
4 r-- Read access.
5 r-x Read and execute access.
6 rw- Read and write access.
7 rwx Read, write and execute access.

*= This is an odd combination, executing something that's not readable is not possible.
**= A strange combination; writing when you are not able to read.
***= This is an weird combination, you can't execute when you can't read the file, though you may write the file.

There are some special permission sets. When you see an "s" or an "S" on the location where you'd expect an "x", this means:

  • "s" for the owner - If somebody is allowed to execute the script (group or other) then it's executed as if it was executed by the user. This is called a "set user id bit" or "suid" and can be set by appending a 4 to a permission set. For example: chmod 4755 object.
  • S for the owner - The set user id bit was set, but no execute permissions were set in the first place. This is a broken set of permissions, but may be achieved by chmod 4650 object.
  • s for the group - When somebody is allowed to execute a script (user or other) then it's executed as if it was executed by the group. This is called a "set group id bit" or "sgid" and can be set by appending a 2 to a permission set. For example: chmod 2775 object. This bit on a directory means all files in that directory that will be created, will be owned by the group that owns the directory.
  • S for the group - The set group id bit was set, but no execute permissions were set in the first place. This is a broken set of permissions, but can be achieved by executing chmod 2745 object.
About Consultancy Articles Contact




References Red Hat Certified Architect By Robert de Bock Robert de Bock
Curriculum Vitae By Fred Clausen +31 6 14 39 58 72
By Nelson Manning [email protected]