# File Permissions

## Linux Permissions Basics <a href="#linux-permissions-basics" id="linux-permissions-basics"></a>

Each file in Linux is owned by a single user and a single group, and has its own access permissions. The most common way to view the permissions of a file is `ls -l myfile`.![](https://2015623591-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lp-5TQpuuM0wVgRDmqL%2F-Lp-5WZ7mVLwEZ2xvCJW%2F-Lp-5bQ51ueAP7Ii7eQu%2Fls_l.png?generation=1568738547318054\&alt=media)

The meaning of each column is shown as follows.![](https://2015623591-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lp-5TQpuuM0wVgRDmqL%2F-Lp-5WZ7mVLwEZ2xvCJW%2F-Lp-5bQ7x7GQLW3XsJmj%2Fls_l1.png?generation=1568738547347698\&alt=media)

The first column is **file mode**.

* Files mode contains information of file type and permissions.&#x20;
* The owner of a file belongs to **user** category.&#x20;
* The members of the file's group belong to **group** category while other users that are not part of the user or group categories belong to **other** category.&#x20;

![](https://2015623591-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lp-5TQpuuM0wVgRDmqL%2F-Lp-5WZ7mVLwEZ2xvCJW%2F-Lp-5bQ9FFt9ciyOuXYA%2Fmode.png?generation=1568738547370197\&alt=media)

Every category has three permissions: `read`, `write`, `execute` indicated by`r`,`w`,`x`respectively. A hyphen (-) in the place of one of these characters indicates that the respective permission is not available for the respective category. We can see that execute permission of file "myfile" do not available for all three categories.

Permissions can also be represented with **octal notation**.

* Each permission category (owner, group, other) is represented by a number between 0 and 7.&#x20;
* We let `read` permission equals to 4, while `write` and `execute` permissions equal to 2 and 1 respectively.&#x20;
* Add up the numbers associated with the type of permissions we would like to grant for each category. This will be a number between 0 and 7 (0 representing no permissions and 7 representing full `read`, `write`, and `execute` permissions) for each category.&#x20;

For example, "777" means that all these permission categories have `read`, `write` and `execute` permissions.

### Modifying Permissions -- chmod <a href="#modifying-permissions--chmod" id="modifying-permissions--chmod"></a>

To change a file's permissions, we can use the `chmod` command with octal notation.

For example, we want to execute "myfile" as the owner and we don't want anyone else to modify the file, including group owners. Then we can command

```
chmod 744 myfile
```

![](https://2015623591-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lp-5TQpuuM0wVgRDmqL%2F-Lp-5WZ7mVLwEZ2xvCJW%2F-Lp-5bQB0itnL5o3w_IU%2Fchmod.png?generation=1568738565326356\&alt=media)

As you can see, the permissions were assigned correctly.

### Setting Default Permissions -- umask <a href="#setting-default-permissions--umask" id="setting-default-permissions--umask"></a>

`umask`defines the default permissions for newly created files based on the "base" permissions set defined for files and directories. Usually the base permissions set is 777, that is files or directories can be read, write, and execute permissions for all users. Base permissions subtract "mask", then we get the default permissions for newly created files.

For example, we use `touch` to creat a new file "test", where the default permissions of "test" are `664`. If we want to change the default permissions to be `666`, then we can use `umask` to set "mask" to be 777-666=111, as shown in the below picture. ![](https://2015623591-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lp-5TQpuuM0wVgRDmqL%2F-Lp-5WZ7mVLwEZ2xvCJW%2F-Lp-5bQDFvQ6eqO1msHI%2Fumask.png?generation=1568738565337046\&alt=media)