Help & Tutorial

Master Linux permissions with comprehensive examples and explanations

Quick Navigation

Basics

Calculator

Examples

Scenarios

Cheat Sheet

Practice

Understanding File Permissions

What Are File Permissions? πŸ€”

File permissions in Linux control who can do what with files and directories. Think of them as rules that determine:

  • Who can access the file (owner, group, others)
  • What they can do with it (read, write, execute)
Real-world analogy: File permissions are like having different keys for your house. You (owner) have the master key, your family (group) has house keys, and visitors (others) might only be able to ring the doorbell!

The Three Permission Types πŸ”

πŸ“– Read (r)

Value: 4

View file contents or list directory contents

✏️ Write (w)

Value: 2

Modify file contents or create/delete files in directory

⚑ Execute (x)

Value: 1

Run file as program or enter directory

The Three User Types πŸ‘₯

Owner (u)

The user who owns the file. Usually the person who created it.

Group (g)

Users who belong to the file's group. Great for team collaboration.

Others (o)

Everyone else on the system. Be careful with these permissions!

Reading Permission Strings πŸ“Š

-rwxr-xr--
Type Owner Group Others
Breaking it down:
  • First character: File type (- = file, d = directory, l = link)
  • Next 3 characters: Owner permissions (rwx = read, write, execute)
  • Next 3 characters: Group permissions (r-x = read, execute only)
  • Last 3 characters: Others permissions (r-- = read only)

Interactive Permission Calculator

Enter Octal Permissions:

Owner
Read (4)
Write (2)
Execute (1)
Group
Read (4)
Write (2)
Execute (1)
Others
Read (4)
Write (2)
Execute (1)

Result:

Symbolic: ---------
Octal: 000
Description: Enter permissions above
Quick Presets:

Real-World Examples

Making Scripts Executable
$ chmod +x deploy.sh
$ chmod 755 deploy.sh

Use case: Deployment scripts, build scripts, any file you need to run

Why 755? Owner gets full access (7=rwx), group and others get read+execute (5=r-x). Perfect for scripts!
Securing SSH Keys
$ chmod 600 ~/.ssh/id_rsa
$ chmod 644 ~/.ssh/id_rsa.pub

Use case: Private keys should be owner-only, public keys can be readable

Security tip: Private keys with wrong permissions will be rejected by SSH!
Configuration Files
$ chmod 644 nginx.conf
$ chmod 644 app.config

Use case: Config files that services need to read but only admins should edit

Best practice: Config files should be readable by services but not executable!
Database Files
$ chmod 600 database.db
$ chmod 750 backup.sh

Use case: Database files should be private, backup scripts executable by owner and group

Security: Database files often contain sensitive data - keep them private!
Docker & Containers
$ chmod 755 entrypoint.sh
$ chmod 644 Dockerfile

Use case: Container entry points need to be executable, Dockerfiles are just text

Container tip: Entry point scripts must be executable or container won't start!
Secrets & Credentials
$ chmod 600 .env
$ chmod 600 api-keys.txt

Use case: Any file containing passwords, API keys, or sensitive data

Golden rule: If it's secret, make it 600 (owner-only access)!

DevOps Scenarios You'll Encounter

Problem:

Your build pipeline fails because scripts don't have execute permissions.

ERROR: Permission denied: './build.sh'
Solution:
$ chmod +x build.sh test.sh deploy.sh
$ chmod 755 *.sh # Alternative

Lesson: Always check script permissions in your CI/CD setup!

Problem:

Security scan finds files with overly permissive permissions.

CRITICAL: Private key readable by all users
Solution:
$ chmod 600 ~/.ssh/id_rsa
$ chmod 600 /etc/ssl/private/*.key

Lesson: Private keys and secrets should always be 600!

Problem:

Container won't start because entrypoint script isn't executable.

docker: Error response: exec format error
Solution:
$ chmod +x entrypoint.sh
# In Dockerfile: RUN chmod +x entrypoint.sh

Lesson: Set permissions before building Docker images!

Problem:

Kubernetes secrets mounted with wrong permissions, causing security issues.

WARNING: Secret files readable by all pod users
Solution:
$ chmod 600 /var/secrets/*
# Or set defaultMode: 0600 in volume spec

Lesson: Always secure mounted secrets in K8s!

Ultimate Chmod Cheat Sheet

Common Octal Permissions

Octal Symbolic Use Case
755 rwxr-xr-x Scripts, executables
644 rw-r--r-- Regular files, configs
600 rw------- Private keys, secrets
750 rwxr-x--- Group-executable scripts
700 rwx------ Private directories
777 rwxrwxrwx ⚠️ Dangerous - avoid!

Symbolic Notation Quick Reference

Command Effect
chmod +x file Add execute for all
chmod u+rwx file Owner gets all permissions
chmod go-w file Remove write from group & others
chmod a=r file Everyone gets read only
chmod u=rwx,go=rx file Owner: rwx, others: rx
chmod -R 755 dir/ Recursive permission change
Symbols:
  • u = owner (user)
  • g = group
  • o = others
  • a = all (u+g+o)
  • + = add permission
  • - = remove permission
  • = = set exact permission

Ready to Practice?

Now that you understand the concepts, let's put your knowledge to the test!

Start Game Interactive Tutorial
πŸ’‘ Pro Tips for the Game:
  • Read the scenario carefully - context matters!
  • Think about security - who really needs access?
  • Both octal (755) and symbolic (+x) commands work
  • Use hints if you're stuck - learning is the goal!
  • Try different approaches - there's often more than one solution