100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Bash

File Permissions Explained (rwx)

Understand the Linux permission model — read, write, and execute bits for owner, group, and others — and how ls -l output maps to those permissions.

Permissions & UsersBeginner8 min readJul 9, 2026
Analogies

File Permissions Explained (rwx)

Linux is a multi-user operating system at its core, and its permission model is what makes it safe for many users (and processes) to share one filesystem. Every file and directory has an owner (a user), a group, and a set of permission bits controlling three kinds of access — read (r), write (w), and execute (x) — for three categories of accessor: the owning user, the owning group, and everyone else ('other'). This nine-bit rwx model, inherited from early Unix, is deceptively simple but underpins nearly all access control on a standard Linux system, from protecting your SSH private key to preventing an unprivileged web server process from overwriting system files.

🏏

Cricket analogy: Like a stadium that lets the home team captain (owner) into the dressing room, the whole squad (group) onto the practice nets, and the general public (other) only into the stands, Linux's rwx model grants different access levels to different categories of people on the same shared ground.

Reading permissions with ls -l

Running ls -l shows a ten-character string like -rwxr-xr-- at the start of each line. The first character indicates the file type (- for regular file, d for directory, l for symbolic link, among others). The remaining nine characters are three rwx triplets in order: owner, group, other. Each triplet position is either the letter (r, w, or x) if that permission is granted, or a dash (-) if it is not. So -rwxr-xr-- means: it's a regular file; the owner can read, write, and execute; the group can read and execute but not write; and everyone else can only read.

🏏

Cricket analogy: Reading -rwxr-xr-- is like reading a scorecard header: the first symbol says it's a completed innings (not abandoned), then three blocks show what the captain, the rest of the squad, and the press box are each permitted to do with the scorebook.

bash
$ ls -l /usr/bin/passwd /etc/shadow /home/alice/notes.txt
-rwsr-xr-x 1 root root   68208 Jan 10  2025 /usr/bin/passwd
-rw-r----- 1 root shadow   1823 Jul  8 09:12 /etc/shadow
-rw-r--r-- 1 alice alice     512 Jul  9 07:40 /home/alice/notes.txt

# Decode /etc/shadow's permissions: rw-r-----
#   owner (root):  read, write
#   group (shadow): read only
#   other:          no access at all

What r, w, and x mean for files vs. directories

The three permission bits mean subtly different things depending on whether they apply to a regular file or a directory. On a file: r lets you read its contents (e.g. with cat), w lets you modify or truncate it, and x lets you execute it as a program or script. On a directory, though: r lets you list the names of entries inside it (ls), w lets you create, rename, or delete entries inside it (which is why deleting a file actually depends on the containing directory's permissions, not the file's own), and x (often called the 'search' or 'traverse' bit) lets you cd into it or access files inside it by path at all — without x on a directory, even knowing a file's exact full path won't let you open it.

🏏

Cricket analogy: The 'x' bit on a directory is like the gate to the players' pavilion: even if you know exactly which locker holds the bat (the file's path), you can't reach it without permission to walk through the pavilion gate itself, separate from being allowed to open the locker.

Numeric (octal) notation

Permissions are frequently expressed as a 3-digit octal number instead of the rwx letters, because each rwx triplet maps directly onto 3 bits: r=4, w=2, x=1, and you sum the values you want. A single digit therefore ranges from 0 (---, no access) to 7 (rwx, full access). The permission -rwxr-xr-- becomes 754 (owner: 4+2+1=7, group: 4+0+1=5, other: 4+0+0=4). This compact octal form is what chmod most commonly takes as an argument, e.g. chmod 644 file.txt.

🏏

Cricket analogy: Converting -rwxr-xr-- to octal 754 is like a scorer converting a detailed ball-by-ball commentary into a compact numeric scorecard: owner's full rwx (4+2+1=7) plus group's r-x (4+0+1=5) plus other's r-- (4+0+0=4) becomes one tidy three-digit summary.

Historical note: this rwx-for-owner/group/other scheme dates back to Unix in the 1970s and was deliberately kept simple for performance and predictability on early hardware. Modern Linux systems layer more granular access control on top when needed — POSIX ACLs (via setfacl/getfacl) allow permissions for arbitrary additional users or groups beyond the classic three categories, and SELinux/AppArmor add mandatory access control policies — but the base rwx model remains the foundation almost everything else builds on.

A common misconception is that a file's own permissions control whether it can be deleted. In fact, deleting (unlinking) a file requires write permission on its containing DIRECTORY, not on the file itself — you can delete a read-only file if you own the directory it lives in and have write+execute on that directory. This trips up many beginners who wonder why rm succeeds on a file they marked read-only.

  • Every file has an owner, a group, and three rwx permission triplets: owner, group, other, visible in ls -l as a 10-character string.
  • On files: r = read contents, w = modify/truncate, x = execute as a program.
  • On directories: r = list entries, w = create/rename/delete entries inside, x = traverse into it / access files by path.
  • Octal notation sums r=4, w=2, x=1 per triplet, so rwxr-xr-- becomes 754, and chmod commonly takes this 3-digit form.
  • Deleting a file depends on write permission on its parent directory, not on the file's own permission bits.
  • POSIX ACLs (setfacl/getfacl) and SELinux/AppArmor extend beyond the classic rwx model for finer-grained or mandatory access control.

Practice what you learned

Was this page helpful?

Topics covered

#Bash#LinuxShellScriptingStudyNotes#DevOps#FilePermissionsExplainedRwx#File#Permissions#Explained#Rwx#StudyNotes#SkillVeris