Linux+ File Permissions: Study Guide

Q: What does the numeric value 755 mean in Linux permissions?

The numeric value 755 breaks into three digits representing user, group, and others. The first digit (7) means the owner has read (4) + write (2) + execute (1) = 7, full permissions. The second digit (5) means the group has read (4) + execute (1) = 5. The third digit (5) means others have read (4) + execute (1) = 5. In symbolic notation, this is rwxr-xr-x. This is the most common permission set for executable files and directories. It allows the owner to do anything while allowing others to read and access without modification. Directories frequently use 755 to allow all users to navigate through them while preventing unwanted deletion or modification.

Q: How do I recursively change permissions for a directory and all its contents?

Use the chmod command with the -R flag. The command 'chmod -R 755 directoryname' changes all files and subdirectories within directoryname to 755 permissions. Similarly, 'chmod -R u+x directoryname' adds execute permission for the owner to everything inside. Be extremely careful with recursive changes because applying wrong permissions to many files simultaneously can break functionality or create security issues. A safer approach uses chmod with -R and specific targets, like 'chmod -R u+rw directoryname' which only adds permissions rather than setting absolute values. For chown, use 'chown -R username:groupname directoryname' to change ownership recursively. Always double-check your command before executing recursive operations, especially with numeric notation, because the effects are widespread and immediate.

Q: What is the difference between read and execute permissions on directories?

Read permission (r) on a directory allows you to list its contents using 'ls', but you cannot enter the directory. Execute permission (x) on a directory allows you to enter it and access files within it, but you cannot list contents without read permission. A directory with execute but not read (--x) is accessible. You can cd into it and access files if you know their names. You cannot run 'ls' to see what files exist. A directory with read but not execute (r--) allows listing contents but prevents entering the directory or accessing files. Most practical scenarios require both read and execute (rx or 5 for group/others) on directories. This unusual behavior confuses many students, but it's important for security. You can prevent users from listing directory contents while allowing access to specific files if they know the names, or allow listing without allowing access to contained files.

Q: How does umask affect file and directory permissions?

Umask is a user preference that specifies which permissions get removed from default permissions when new files or directories are created. Default permissions are 666 for files (rw-rw-rw-) and 777 for directories (rwxrwxrwx). A umask of 0022 means remove 2 from the group and 2 from others. This results in 644 permissions for files (rw-r--r--) and 755 for directories (rwxr-xr-x). The calculation is: default permissions minus umask equals resulting permissions. So 666 - 022 = 644, and 777 - 022 = 755. Common umask values are 0022 (standard) and 0077 (restrictive, resulting in 600 for files and 700 for directories). View your current umask with the 'umask' command. Set it temporarily with 'umask 0077' or permanently by adding it to your shell configuration file. Understanding umask is crucial because newly created files inherit permissions determined by umask, not by chmod commands applied to the directory.

By FluentFlash Research Team·Updated 2026-04-30

Linux file permissions control who can read, write, and execute files on your system. Every system administrator and Linux+ certified professional must master these security fundamentals.

You need to understand three permission types (read, write, execute), three user categories (owner, group, others), and key commands like chmod and chown. This guide breaks down the core concepts, explains why flashcards accelerate your learning, and provides practical tips for exam success.

Key Takeaways

•Linux permissions consist of read (4), write (2), and execute (1) applied to owner, group, and others. Numeric notation like 755 is shorthand for rwxr-xr-x.
•Master both chmod (symbolic: u+x, and numeric: 755) and chown commands for effective permission and ownership management.
•Directory permissions work uniquely: execute means enter the directory, read means list contents, write means create or delete files. You often need both read and execute.
•Umask determines default permissions for new files and directories by subtracting its value from defaults (666 for files, 777 for directories).
•Special permissions (setuid at 4000, setgid at 2000, sticky bit at 1000) provide additional security and functionality for specific use cases.
•ACLs and SELinux offer granular access control beyond traditional Unix permissions for complex security requirements on modern Linux systems.

Understanding Linux File Permissions Basics

Linux file permissions operate on three fundamental levels: read (r), write (w), and execute (x). Each permission has a numeric value: read equals 4, write equals 2, and execute equals 1. These permissions apply to three user categories: the file owner, members of the file's group, and all others.

Reading Permission Notation

When you run 'ls -l', you see a ten-character string showing permissions. The first character indicates file type (- for regular file, d for directory). The next nine characters split into three groups of three.

Example: rwxr-xr-x breaks down as follows.

Owner: read (4) + write (2) + execute (1) = 7
Group: read (4) + execute (1) = 5
Others: read (4) + execute (1) = 5

Directory Permissions Work Differently

For directories, execute permission means you can enter the directory. Read permission allows you to list its contents. Write permission lets you create or delete files within it. This distinction is crucial because file permissions work differently than directory permissions.

Special Permissions: Setuid, Setgid, Sticky Bit

Three special permissions add another layer: setuid (4000) allows a file to execute with its owner's permissions. Setgid (2000) applies group ownership to files created in a directory. Sticky bit (1000) prevents users from deleting files they don't own. These concepts form the foundation for advanced permission tasks.

Practical Permission Management with chmod and chown

The chmod command modifies file permissions using symbolic or numeric notation. In symbolic mode, specify who (u for user, g for group, o for others, a for all), what operation (+, -, =), and which permission (r, w, x).

Chmod in Action

Example: 'chmod u+x filename' adds execute permission for the owner. Numeric mode is faster. 'chmod 755 filename' sets permissions to rwxr-xr-x. Each digit represents the sum of permission values for user, group, and others.

Changing File Ownership

The chown command changes file ownership. 'chown username filename' changes the owner. 'chown username:groupname filename' changes both owner and group. You can also use 'chown :groupname filename' to change only the group. The -R flag makes both commands recursive, applying changes to directories and all their contents.

Understanding Umask

Umask determines default permissions for newly created files and directories. The umask value subtracts from default permissions (666 for files, 777 for directories). A umask of 0022 creates files with 644 permissions and directories with 755 permissions. Understanding umask is essential because it controls what permissions appear on new files automatically.

These practical skills appear frequently on the Linux+ exam. Flashcards help you memorize syntax, flags, and common use cases quickly.

Permission Scenarios and Troubleshooting

Real-world permission problems require systematic troubleshooting. When a user cannot access a file, check permissions at every level of the path.

If the path is /home/user/documents/file.txt and access fails, verify permissions at /home, /home/user, /home/user/documents, and the file itself. All must be correct.

Web Server Permissions

Apache typically runs as the 'apache' or 'www-data' user. It needs execute permission on directories and read permission on files to serve content. Setting 755 for directories and 644 for files usually solves this problem.

Shared Group Directories

When multiple users need to collaborate, use the setgid bit. Run 'chmod g+s directoryname' so files created within inherit the group ownership, maintaining consistency.

Shell Script Execution

Shell scripts require both read and execute permissions to run. Read permission alone is insufficient. Application-specific permissions add complexity: database files need specific settings, log files must be writable by services creating them, and configuration files often need restricted permissions for security.

Practicing permission troubleshooting with flashcards helps you internalize these scenarios and develop the diagnostic thinking needed for exams and real-world work.

Advanced Permissions: ACLs and SELinux

Modern Linux systems use Access Control Lists (ACLs) for granular permission control beyond standard Unix permissions. ACLs grant permissions to specific users or groups without modifying standard permissions.

Using ACLs Effectively

The getfacl command displays ACL permissions. setfacl modifies them. Example: 'setfacl -m u:username:rwx filename' grants a specific user full permissions. The -R flag makes changes recursive, and -d sets default ACLs for directories. ACLs are useful when standard permissions are too restrictive.

Understanding SELinux

SELinux (Security-Enhanced Linux) is a mandatory access control system adding security beyond traditional permissions. It uses security contexts consisting of user, role, type, and level. The 'ls -Z' command shows SELinux contexts. The chcon command changes them.

SELinux operates in three modes: enforcing (denies access based on policy), permissive (logs violations but allows access), and disabled. SELinux is enabled by default on Red Hat-based systems and increasingly important to understand.

Exam Preparation

The Linux+ exam tests traditional permissions and these advanced concepts. Allocate study time to ACLs and SELinux basics. Flashcards are excellent for memorizing getfacl syntax, setfacl examples, SELinux modes, and chcon usage patterns. These advanced topics build on fundamental permission knowledge, so master basics first.

Why Flashcards Are Ideal for Linux File Permissions

Flashcards excel for Linux file permissions because this topic requires memorizing specific syntax, numeric values, and command flags while understanding conceptual relationships. The permission numeric system (read=4, write=2, execute=1) benefits from spaced repetition. Flashcards force you to recall these values repeatedly until they become automatic.

Breaking Down Complex Topics

Creating flashcards forces you to decompose complex topics into manageable pieces. Instead of trying to understand everything about permissions, create individual cards for setuid, setgid, sticky bit, numeric notation, symbolic notation, chmod syntax, chown syntax, umask calculations, and ACL basics. This modular approach reduces cognitive load and improves retention.

Active Recall Strengthens Memory

Active recall (retrieving information from memory) strengthens learning more than passive review. When you flip a flashcard and recall what 'rw-r--r--' means without looking, your brain works harder than re-reading notes. This challenging effort makes memories stronger and more durable.

Immediate Feedback and Distributed Practice

Flashcards provide immediate feedback, helping you identify weak areas quickly. If you struggle with umask calculations or ACL syntax, you'll notice immediately and focus additional study time effectively. Distributed practice with flashcards (studying daily) produces better long-term retention than cramming. This is particularly important for certification exams where knowledge must be recalled quickly under pressure.

Start Studying Linux+ File Permissions

Master file permissions syntax, calculations, and practical applications with interactive flashcards. Drill numeric notation, chmod commands, permission scenarios, and special permissions until they become automatic knowledge. Study efficiently with spaced repetition and get exam-ready for CompTIA Linux+ certification.

Create Free Flashcards

Frequently Asked Questions

What does the numeric value 755 mean in Linux permissions?

The numeric value 755 breaks into three digits representing user, group, and others. The first digit (7) means the owner has read (4) + write (2) + execute (1) = 7, full permissions. The second digit (5) means the group has read (4) + execute (1) = 5. The third digit (5) means others have read (4) + execute (1) = 5.

In symbolic notation, this is rwxr-xr-x. This is the most common permission set for executable files and directories. It allows the owner to do anything while allowing others to read and access without modification. Directories frequently use 755 to allow all users to navigate through them while preventing unwanted deletion or modification.

How do I recursively change permissions for a directory and all its contents?

Use the chmod command with the -R flag. The command 'chmod -R 755 directoryname' changes all files and subdirectories within directoryname to 755 permissions. Similarly, 'chmod -R u+x directoryname' adds execute permission for the owner to everything inside.

Be extremely careful with recursive changes because applying wrong permissions to many files simultaneously can break functionality or create security issues. A safer approach uses chmod with -R and specific targets, like 'chmod -R u+rw directoryname' which only adds permissions rather than setting absolute values.

For chown, use 'chown -R username:groupname directoryname' to change ownership recursively. Always double-check your command before executing recursive operations, especially with numeric notation, because the effects are widespread and immediate.

What is the difference between read and execute permissions on directories?

Read permission (r) on a directory allows you to list its contents using 'ls', but you cannot enter the directory. Execute permission (x) on a directory allows you to enter it and access files within it, but you cannot list contents without read permission.

A directory with execute but not read (--x) is accessible. You can cd into it and access files if you know their names. You cannot run 'ls' to see what files exist. A directory with read but not execute (r--) allows listing contents but prevents entering the directory or accessing files.

Most practical scenarios require both read and execute (rx or 5 for group/others) on directories. This unusual behavior confuses many students, but it's important for security. You can prevent users from listing directory contents while allowing access to specific files if they know the names, or allow listing without allowing access to contained files.

How does umask affect file and directory permissions?

Umask is a user preference that specifies which permissions get removed from default permissions when new files or directories are created. Default permissions are 666 for files (rw-rw-rw-) and 777 for directories (rwxrwxrwx).

A umask of 0022 means remove 2 from the group and 2 from others. This results in 644 permissions for files (rw-r--r--) and 755 for directories (rwxr-xr-x). The calculation is: default permissions minus umask equals resulting permissions. So 666 - 022 = 644, and 777 - 022 = 755.

Common umask values are 0022 (standard) and 0077 (restrictive, resulting in 600 for files and 700 for directories). View your current umask with the 'umask' command. Set it temporarily with 'umask 0077' or permanently by adding it to your shell configuration file. Understanding umask is crucial because newly created files inherit permissions determined by umask, not by chmod commands applied to the directory.

What are setuid, setgid, and sticky bit, and when should I use them?

These are special permissions beyond the standard read, write, execute trio. Setuid (4000) allows a file to execute with the owner's permissions rather than the executor's permissions. The passwd command has setuid so regular users can execute it with root privileges to change their own passwords.

Setgid (2000) on files works similarly with group permissions. On directories, it causes files created within to inherit the directory's group ownership. Sticky bit (1000) on directories prevents users from deleting files they don't own. It's commonly used on /tmp.

Set these permissions with 'chmod 4755 filename' for setuid, 'chmod 2755 filename' for setgid, or 'chmod 1777 directoryname' for sticky bit. Use symbolic notation like 'chmod u+s filename' for setuid, 'chmod g+s directoryname' for setgid on directories, or 'chmod +t directoryname' for sticky bit. These special permissions enhance security and functionality but can create risks if misused. Apply them carefully and only when necessary.