We're sorry but this app doesn't work properly without JavaScript enabled. Please enable it to continue.

Linux File Permissions Explained: chmod, chown, and sudo

Boot.dev Team
Boot.dev TeamProgramming course authors and video producers

Last published

Table of Contents

In a Unix-like operating system, permissions control who can do what to which files and directories. If you've ever run a script only to be slapped with permission denied, or typed sudo because the internet told you to, this is the missing context. In this article you'll learn how the rwx permission model works, how to change permissions with chmod, how to change ownership with chown, and when you should (and shouldn't) reach for sudo.

All the content from our Boot.dev courses are available for free here on the blog. This one is the "Permissions" chapter of Learn Linux. If you want to try the far more immersive version of the course, do check it out!

Linux Is a Multi-User System

Unix-like systems support multiple users. Each user has their own home directory, their own files, and their own permissions.

If you're like most people these days, you're the only user on your machine. It used to be more common for multiple people to share a single computer, or for multiple people to do their work on the same computer over a network. Permissions exist so that users can't stomp all over each other's files, and so that even on a single-user machine, you can't accidentally break the system itself.

The whoami command prints the user you're currently logged in as:

whoami
# wagslane

When you run a command with sudo, it runs as the root superuser instead:

sudo whoami
# root

You'll probably be prompted for your password. sudo is short for "superuser do". To use it, you'll need the password of an account with superuser privileges, which you should already have if you're the only user of your machine. If you're using WSL, make sure to use the password you set for your Linux distribution, not your Windows password.

Some people are pedantic and pronounce sudo as "sue-doo." Others are correct and pronounce it "sue-dough."

More on sudo (and why it's dangerous) in a minute. First, the permissions themselves.

How Do Linux File Permissions Work?

Click to play video

The permissions of an individual file or directory are visually represented as a 10-character string:

drwxrwxrwx

You can see this string for any file with ls -l, the "long format" version of the ls command you use to list files and directories.

Let's break down each character. The first one just tells you whether you're looking at a file or a directory:

  • -: Regular file (e.g. -rwxrwxrwx)
  • d: Directory (e.g. drwxrwxrwx)

The next 9 characters are broken up into 3 sets of rwx and represent the permissions themselves for the "owner," "group," and "others," in order. Each group of 3 represents the permissions for reading, writing, and executing, in order. So, for example:

  • rwx: All permissions
  • rw-: Read and write, but not execute
  • r-x: Read and execute, but not write

So who are the owner, the group, and the others?

  • The first 3 characters are "owner" permissions. The "owner" is usually just the user who created the file or directory, but it can be manually changed.
  • The next 3 characters are "group" permissions. Unix-like systems support groups of users, and each file or directory is assigned to exactly one owning group. Anyone who is not the owner and not a member of that group falls under "others." To be honest, unless you're a system administrator, you won't often worry about groups.
  • The last 3 characters are "others" permissions. This is everyone else.

In my experience, when you're doing programming work on your own local machine, you mostly just care about the "owner" permissions because that's usually you. Here are some full examples:

  • -rwxrwxrwx: A file where everyone can do everything
  • -rwxr-xr-x: A file where everyone can read and execute, but only the owner can write
  • drwxr-xr-x: A directory where everyone can read (ls the contents) and execute (cd into it), but only the owner can write (modify the contents)
  • drwx------: A directory where only the owner can read, write and execute

How to Change File Permissions with chmod

The chmod command lets you change the permissions of a file or directory. It's short for "change mode" (I wish it was called "change permissions," but alas).

To recursively change a directory and everything inside it, use the -R flag:

chmod -R u=rwx,g=,o= private

In the command above, u means "user" (aka "owner"), g means "group," and o means "others." The = means "set the permissions to the following," and the rwx means "read, write and execute." The g= and o= mean "set group and other permissions to nothing." The uppercase -R means "recursively," which means "do this to all of the contents of the directory as well."

Run ls -l afterward and you'll see the result:

ls -l
# drwx------ 2 wagslane wagslane 4096 Jul  6 10:12 private

Only the owner can read, write, and execute. Everyone else gets nothing.

What Do the Numbers in chmod 777 Mean?

You'll often see chmod used with numbers instead of letters:

# change the permissions of a "genids.sh"
# script to 755
chmod 755 genids.sh

This is octal notation. Each digit represents one set of permissions: owner, group, others, in order. Each permission has a numeric value, and you add them together:

  • Read (r) = 4
  • Write (w) = 2
  • Execute (x) = 1
Digit Permissions Meaning
7 rwx read + write + execute
6 rw- read + write
5 r-x read + execute
4 r-- read only
0 --- no permissions

So chmod 755 sets rwxr-xr-x: the owner can do everything, and everyone else can read and execute. chmod 644 sets rw-r--r--: the owner can read and write, everyone else can only read. And the infamous chmod 777 sets rwxrwxrwx: everyone can do everything.

777 gets thrown around a lot in "just make the error go away" advice online. Please don't. It means any user or process on the system can modify (or replace) that file. There's almost always a more precise fix, and it's usually the one in the next section.

Fixing “Permission Denied” with chmod +x

You'll frequently write your own scripts, or download them from the internet, only to find that they refuse to run:

./conquerworld.sh
# bash: ./conquerworld.sh: Permission denied

This happens all the time, and it trips people up constantly. The code is fine and the file is right there, but it's missing the execute permission. The fix is a one-liner: add the execute bit with chmod +x. I use chmod +x all the time as a developer.

chmod +x conquerworld.sh
./conquerworld.sh
# it works!

Without an argument in front of the +, chmod applies the change for the owner, group, and others in one shot (minus anything restricted by your system's umask, but that's a rabbit hole for another day). If you're curious why scripts need the ./ prefix, or how your shell finds executables at all, that's the PATH variable's doing.

The internet is a shady place. Only make executable (and run) scripts from publishers and authors you trust.

What Is the Root User?

The "root" user is a superuser. It has access to everything on the system and can do anything. When you use the sudo command, you're running as the root user (as long as your system hasn't been configured differently).

The sudo keyword is convenient because it quickly gives you elevated permissions to run a single command.

-- xkcd

However, it can also be dangerous because it gives you access to everything. If you run a command with sudo that you don't understand, you could do serious damage to your system.

For example, rm with the r and f flags run on the root directory (/) will delete all the files on your system. Don't do that. The r flag is for "recursive" (delete everything inside) and the f flag is for "force." Most systems will prevent you from doing this, but if you run it with sudo, you've just turned your computer into a very expensive paperweight. (Some modern systems will actually prevent you from deleting everything by default as a safeguard unless you use --no-preserve-root, but it's still a very bad idea.)

So, should you use sudo? Sure, as long as you understand what the command you're running does. Just be careful. Some good sudo hygiene:

  • Don't run commands from the internet with sudo unless you've reviewed them and understand what they do.
  • If a command works without sudo, don't add sudo.
  • Legitimate everyday uses include installing system-wide packages (e.g. sudo apt install neovim) and modifying files owned by other users... which brings us to chown.

How to Change the Owner of a File with chown

So when do you need to use sudo? chmod allows you to change the permissions of any file or directory that you own. But what if you don't own the file or directory? That's where sudo is required.

The chown command, which stands for "change owner," allows you to change the owner of a file or directory, and it requires root privileges:

sudo chown -R root contacts

Here's an explanation of the command:

  • sudo – Run as the root user
  • chown – Command to change the owner
  • -R – "Recursive," meaning also apply the changes to everything inside the directory
  • root – The name of the new owner
  • contacts – The directory to change the owner of

Run ls -l and you'll see root listed as the owner:

ls -l
# drwx------ 2 root root 4096 Jul  6 10:12 contacts

Now that root owns the directory (and others have no permissions), your regular user can't touch it. Even deleting it fails:

rm -r contacts
# rm: cannot remove 'contacts': Permission denied

sudo rm -r contacts
# deleted!

So, ownership determines whose permission set applies to you, permissions determine what you're allowed to do, and sudo is the escape hatch when you need to act as root. If you want to practice all of this hands-on in a real environment (with a guided storyline where you audit a sketchy bank's file security), the Learn Linux course has you covered.

Frequently Asked Questions

What does chmod 777 mean?

chmod 777 gives read, write, and execute permissions to the owner, the group, and everyone else on the system. It's almost never what you actually want, because any user or process can then modify or replace the file. Use a more precise permission set like 755 or 644 instead.

What is the difference between chmod and chown?

chmod changes the permissions of a file or directory (who can read, write, or execute it), while chown changes which user owns it. You can chmod anything you own without special privileges, but chown requires root privileges, so it's usually run with sudo.

How do I fix a permission denied error when running a script?

The script is usually missing the execute permission. Add it with chmod +x yourscript.sh and then run it again with ./yourscript.sh. Only do this for scripts from authors you trust.

Is it safe to use sudo?

Yes, as long as you understand what the command you're running does. sudo runs the command as the root superuser, which has unrestricted access to the whole system, so a bad command run with sudo can do serious damage. If a command works without sudo, don't add it.

Do I need sudo to use chmod?

No, not for files and directories that you own. You only need sudo when changing permissions or ownership of files owned by another user, such as root.

Related Articles