Kids IT Lab No.6 | Linux

File Permissions Explained

Every file and folder on Linux has permission information (permissions) that decides "who can do what." Windows and macOS have similar systems, but Linux lets you control them in fine detail from the command line. This article summarises how to read and change file permissions for middle and high school students.

What are permissions?

Every file and folder on Linux has three types of access: "read (r)," "write (w)," and "execute (x)." Each of those three can be set separately for three groups: the "owner," the "group," and "everyone else."

A diary file might be "owner can read and write; no one else can do anything." A website's public folder might be "owner can change it; everyone else can only read it." This granular control is one reason Linux is the preferred OS for servers. Many users can share the same machine safely.

Reading permissions

rwx Notation and Octal Numbers r=4, w=2, x=1 — add them up to get the number. rwx=7, r-x=5, r--=4 are the most common. Symbol Number Meaning rwx rwx 7 (4+2+1) Read, write, and execute r-x r-x 5 (4+1) Read and execute only r-- r-- 4 Read only rw- rw- 6 (4+2) Read and write (no execute) --- --- 0 No access at all 3 digits = owner · group · others (in that order) e.g.: 7 5 5 = owner rwx · group r-x · others r-x (standard for public web files)
Fig. 1: Three octal digits encode 9 bits of permissions. Know "755" and "644" and you'll handle 80% of real-world cases.

Running ls -l shows a 10-character string at the start of each entry, like -rwxr-xr--. The first character is the file type (- = regular file, d = directory). The remaining 9 characters are read in groups of three: owner, group, and others. r = read, w = write, x = execute.

You can also express permissions as numbers: r=4, w=2, x=1 — add them up. rwx=7, r-x=5, r--=4. In practice, people commonly talk about "755" or "644."

Changing permissions with chmod and chown

The command to change permissions is chmod (change mode). chmod 755 script.sh sets script.sh so "the owner can read/write/execute; everyone else can read and execute." The command to change the owner is chown, but that requires admin (sudo) privileges.

When publishing HTML files on a web server, the standard pairing is "755" for directories and "644" for files. Memorise those two and you can fix half of all "403 Forbidden" errors on your own website.

Instead of memorising numbers alone, think "who am I allowing to do what?" Don't give write access to others on files only you should edit. Don't add execute permissions to HTML or image files that don't need to run. Keep permissions on server files to the minimum necessary. That way of thinking is the foundation.

Where is this used?

Common Permission Patterns (use cases and risk) Know these 5 and you'll handle 90% of real work. Especially avoid 777 at all costs. 755 rwxr-xr-x Public web files · executable scripts Owner can change; everyone can read and execute. Standard for website HTML and bin scripts. 644 rw-r--r-- Regular documents · text files Owner can read/write; everyone else can only read. Standard for HTML, PDFs, and logs. 700 rwx------ Private directories Only the owner can read/write/execute. Used for .ssh directories and personal folders. 600 rw------- SSH keys · password files Only the owner can read/write. SSH keys (id_rsa) won't work with any other permission. 777 = rwxrwxrwx ⚠ Anyone can modify — absolutely never use on a server
Fig. 2: Memorise 755 (public), 644 (documents), and 600 (keys) and you're covered for almost everything.

Recommended practice for middle and high school students

When you see a "Permission denied" error trying to run your own script, type chmod +x filename to add execute permission — and remember that trick. It makes Python scripts, Bash scripts, and custom commands runnable. Tools downloaded from GitHub also often arrive without execute permission, so this one step fixes it.

When practicing, create a dedicated folder and test on empty text files. Check the current permissions with ls -l, change them with chmod, then check again with ls -l. Never use sudo chmod on important folders or system files without understanding what you're doing.

Pitfalls to watch out for

Permission operation warnings
  • chmod 777 means "anyone can freely modify" — the most dangerous setting. Never use it on a server.
  • SSH key files (id_rsa) won't work unless they're set to 600. Setting 644 will be rejected as "permissions too open."
  • Setting overly permissive permissions on a web server's public folder lets attackers overwrite your files.

How will this help you in the future?

Permission settings are the absolute basics of server security — knowledge you'll use every single day in web development, infrastructure management, and cloud engineering. The concept of "permissions" is shared by cloud permission management systems like AWS IAM and Google Cloud IAM, so the understanding you build here will carry over to a wide range of future situations.

Once you understand permissions, you'll understand why admin privileges are needed, why you can't delete other people's files in a shared folder, and why write permissions are locked down on public servers. This is foundational digital literacy, not just for Linux but for using any shared computer system safely.

Things you can do today

Get started in 3 steps
  1. Run ls -l in a terminal and look at the permission string at the start of each line.
  2. Create a file with touch test.sh, change permissions with chmod 755 test.sh, and confirm the result with ls -l.
  3. Write out the meaning of 644, 755, 600, and 700 on paper and memorise them.

Summary

Linux permissions are a system for deciding "who can do what" in fine detail. Read (r=4), write (w=2), and execute (x=1) are set for owner, group, and others, and expressed as a 3-digit number. Memorise just four patterns — 755, 644, 600, and 700 — and you'll handle the vast majority of situations involving web servers, SSH, and script execution.

Related articles

PreviousTop 10 Linux Commands NextWhat Is sudo? RelatedWhat Is Security? RelatedWhat Is a Server?
← Back to Kids IT Lab