File and Directory Permissions Explained – Part Two

Start course
1h 53m

This course will get you up to speed with the fundamentals of Linux and prepare you for further study. We'll look at the essentials of Linux including the directory structure, basic commands, the shell, and using the command line.

You'll learn how to navigate your way through the Linux directory structure and the permissions for doing so. We'll also cover files and the multitude of ways in which they can be created, managed, and deleted. This course is part of the Linux Administration Bootcamp learning path, designed to get you up and running with Linux.

Learning Objectives

Gain a foundational understanding of:

  • Linux directories and permissions
  • Shell scripting and the command line
  • How to create and modify files in Linux

Intended Audience

  • Anyone with little to no knowledge of Linux who wants to learn more about the operating system
  • Professionals who want to learn about Linux to enhance their career prospects


This is a beginner-level course so there are no prerequisites, but an interest in Linux and programming knowledge in general would be beneficial.


When you create a file, its group is set to your primary group. So if you're a member of multiple groups, for example, a sales and training group, if sales is your primary or first group, then when you create a new file, it will be in the sales group. If you wanna change the group of a file, use the CHGRP command.

You can see that when I created the file that it was put in my primary group, which is Jason. I'm also a member of the sales group. So let's change the group to sales for this file. Now we can see that the group is sales. And let's give permissions so that other people in the sales group can edit the file. There we go.

\So instead of keeping files in different people's home directories, maybe you could have a common place to store these. So on this system, there's a user local sales directory. And you can see that the sales group has read, write and execute permissions for that. So I'm gonna put the shared file in that shared location. Now anyone that is a member of the sales group can edit that file.

Let's look at directory permissions again. Permissions on a directory can affect the files in that directory. The common problem is having proper permission set on a file within a directory, only to have the incorrect permission set on the directory itself. Not having the correct permissions on a directory can prevent the execution of the file, for example. If you are sure that a file's permission is correct, start looking at the directory it's in. And then look at that directory's parent directory and work your way all the way towards the root of the file system.

The permissions are set to 755 on this directory. If I look in the directory, I see one file. And that is an executable file. And it currently works. So let's change the directory permissions on my cat to 400. And now I only have read permission, I don't have write or execute permission on that directory. You can see that the only information I get from LS is the file name that is in that directory because of the read permission. Since the permissions are set improperly on the directory, I can't even execute the file that's in that directory. Let's change the permissions to give me execute permissions on that directory. And now we see that it works. And you can also see that LS-L works.

The file creation mask is what determines the permissions a file will receive when it's created. If no mask were used, then the default permissions would be 777 for directories and 666 for files. The file creation mask is typically set by system administrators to some sane default. However, it can be overridden on a per user basis by using the umask command.

The umask command sets the file creation mask to the mode that you pass to it. If you use a dash capital S that means umask will display and accept symbolic notation. The mode supplied to umask works in the opposite way as the mode given to chmod. So when you give chmod seven, that's interpreted to mean read, write and execute permission or all permissions. However, when you supply seven to umask, that is interpreted to mean no permission or all permissions off.

So you can think of chmod is turning on or adding and giving permissions while umask turns off, subtracts or takes away permissions. A quick way to estimate what a umask mode will do to the default permissions is to subtract the octal umask mode from 777 in the case of directories and from 666 in the case of files.

For example, let's take a umask of 022. If we subtract that from 777, we are left with a default file creation mode of 755 for directories, and 666 minus 022 is 644. So for files, the default file creation mode is 644. If we use the umask of 002, then we'll have the default permissions for directories of 775 and 664 for files. Using the umask of 002 is ideal for working with members of your group since the permissions allow members of the group to manipulate those files and directories that you create. Again, this method of subtracting these permissions is an estimation.

So here's an example of using a umask where this breaks down a little bit. So umask 007, if you subtract that from 777, you're left with 770 for directory permissions, which is fine. However, 666 minus 007 would leave you with 66 negative one, so there is no negative one permission, there's just no permission, so it breaks down a little bit, but it gives you a good idea of what to expect. Here's some fairly common umask modes, 022, 002, 077, and 007.

This table contains all the resulting permissions created by each and every one of the eight umask permutations. If you were to run umask, without any arguments, it will display the umask and four characters instead of the three that we've been working with. The three characters we've been working with represent user, group and other. However, there is one other class and this class is considered special modes. And these special modes are setuid, setgid and sticky.

Just know that the special modes are declared by prepending a character to the octal mode that you normally use with umask or chmod. So the important point here is to know that umask 0022 is exactly the same as umask 022, or chmod 0644 is the same as chmod 644. We're not gonna cover these special modes in this course, but I wanted you to be aware that, one, they exist, and two, they're the reason why umask is displayed in four characters instead of three.

You can see that our umask is set to 0022. Using a capital S we can get symbolic mode. Let's see what the default permissions are. The touch command either creates a file if it doesn't exist, or it updates the timestamp of a file. So we see the directory was created with 755 permissions and the file 644. Let's set umask to 007, whoops, and umask of 0007 is the same as 007.

In this case, we can see that directories are created with 770 permissions and files are created with 660 permissions. Permissions can be represented by symbols or numbers. The effect permissions have on directories is slightly different than they have on files. We talked about how to change permissions with the chmod command. We talked about some strategies of working with members of your group. And finally we covered the file creation mask and the umask command.

About the Author
Jason Cannon
Founder, Linux Training Academy
Learning Paths

Jason is the founder of the Linux Training Academy as well as the author of "Linux for Beginners" and "Command Line Kung Fu." He has over 20 years of professional Linux experience, having worked for industry leaders such as Hewlett-Packard, Xerox, UPS, FireEye, and Nothing gives him more satisfaction than knowing he has helped thousands of IT professionals level up their careers through his many books and courses.

Covered Topics