File permissions in Unix-like systems control who can read, write, or execute files and directories, forming the foundation of system security and access control. The POSIX permission model defines three classes (owner, group, others) and three basic operations (read, write, execute), but modern Linux extends this with ACLs for granular control, special permissions for privilege escalation, and mandatory access control systems like SELinux and AppArmor. Understanding how octal and symbolic notation work together, how umask sets defaults, and when to use extended attributes versus capabilities is essential for maintaining secure, properly isolated systems—especially in multi-user environments where effective permissions must be calculated across multiple layers.
What This Cheat Sheet Covers
This topic spans 20 focused tables and 169 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.
Table 1: Basic Permission Types
The three basic permission bits apply differently to files and directories — x on a directory means enter, not run. Knowing what each bit actually does on each object type prevents the most common misconfiguration mistakes.
| Permission | Example | Description |
|---|---|---|
cat file.txt | • On files: allows viewing contents • On directories: allows listing entries with ls• octal value 4. | |
echo "text" > file.txt | • On files: allows modifying contents • On directories: allows creating/renaming/deleting files within it • octal value 2. |