Menü schliessen
Created: January 29th 2026
Categories: IT Knowledge,  Linux,  Operating Systems
Author: Milos Jevtic

Linux File Permissions and Groups Explained

Tags:  learn Linux basics,  Linux

Introduction: Why Can't I Access My Own Files?

You're using Linux as your daily driver. Everything is going fine until you try to run a script you just downloaded:

bash: ./install.sh: Permission denied

Or you plug in a USB drive and can't delete files on it. Or you try to edit a config file and get told you need to be root. Or you set up a shared folder for your family and suddenly nobody can access each other's files.
The instinct is to throw sudo at everything or Google "chmod 777" and hope for the best. It works—until it doesn't, or until you've created a security mess.
Linux permissions and groups aren't complicated once you understand the logic. In this guide, I'll explain how permissions actually work, what groups are for, and how to solve common desktop problems without blindly copy-pasting commands.

What Are Linux Permissions?

Every file and folder on your Linux system has three properties:

  • Owner - The user who owns the file (usually whoever created it)
  • Group - A group of users who share access
  • Permissions - What actions are allowed for owner, group, and everyone else

Permissions control three actions:

  • Read (r) - View contents of a file or list files in a folder
  • Write (w) - Modify a file or create/delete files in a folder
  • Execute (x) - Run a file as a program or enter a folder

These permissions are set separately for three categories: the owner, the group, and others (everyone else on the system).

Reading Permissions with ls -l

Open your terminal and run:

ls -l ~/Documents

You'll see something like:

-rw-rw-r-- 1 maria maria   4521 Jan 20 14:30 notes.txt
drwxrwxr-x 2 maria maria   4096 Jan 18 09:15 Projects
-rw------- 1 maria maria    256 Jan 15 11:00 passwords.txt
-rwxrwxr-x 1 maria maria    892 Jan 22 16:45 backup.sh

Let's break down -rw-rw-r--:

-    rw-    rw-    r--
│    │      │      │
│    │      │      └── Others: read only
│    │      └── Group: read + write
│    └── Owner: read + write
└── File type (- = file, d = directory)

The two names after the permissions show the owner and group. In maria maria, the file is owned by user maria and belongs to group maria (Linux creates a personal group for each user by default).
Here's what each file in our example allows:

  • notes.txt - Maria can read/write, her group can read/write, others can only read
  • Projects/ - A directory. Maria and her group can enter and modify, others can only enter and list
  • passwords.txt - Only Maria can read or write. Nobody else can even see its contents
  • backup.sh - Executable script. Maria and her group can run it, others can run but not modify

Understanding the Number System

You've probably seen commands like chmod 755 somefile. Those numbers are just shorthand for permissions.
Each permission has a value:

  • Read (r) = 4
  • Write (w) = 2
  • Execute (x) = 1

Add them together for each category:

rwx = 4 + 2 + 1 = 7  (full access)
rw- = 4 + 2 + 0 = 6  (read and write)
r-x = 4 + 0 + 1 = 5  (read and execute)
r-- = 4 + 0 + 0 = 4  (read only)
--- = 0 + 0 + 0 = 0  (no access)

A three-digit number represents owner, group, and others:

chmod 755 script.sh
        │││
        ││└── Others: 5 (r-x) - read and execute
        │└── Group: 5 (r-x) - read and execute
        └── Owner: 7 (rwx) - full access

Common permission numbers you'll encounter:

  • 644 - Standard for files. Owner can read/write, everyone else can read
  • 755 - Standard for folders and scripts. Owner has full access, others can read/execute
  • 600 - Private files. Only owner can read/write
  • 700 - Private folders. Only owner can access
  • 777 - Everyone can do everything. Almost never what you want

Changing Permissions with chmod

The chmod command changes permissions. You can use numbers or letters.

Using Numbers

# Make a script executable
chmod 755 backup.sh

# Make a file private
chmod 600 passwords.txt

# Standard permissions for a regular file
chmod 644 document.txt

Using Letters

Sometimes letters are clearer for quick changes:

# Add execute permission for owner
chmod u+x script.sh

# Remove write permission for others
chmod o-w shared-file.txt

# Add read permission for group
chmod g+r project-notes.txt

# Add execute for everyone
chmod +x installer.sh

The letters mean:

  • u - User (owner)
  • g - Group
  • o - Others
  • a - All (everyone)

And the operators:

  • + - Add permission
  • - - Remove permission
  • = - Set exact permission

Changing Ownership with chown

Sometimes the problem isn't permissions—it's ownership. If a file is owned by root or another user, you can't modify it even with generous permissions.
Check who owns a file:

ls -l somefile.txt
# -rw-r--r-- 1 root root 1024 Jan 20 10:00 somefile.txt

This file is owned by root. Even though it's readable, you can't modify it as a regular user.
Change ownership with chown:

# Change owner to yourself
sudo chown maria somefile.txt

# Change owner and group
sudo chown maria:maria somefile.txt

# Change ownership of a folder and everything inside
sudo chown -R maria:maria ~/Projects

You need sudo for chown because only root can give files to other users.

What Are Groups?

Groups let multiple users share access to files without opening them to everyone on the system.
Every user belongs to at least one group (their personal group, usually named after their username). But users can belong to multiple groups.
See your groups:

groups

Output might look like:

maria adm cdrom sudo plugdev lpadmin sambashare

This shows maria belongs to several groups. Some important ones:

  • sudo - Can use sudo to run commands as root
  • plugdev - Can access removable devices like USB drives
  • lpadmin - Can manage printers

See all groups on the system:

cat /etc/group

Creating and Managing Groups

Create a new group:

sudo groupadd family

Add a user to a group:

# Add maria to the family group
sudo usermod -aG family maria

The -aG flags are important:

  • -a - Append (add to existing groups, don't replace them)
  • -G - Modify group membership

After adding yourself to a group, you need to log out and log back in for it to take effect. Or use:

newgrp family

Changing a File's Group

# Change group only
chown :family shared-folder

# Or use chgrp
chgrp family shared-folder

Real-World Scenarios

Let's solve common desktop permission problems.

Scenario 1: Downloaded Script Won't Run

You download a script from GitHub and try to run it:

./install.sh
# bash: ./install.sh: Permission denied

Check the permissions:

ls -l install.sh
# -rw-rw-r-- 1 maria maria 2048 Jan 20 10:00 install.sh

No execute permission. Fix it:

chmod +x install.sh
./install.sh

Scenario 2: Can't Edit Config Files

You try to edit a system config:

nano /etc/hosts
# Error: /etc/hosts is unwritable

Check ownership:

ls -l /etc/hosts
# -rw-r--r-- 1 root root 224 Jan 15 08:00 /etc/hosts

It's owned by root. You have two options:

# Option 1: Edit with sudo
sudo nano /etc/hosts

# Option 2: For files you edit often, change ownership (careful with system files)
sudo chown maria /etc/someconfig

For system files like /etc/hosts, always use sudo rather than changing ownership.

Scenario 3: USB Drive is Read-Only

You plug in a USB drive but can't write to it. This usually happens with NTFS or FAT32 drives.
First, check how it's mounted:

mount | grep media

For NTFS drives, install ntfs-3g if you haven't:

sudo apt install ntfs-3g

If the drive was improperly ejected from Windows, it might be locked. Fix it:

sudo ntfsfix /dev/sdb1

For FAT32 drives, remount with write permissions:

sudo umount /dev/sdb1
sudo mount -o rw,uid=$(id -u),gid=$(id -g) /dev/sdb1 /mnt/usb

Scenario 4: Sharing a Folder Between Users

You want a folder that both you and your partner can access on a shared computer.
Create a shared group and folder:

# Create a group for sharing
sudo groupadd shared

# Add both users to the group
sudo usermod -aG shared maria
sudo usermod -aG shared alex

# Create a shared folder
sudo mkdir /home/shared

# Set ownership to root:shared
sudo chown root:shared /home/shared

# Set permissions: owner and group can read/write, others can't access
sudo chmod 770 /home/shared

# Make new files inherit the group
sudo chmod g+s /home/shared

The g+s flag is called setgid. It makes new files in that folder inherit the group, so everything created there automatically belongs to the shared group.
Both users need to log out and back in for the group changes to take effect.

Scenario 5: Application Won't Launch

You download an AppImage or binary and it won't run:

./SomeApp.AppImage
# bash: ./SomeApp.AppImage: Permission denied

Same fix as scripts—add execute permission:

chmod +x SomeApp.AppImage
./SomeApp.AppImage

Scenario 6: Files Copied from Windows Have Wrong Permissions

After copying files from a Windows partition or NTFS drive, everything might have execute permissions (shown in green in ls):

ls -l
# -rwxrwxrwx 1 maria maria 1024 photo.jpg
# -rwxrwxrwx 1 maria maria 2048 document.pdf

Fix permissions for normal files:

# Remove execute from all files in current directory
chmod -x *

# If you have subdirectories, fix files only (not folders)
find . -type f -exec chmod 644 {} \;

# Fix folder permissions separately
find . -type d -exec chmod 755 {} \;

When to Use sudo

sudo lets you run a command as root (the superuser). Use it only when necessary:

Use sudo for:

  • Installing software with apt/dnf/pacman
  • Editing system config files in /etc
  • Managing services with systemctl
  • Changing ownership of files you don't own
  • Mounting drives manually

Don't use sudo for:

  • Working with your own files in /home
  • Running regular applications
  • Anything where proper permissions would solve the problem

A common mistake is using sudo to create or edit files in your home directory. This creates files owned by root, which causes more permission problems:

# Bad: creates a root-owned file in your home
sudo nano ~/notes.txt

# Good: just edit normally
nano ~/notes.txt

If you've already created root-owned files in your home folder, fix them:

sudo chown -R $(whoami):$(whoami) ~

Common Mistakes to Avoid

1. Using chmod 777

This gives everyone full access. It's almost never the solution:
Bad:

chmod 777 myfile

Good:

# Figure out what you actually need
chmod 755 myscript.sh  # For scripts
chmod 644 myfile.txt   # For regular files

2. Recursive chmod Without Thinking

Be careful with -R (recursive):
Bad:

# Makes everything executable, including documents
chmod -R 755 ~/Documents

Good:

# Set different permissions for files and folders
find ~/Documents -type f -exec chmod 644 {} \;
find ~/Documents -type d -exec chmod 755 {} \;

3. Forgetting to Log Out After Group Changes

Group changes don't apply to your current session. Log out and back in, or use newgrp groupname.

4. Running GUI Apps with sudo

Bad:

sudo nautilus
sudo gedit /etc/hosts

Good:

# Use pkexec or admin:// for GUI apps that need root
pkexec gedit /etc/hosts

# Or in file managers, use admin://
# Type in address bar: admin:///etc/hosts

Useful Commands Reference

Checking Permissions and Ownership

# List with permissions
ls -l

# List including hidden files
ls -la

# See your username
whoami

# See your groups
groups

# See groups for another user
groups alex

# See file info in detail
stat filename

Changing Permissions

# Using numbers
chmod 644 file.txt
chmod 755 script.sh

# Using letters
chmod +x script.sh      # Add execute for everyone
chmod u+w file.txt      # Add write for owner
chmod go-w file.txt     # Remove write for group and others

# Recursive (folders and contents)
chmod -R 755 folder/

Changing Ownership

# Change owner
sudo chown maria file.txt

# Change owner and group
sudo chown maria:developers file.txt

# Change group only
chgrp developers file.txt
# or
chown :developers file.txt

# Recursive
sudo chown -R maria:maria folder/

Managing Groups

# Create a group
sudo groupadd groupname

# Delete a group
sudo groupdel groupname

# Add user to group
sudo usermod -aG groupname username

# Remove user from group
sudo gpasswd -d username groupname

# See group members
getent group groupname

Conclusion

Linux permissions protect your system and your privacy. Instead of fighting them with sudo and chmod 777, understanding how they work lets you fix problems properly.
Key takeaways:

  • Every file has an owner, a group, and permissions for owner/group/others
  • Read is 4, write is 2, execute is 1—add them up for the number system
  • Use 644 for files, 755 for folders and scripts as sensible defaults
  • chmod changes permissions, chown changes ownership
  • Groups let you share files between specific users without opening access to everyone
  • Use sudo only when you actually need root access, not as a workaround for permission problems
  • After joining a group, log out and back in for it to take effect

Next time you hit "Permission denied," check the permissions with ls -l, figure out what's actually wrong, and fix it properly. Your system will be more secure and you'll actually understand what's happening.