Linux File Permissions Explained: chmod, -rw-r–r–, and Access Rights

By 佐川 直弘 | Naohiro Sagawa (運営者)

※記事内に広告を含みます。Amazonアソシエイトとして適格販売により収入を得ています。　

1. Introduction

What are “Access Permissions” in Linux?

In Linux and Unix-like systems, properly managing the “access permissions” (permissions) of files and directories is crucial. This is an essential element from both a security perspective and for the stable operation of the system.

Many people, when displaying a list of files in the terminal, have probably seen unfamiliar symbols like -rw-r--r-- and wondered, “What does this mean?”

The Relationship Between chmod and -rw-r–r–

These symbols are a symbolic representation of a file’s access permissions. The chmod command is used to set and change these access permissions. In other words, when you use chmod to grant specific access permissions to a file, the result is a display of symbols like -rw-r--r--.

Purpose and Target Audience of This Article

In this article, we will explain in an easy-to-understand manner, even for beginners, what -rw-r--r-- specifically means and how to use chmod to set and change it. Furthermore, we will touch upon practical content such as security considerations and actual usage examples.

This article aims to provide a solid understanding of practical knowledge applicable in real-world scenarios, targeting everyone from those who are new to Linux to intermediate users who are somewhat familiar with terminal operations.

2. What is chmod? [Basic Understanding]

Role of the chmod Command

chmod (pronounced “chom-mod” or “change mode”) is an abbreviation for “change mode” and is a command used in Linux and Unix-like operating systems to change the access permissions (permissions) of files and directories.
By using this command, you can flexibly control “who can do what operations (read, write, execute).”

Properly setting file and directory permissions is crucial not only for ensuring security but also for preventing troubles with file sharing and execution.

Basic Syntax of chmod

chmod [options] [permissions] filename

For example, it is used as follows:

chmod 644 sample.txt

This command changes the permissions of sample.txt as follows:

-rw-r--r--  1 user group 1234 Apr 13 20:00 sample.txt

• Owner (user): Read and write allowed (rw-)
• Group: Read-only (r–)
• Others: Read-only (r–)

Two Types of Specification: Numeric and Symbolic

There are two ways to specify access permissions with chmod:

• Numeric Specification (Numeric Mode)
• Example: chmod 755 script.sh
• This method specifies permissions numerically for each user type.
• Symbolic Specification (Symbolic Mode)
• Example: chmod u=rw,g=r,o=r file.txt
• This method specifies permissions using symbols r (read), w (write), and x (execute) for u (user), g (group), and o (others).

Both methods can ultimately set the same permissions, but numeric specification is faster for bulk changes, while symbolic specification allows for more flexible modifications. It’s best to use them according to the situation.

Note the Difference Between chmod and chown

The chown command is often confused with chmod.

• chmod: Changes access permissions (permissions)
• chown: Changes the “owner” and “group” of files and directories

Since their purposes are different, it is important to clearly understand the role of each command.

3. Understanding the Meaning of -rw-r–r– by Breaking it Down

Structure of Permission Symbols

When you execute the ls -l command in Linux, file information is displayed in the following format:

-rw-r--r--  1 user group  1234 Apr 13  2025 sample.txt

Among these, the leftmost -rw-r--r-- represents the file’s permissions (access rights). Understanding this allows you to correctly grasp who can perform what operations.

Detailed Explanation of Each Part

① The First Character: File Type

In the case of -rw-r--r--, the initial - indicates that it is a “regular file.”

② Characters 2 to 10: Access Permissions (3 characters × 3 sets)

• Owner (user) → rw-
  → Read (r) and write (w) are permitted, execute (x) is not.
• Group → r--
  → Read-only. Write and execute are not permitted.
• Others → r--
  → Read-only.

Thus, the state is that only the owner can edit, and other users are only allowed to view.

Correspondence with Numeric Notation: Meaning of 644

In Linux, the same permissions can also be represented by numeric (octal) notation.

The numeric notation corresponding to -rw-r--r-- is 644.

This number is derived from the following calculation:

• Read (r) = 4
• Write (w) = 2
• Execute (x) = 1

Therefore, rw- = 4 + 2 = 6, r-- = 4, r-- = 4 → totaling 644.

Why is This Permission Used?

-rw-r--r-- (644) is a permission often used for public files and static files (HTML, CSS, etc.) on web servers.
The reasons are as follows:

• Only the owner can edit → Prevents unintended modifications
• Reading is allowed for other users → Supports file sharing and publication

When used appropriately, it enables file management that balances security and convenience.

4. How to Set -rw-r–r– with chmod [Practical Edition]

Changing Permissions Using the chmod Command

The access permissions of files and directories can be freely changed using the chmod command. For example, if you want to set the state to -rw-r--r--, you just need to set the permission to “644”.

Setting Method with Numeric Specification

Use the format chmod 644 filename.

chmod 644 document.txt

This command changes the permissions of document.txt as follows:

-rw-r--r--  1 user group 1234 Apr 13 20:00 document.txt

• Owner (user): Read and write allowed (rw-)
• Group: Read-only (r–)
• Others: Read-only (r–)

Setting Method with Symbolic Specification

If you want to manipulate permissions more flexibly, symbolic specification is effective.

chmod u=rw,g=r,o=r document.txt

This command is interpreted as follows:

• u=rw → Set read and write permissions for the owner
• g=r → Allow only read permission for the group
• o=r → Allow only read permission for other users

The result is exactly the same as the numeric specification 644.

Points to Note When Applying to Directories

Unlike files, directories require “execute permission (x)” to access their contents.

For example, doing the following may restrict access:

chmod 644 my_folder

With this setting, only read permission is granted, but the operation to “open” the contents of the directory (which requires execute permission) becomes impossible.

Correct Setting Example:

chmod 755 my_folder

• Owner: Read, write, execute
• Group and Others: Read, execute

By doing this, other userswill be able to list the files within the directory.

Changing Permissions Recursively: The -R Option

If you want to change multiple files and subdirectories at once, use the -R (recursive) option.

chmod -R 644 my_folder

This operation applies 644 permissions to all files under my_folder. However, there are points to note with this method.

5. How to Check Permissions with the ls -l Command

How to Check File Permissions?

To check the access permissions (permissions) of files and directories, use the standard Linux command ls -l. This stands for “long listing format” and displays detailed information such as permissions, owner, size, and last modification date.

Basic Usage

ls -l

Executing this command will display output similar to the following:

-rw-r--r--  1 naoya devs  2048 Apr 13 20:00 index.html

Each item has the following meaning:

How to Read the Permissions Column

Let’s focus on the -rw-r--r-- part, which is the main topic of this chapter. This can be broken down as follows:

• The First Character: File Type
• -: Regular file
• d: Directory
• l: Symbolic link
• The Remaining 9 Characters: Access Permissions (3 characters × 3 sets)
• Owner (user): rw- → Read + Write
• Group: r-- → Read-only
• Others: r-- → Read-only

In other words, from this display, you can read that “only the owner can edit this file, and other users can only read it.”

Checking Only Specific Files

If you want to check the permissions of only a specific file, specify the filename.

ls -l index.html

This allows you to check only the target file. It is useful for checking in directories with many files.

Checking Directories is Also Possible

You can also check directories with ls -l. However, if you want to list the contents of the directory, use the -d option together.

ls -ld my_folder

This will display only the permission information for my_folder itself (it will not display the list of files inside).

Managing Safely While Checking Permissions

After setting permissions with chmod, it is recommended to always check the result with ls -l.
If incorrect settings are left in place, they can cause security incidents or unexpected behavior.

Also, if you want to check multiple files at once, you can combine it with a pipe like this:

ls -l | grep '.sh'

This will filter and display only files with the .sh (shell script) extension.

6. How to Check and Change Permissions with GUI Tools (For Beginners)

Options for Those Uncomfortable with Commands

Linux operation is mainly command-line operation using the terminal, but many beginners find the “text-only screen difficult” or are “afraid of making careless mistakes.”
For such people, you can also check and change file permissions using a GUI (Graphical User Interface) method.

Operation in Ubuntu’s File Manager (Nautilus)

Linux distributions such as Ubuntu come standard with a file manager called “Nautilus.” This is a tool equivalent to “File Explorer” in Windows.

How to Check:

1. Right-click on the target file or directory
2. Select “Properties”
3. Open the “Permissions” tab (may be displayed as “Access Rights” depending on the version)

What you can do here:

• Check and change the owner and group (administrator privileges required)
• Switch read, write, and execute permissions
• Changes to access permissions are applied immediately

In the GUI, instead of symbols like rw- and r--, easy-to-understand expressions such as “Read only” and “Read and Write” are displayed, so even beginners can operate with peace of mind.

WinSCP (SFTP Client for Windows Users)

When connecting to a remote Linux server from Windows, you can set permissions on the GUI using an SFTP client called WinSCP.

Operating Procedure:

1. Log in to the server with WinSCP
2. Right-click on the desired file → “Properties”
3. Change the numeric value (e.g., 644) or checkboxes in “Access Rights (Permissions)”
4. Click “OK” to apply

Merits:

• You can check with both numeric and symbolic representations
• Recursive permission changes are also possible via the GUI (for directories)

Note:

• Files requiring root privileges may not be changeable without sudo privileges

[https://winscp.net/eng/index.php](https://winscp.net/eng/index.php)

FileZilla (Cross-Platform SFTP Client)

You can also change permissions in the same way with the SFTP client “FileZilla,” which can be used on Mac and Linux as well.

Procedure:

1. After connecting to the server, right-click on the relevant file
2. Select “File permissions…”
3. Set with checkboxes or numeric values and click “OK” to apply

Advantages and Disadvantages of GUI Operation

Advantages:

• Beginners are less likely to make mistakes
• Changes can be visually confirmed immediately
• Easy to handle even for those unfamiliar with commands

Disadvantages:

• Depending on server settings and environment, changes may not be possible with GUI tools
• The displayed status and actual reflection may differ, so it is recommended to use ls -l for confirmation in conjunction

[https://filezilla-project.org/](https://filezilla-project.org/)

7. Notes and Troubleshooting for chmod Settings

Doesn’t Work Even Though You Think You Set It Correctly? What Could Be the Reason?

After changing access permissions with the chmod command, it may not work as expected. In most cases, this is due to permission setting errors or misunderstandings of permissions.
Here, we will introduce common troubleshooting examples in practice and their solutions.

Causes and Solutions for “Permission denied” Error

Symptom:

bash: ./script.sh: Permission denied

Cause:

• The file you are trying to execute does not have “execute permission (x)” granted

Solution:

chmod +x script.sh

Or, if using numeric specification:

chmod 755 script.sh

It is important to note that “you can read and write, but you cannot execute.”

Cannot Access Directory Without Execute Permission

If you set chmod 644 for a directory, you may not be able to read its contents.

Reason:

• “Execute permission (x)” for a directory is essential to be able to “enter” and “see the contents.”

Example:

chmod 644 my_folder
ls my_folder

→ In the above case, you may not be able to display the contents and an error may occur.

Solution:

chmod 755 my_folder

Pitfalls of Recursive Changes (-R)

While chmod -R is convenient, it applies the same permissions to both files and directories, which can lead to unexpected problems.

Common Failure Example:

chmod -R 644 /var/www/html

→ The directory loses execute permission, and you cannot access its contents.

Correct Usage:

# Directories with execute permission
find /var/www/html -type d -exec chmod 755 {} \;

# Files with 644
find /var/www/html -type f -exec chmod 644 {} \;

Combination Errors with Owner and Group

In addition to chmod, you also need to pay attention to the file’s “owner (user)” and “group.”
For example, if the apache user needs to read a file, but the owner is a general user and other users do not have read permission, web display will fail.

Solution:

• Change owner: sudo chown www-data:www-data index.html
• Grant group permission: chmod 640 index.html (if the group is appropriate)

777 is Dangerous! The Risk of Overly Permissive Permissions

Some people may think, “If it doesn’t work, just set it to 777,” but this is a very dangerous practice.

Reason:

• Anyone can read, write, and execute
• Increases the risk of tampering by third parties and malicious use of scripts

Recommended Basic Rules:

• Files: 644 or 600
• Directories: 755 or 700
• Scripts and Binaries: 755 (as needed)

8. Usage Examples and Common Scenarios

How is chmod Permission Setting Used in Real-World Situations?

The chmod command and the -rw-r--r-- access permission introduced so far are frequently used in actual server operation and development environments.
Here, through three typical scenarios, let’s see how permission settings are utilized.

1. Managing HTML Files on a Web Server

Scenario:
When you publish HTML files on a web server such as Apache or Nginx, the permissions set for those files are usually -rw-r--r-- (644).

chmod 644 index.html

Why 644?

• The owner (web administrator) needs to make changes → Write permission (w)
• The web server (www-data, etc.) only needs to read → Read permission (r)
• There is no need to allow other users to write

With this setting, you can securely publish web content with the minimum necessary permissions.

2. Granting Execute Permission to Script Files

Scenario:
You created your own shell script backup.sh, but when you try to execute it, you get “Permission denied.”

chmod 755 backup.sh

Meaning of This Setting:

• The owner can read, write, and execute (rwx)
• Group and others can read and execute (rx)

This allows other users to execute the script while only the owner can edit it.

3. Restricting Read Access to Confidential Files

Scenario:
You are managing secrets.txt, which contains API keys and passwords. You don’t want anyone other than yourself to see it.

chmod 600 secrets.txt

Meaning of This Setting:

• Only the owner can read and write (rw-)
• Group and others have no access (—)

This is a very important setting from a security perspective, and it is best practice to always manage private information with 600 or 400 (read-only).

4. Sharing Directories Securely

Scenario:
You are creating a shared directory shared_folder that multiple developers will access.

chmod 770 shared_folder

Meaning of This Setting:

• Owner and Group: All permissions (rwx)
• Others: No access (—)

By setting the group to the development team, you can enable secure and efficient collaboration. You can flexibly control the target users by changing the group with the chgrp command.

5. Troubles Due to Incorrect Settings and Avoidance Examples

Scenario:
You accidentally executed chmod -R 777 . and all files became writable.

Recommended Avoidance Measures:

• 常に find でファイル種別を指定してパーミッションを変更
• 変更前に ls -l で権限を確認しておく
• test 用の仮環境で先に試す

9. FAQ

Q1. What is the difference between chmod 644 and -rw-r–r–?

A. They are different ways of representing the exact same thing.

• chmod 644: A command to set permissions numerically.
• -rw-r--r--: The symbolic notation you see after setting permissions, for example, with ls -l.

Both indicate a state where the owner has read and write permissions, and everyone else has read-only permission.

Q2. What happens if a file doesn’t have execute permission?

A. You will get an error if you try to run scripts or binaries directly.

For example, to execute .sh or .py files, execute permission (x) is necessary. Without it, you will see an error like this:

bash: ./script.sh: Permission denied

Solution:

chmod +x script.sh

Q3. Is it okay to set a directory to 644?

A. Generally, it is not appropriate.

Directories require “execute permission (x)”. Without execute permission, you cannot access the files inside the directory.

Correct Setting:

chmod 755 directory_name

Q4. What are the most common permission settings?

A. Here are some common permission settings and their uses:

• 644 (-rw-r–r–): For most static files like HTML, CSS, images. Allows the owner to read and write, and everyone else to read.
• 755 (-rwxr-xr-x): For directories and executable scripts. Allows the owner to read, write, and execute; and everyone else to read and execute (but not write).
• 600 (-rw——-): For sensitive files that only the owner should be able to read and write.
• 700 (-rwx——): For private directories that only the owner should be able to access.

Q5. How can I change the owner or group of a file?

A. You can use the chown command to change the owner and the chgrp command to change the group.

Example to change the owner:

sudo chown new_owner filename

Example to change the group:

sudo chgrp new_group filename

You may need sudo for these commands as they often require administrative privileges.

Q6. Are file permissions the same on all operating systems?

A. No, file permissions can differ significantly between operating systems.

Linux and Unix-like systems have a detailed permission system based on user, group, and others, with read, write, and execute permissions. Windows, on the other hand, uses a different system based on Access Control Lists (ACLs) which are more granular and can define permissions for specific users and groups in a more detailed way.

10. Conclusion

Understanding and correctly setting file permissions in Linux is a fundamental skill for anyone managing a server or working with the system. While the -rw-r--r-- notation and the chmod command might seem daunting at first, grasping the basic concepts will significantly enhance your ability to maintain a secure and well-organized system.

By understanding the different types of permissions, how to interpret the symbolic and numeric notations, and how to use the chmod command effectively, you can ensure that your files and directories are protected and accessible only to the intended users.

Remember to always double-check your permission settings with the ls -l command and be cautious when using recursive options. With practice, managing file permissions will become a natural and essential part of your workflow.