Lesson 6.2

File Permissions & chmod

7 minutes

Linux cares deeply about who is allowed to do what with each file. This system is called file permissions, and once you understand it, you’ll be able to read those mysterious permission strings that ls -l shows you.

Reading the Permission String

When you run ls -l, you see something like this:

-rwxr-xr-x  1 user  staff  2048 Mar 01 10:30 deploy.sh
drwxr-xr-x  5 user  staff   160 Mar 01 10:30 scripts

That first column — -rwxr-xr-x — is the permission string. Let’s break it down.

The First Character

The very first character tells you what type of thing this is:

- means it’s a regular file
d means it’s a directory

The Next Nine Characters

The remaining nine characters come in three groups of three:

rwx  r-x  r-x
^^^  ^^^  ^^^
 |    |    |
 |    |    └── Others (everyone else)
 |    └─────── Group (users in the same group)
 └──────────── Owner (the user who owns the file)

Each position means:

r = read (can view the contents)
w = write (can modify the contents)
x = execute (can run it as a program)
- = that permission is not granted

So -rwxr-xr-x means:

It’s a regular file (-)
The owner can read, write, and execute (rwx)
The group can read and execute, but not write (r-x)
Others can read and execute, but not write (r-x)

Try it now:

ls -l ~/projects/my-app/scripts/deploy.sh

Read the permission string. Who can do what with this file?

Reading permissions at a glance: The nine characters after the first are always in the same order: owner, group, others. Each group is always read, write, execute. A dash means "no" for that permission.

chmod – Changing Permissions

The chmod command changes file permissions. You’ll use it most often to make a file executable.

Making a File Executable

The most common use case:

chmod +x script.sh

This adds execute (x) permission for everyone — owner, group, and others. Before this command, you might not be able to run the script. After it, you can.

Try it now:

ls -l ~/projects/my-app/scripts/deploy.sh
chmod +x ~/projects/my-app/scripts/deploy.sh
ls -l ~/projects/my-app/scripts/deploy.sh

Compare the permission strings before and after. You should see x appear where it wasn’t before.

Numeric Permissions

You’ll sometimes see permissions expressed as numbers:

chmod 755 deploy.sh

Each digit represents one group (owner, group, others), and the number is a sum:

4 = read
2 = write
1 = execute

So 755 means:

Owner: 7 (4+2+1) = read + write + execute
Group: 5 (4+0+1) = read + execute
Others: 5 (4+0+1) = read + execute

That’s the same as rwxr-xr-x — the most common permission set for scripts and programs.

Here are the numbers you’ll see most often:

Number	Permission	Meaning
`755`	`rwxr-xr-x`	Owner full access, others read and execute
`644`	`rw-r--r--`	Owner read/write, others read only
`700`	`rwx------`	Owner full access, no one else

Warning about chmod 777: The number 777 means everyone can read, write, and execute the file. AI tools sometimes suggest this as a quick fix for permission errors. Don't use it. It's a security risk because it lets any user on the system modify and run that file. Use 755 or 700 instead.

When AI Tools Use chmod

AI coding tools frequently run chmod commands, especially:

After creating a script: chmod +x build.sh — making it runnable
Fixing “permission denied” errors: when a script won’t execute, chmod is usually the fix
Setting up project tooling: deployment scripts, git hooks, and CI scripts all need execute permissions

When your AI tool runs chmod +x something.sh, it’s simply saying “make this file runnable.” That’s a safe and normal operation. But if it suggests chmod 777, pause and ask why — there’s almost always a better option.

Practice

Try these commands in the terminal:

ls -l ~/projects/my-app/scripts/deploy.sh – read the current permissions
chmod +x ~/projects/my-app/scripts/deploy.sh – make it executable
ls -l ~/projects/my-app/scripts/deploy.sh – see how the permissions changed