Debian GNU/Linux : Guide to Installation and Usage - John Goerzen; Ossama Othman

In addition to being owned by one user and one group, every file and directory also has a mode, which determines who’s allowed to read, write, and execute the file (and run it, if it’s a program). There are a few other things also determined by the mode, but they’re advanced topics so we’ll skip them for now.

The mode looks like this in the ls output: -rw-r-r-. For now, we’ll consider nine of these parts: those that control read, write, and execute permissions for the user owning the file, the group owning the file, and others (everyone on the system, sometimes called world).

In the mode line, the first “element” gives the file type. The - in this case means it’s a regular file. If it was d, we’d be looking at a directory. There are also other possibilities too complex to go into here; for details, see section 13.2.2 on page [*].

The remaining nine elements are used to display the file’s mode. The basic 9 bits (read, write, and execute for user, group, and other) are displayed as three blocks of rwx.

So if all permissions are turned on and this is a regular file, the mode will look like this: -rwxrwxrwx. If it was a directory with all permissions turned off for others and full permissions for user and group, it would be drwxrwx--.

Table 7.1: Permissions in Linux
+------------------------------------------------------------------------------+
| Code | Name | Allows for Files | Allows for Directories |
|------+---------+--------------------------+----------------------------------|
| r | read | Examine contents of file | List contents of directory |
|------+---------+--------------------------+----------------------------------|
| w | write | Modify file | Add or remove files in directory |
|------+---------+--------------------------+----------------------------------|
| x | execute | Run as a command | Access files in directory |
+------------------------------------------------------------------------------+

Table 7.1 describes the meaning of the read, write, and execute permissions for both files and directories.

Directory modes can be a little confusing, so here are some examples of the effects of various combinations:

The user, group, or other with these permissions may list the contents of the directory, but can do nothing else. The files in the directory can’t be read, changed, deleted, or manipulated in any way. The only permitted action is reading the directory itself, that is, seeing what files it contains.