File Permissions in Linux
By Pooja | 22nd July 2025
Introduction
DevOps, security, automation, and collaboration are key priorities. Whether you’re deploying infrastructure, configuring build pipelines, or running containerized applications, managing file permissions is crucial. Incorrect permissions can lead to security vulnerabilities, deployment failures, or system crashes.
Linux and Unix-based systems use a robust permission system to control access to files and directories. DevOps engineers must be proficient in reading, modifying, and enforcing file permissions across environments to ensure safe and predictable operations.
This guide explores file permission concepts, commands, and best practices from a DevOps perspective, empowering engineers to build secure and efficient systems.
Why File Permissions Matter in DevOps
In DevOps, teams work across environments, servers, and automation tools. Misconfigured file permissions can result in:
- Unauthorized access to sensitive files
- Broken CI/CD pipelines
- Build failures due to lack of script execution rights
- Privilege escalation attacks
- Configuration drifts in automated provisioning
Proper file permission management ensures that:
- Users and services only access what they need (least privilege)
- Systems behave consistently across environments
- Logs, secrets, and executables are protected
Understanding Linux File Permissions
Each file or directory in Linux has associated permissions and ownership. These define who can read, write, or execute the file.
Run:
bash
CopyEdit
ls -l
Example:
bash
CopyEdit
-rwxr-xr– 1 devops team 1542 Jul 6 file.sh
Breakdown:
- -: Type (- for file, d for directory)
- rwx: Owner permissions
- r-x: Group permissions
- r–: Others’ permissions
Permission types:
Symbol | Permission | Description |
r | Read | View file contents |
w | Write | Modify contents |
x | Execute | Run as a program |
File Ownership: Users and Groups
Every file is owned by:
- A user (owner)
- A group (shared access for team members)
You can check the owner and group with ls -l.
To view current user:
bash
CopyEdit
whoami
To change file owner:
bash
CopyEdit
chown user file.txt
To change group:
bash
CopyEdit
chgrp devops file.txt
File Permission Symbols and Numeric Values
Permissions can be expressed in:
Symbolic Form
bash
CopyEdit
chmod u+x file.sh  # Add execute for user
chmod g-w file.sh  # Remove write for group
chmod o=r file.sh  # Others get only read
Numeric Form
Each permission has a binary value:
- Read = 4
- Write = 2
- Execute = 1
Combined:
User Type | Value |
rwx | 7 |
rw- | 6 |
r– | 4 |
bash
CopyEdit
chmod 755 file.sh
Means:
- Owner: rwx (7)
- Group: r-x (5)
- Others: r-x (5)
Changing Permissions: chmod
Change file or directory permissions:
bash
CopyEdit
chmod 644 file.txt   # Read/write for owner, read-only for others
chmod +x script.sh   # Add execute permission
chmod -R 755 /app    # Recursive change
Common values:
- 755: Owner full access, others read/execute
- 700: Owner-only access
- 644: Owner read/write, others read
- 600: Private files like SSH keys
Changing Ownership: chown and chgrp
chown: Change file owner
bash
CopyEdit
chown devops file.txt
chown devops:team file.txt  # Change owner and group
chgrp: Change group only
bash
CopyEdit
chgrp team file.txt
Recursive:
bash
CopyEdit
chown -R devops:team /var/www
Use during deployment or provisioning to assign correct ownerships to configs and apps.
Special Permission Types: SUID, SGID, Sticky Bit
SUID (Set User ID)
Executes the file with the permissions of the file’s owner.
bash
CopyEdit
chmod u+s script.sh
Useful for programs needing temporary elevated privileges.
SGID (Set Group ID)
Files created in that directory inherit the group.
bash
CopyEdit
chmod g+s /data/shared
Sticky Bit
Only file owners can delete their files in a directory.
bash
CopyEdit
chmod +t /tmp
Useful for shared directories.
Recursive Permission Changes
To apply changes to all files/directories inside a folder:
bash
CopyEdit
chmod -R 755 /var/www
chown -R devops:team /opt/tools
Use with caution—recursive commands can easily break system functionality if misused.
Permissions and CI/CD Pipelines
Permissions impact:
- Script execution (chmod +x deploy.sh)
- Accessing keys (chmod 600 ~/.ssh/id_rsa)
- Temporary files and logs (chmod 666 /tmp/*.log)
- Artifact folders and build caches
Example in GitHub Actions or Jenkins:
yaml
CopyEdit
– run: chmod +x ./build.sh
– run: ./build.sh
Set proper permissions before running scripts or accessing files.
File Permissions in Containers and Cloud Environments
In Docker and Kubernetes:
- Mount volumes with correct UID/GID
- Use USER directive in Dockerfiles
- Ensure secret files (config.yaml, .env) are 600
- In cloud VMs, user-data scripts must run with chmod +x
Cloud storage (like AWS S3 or Azure Blob) also supports access control, though permission models differ from Unix.
Automating Permission Management in DevOps
Use configuration management tools:
Ansible
yaml
CopyEdit
– name: Set permissions
 file:
   path: /opt/app/run.sh
   mode: ‘0755’
   owner: devops
   group: team
Terraform / Cloud-Init
Use startup scripts to chmod or chown files in cloud infrastructure.
Shell Scripts
bash
CopyEdit
#!/bin/bash
chown devops:team /data/*
chmod 640 /data/*
Schedule with cron or run on deploys.
Best Practices for File Permissions
- Follow principle of least privilege
- Avoid 777 (full access to everyone)
- Set SSH key permissions to 600
- Make config files readable only by needed services
- Use sticky bits on shared folders like /tmp
- Track permission drift using tools like Auditd or Tripwire
- Automate permission setting during deployments
Common Mistakes and Troubleshooting
Permission Denied
- File lacks execute bit → chmod +x script.sh
- Owned by root → sudo chown user
- Directory has no x → chmod +x /path
Script Doesn’t Run
- Wrong shebang line → Ensure #!/bin/bash
- No execute permission → chmod 755 script.sh
Logs Not Written
- Directory is not writable → chmod 775 /var/log/app
Conclusion
File permissions are a cornerstone of system security and operational reliability in DevOps. They control who can access, modify, and execute files—ensuring that your environments remain secure, predictable, and stable.
By mastering tools like chmod, chown, chgrp, and understanding special permission types, DevOps engineers can automate deployment processes, secure sensitive assets, and prevent many common runtime issues.
In modern DevOps workflows—across CI/CD, containers, and cloud—permission management isn’t just a system admin task; it’s a critical part of infrastructure as code. With the right approach and automation, file permissions become an enabler of security and efficiency.