A Mental Model for Linux Permissions: rwx and owner/group/other

2026-06-06 Reading time: About 11 min Difficulty: Beginner

Does the Permission String Look Like a Spell?

You run ls -l, and there it is at the start of each line: a string like -rw-r--r--. "What is this code supposed to mean?" That string is the file's permissions—the rules for who is allowed to do what with the file.

It looks cryptic, but it is really just two simple axes side by side: who and what they can do. In this guide, Lina and Linny-senpai build an intuitive mental model from owner / group / other and the rwx (read / write / execute) bits. By the end, you'll glance at -rwxr-xr-- and instantly know what it grants.

What You'll Learn

That permissions decide "who" can do "what" to a file
The meaning of owner, group, and other
The meaning of r (read), w (write), and x (execute)
How to read the first 10 characters of ls -l
How rwx means something different for directories
How numeric modes like 755 and 644 map to rwx

1. Why Do Permissions Exist?

Conclusion: Permissions are the rule for "who may do what to this file." They stop others from reading or breaking your files without permission.

Lina: Linny-senpai, what's that -rw-r--r-- at the start of each ls -l line? I've been pretending I don't see it...

Linny-senpai: Those are "permissions"—the access rights for a file. They decide "who" is allowed to do "what" to it.

Lina: Who, and what?

Linny-senpai: Right. Linux was built assuming one machine is shared by many people. So you need fine-grained control: "no one else should overwrite my files, but reading is fine." That control is the permission setting.

Lina: I see. It's like how tightly each file is locked.

Permissions = a "who" × "what" table

Permissions look hard, but they're built from just two axes.

Who: owner / group / other
What: r (read) / w (write) / x (execute)

Once you grasp this 3 × 3 grid, you can decode any permission string.

2. What Are owner / group / other?

Conclusion: Permissions are set for three parties: owner (the file's owner), group (members of its group), and other (everyone else).

Lina: Let's start with the "who" axis.

Linny-senpai: "Who" splits into three groups: owner, group, and other.

Lina: Like three characters in a story?

Linny-senpai: Nice way to put it. The owner is the person who created the file—the owner. The group is the set of people in the group assigned to the file. And other is everyone who is neither of those.

Lina: In terms of an office document...?

Linny-senpai: Exactly that. The owner is you, who wrote the document; the group is your team; other is people outside the company. For the same document you might want "I can edit," "my team can view," "outsiders can't touch it." Same idea.

Class	Short name	Who it refers to
`owner`	u	The person who owns the file
`group`	g	Members of the file's group
`other`	o	Everyone who is neither of the above

The three are abbreviated u / g / o

In commands like chmod, owner is written u (user), group is g, and other is o. Write a (all) to mean all three at once. You'll use this shorthand later in forms like chmod u+x, so keep it in the back of your mind.

3. What Do r, w, and x Mean?

Conclusion: r is read, w is write (change), and x is execute. You grant these three permissions to each of the three parties.

Lina: Now the "what" axis—the rwx part.

Linny-senpai: Right. Each of the three letters is one action. r is read, w is write (change), and x is execute.

Lina: What does "execute" mean here?

Linny-senpai: The right to "run" a program or script. To run script.sh, the file needs the x bit, or it won't run. A plain text note, on the other hand, usually doesn't need x.

Lina: Read, write, run. Just three—I think I can remember that.

Symbol	English	Meaning
`r`	read	Read contents / list entries
`w`	write	Change contents / add, delete
`x`	execute	Run it / enter it

Missing permissions show up as -

Within rwx, any permission that isn't granted appears as - (a hyphen) in that position. So r-- means "read only; no write, no execute." rw- means "read and write, but no execute." Think of - as an empty seat: "no permission here."

4. How Do You Read the First 10 Characters of ls -l?

Conclusion: The first 10 characters are "1 type character + owner's rwx + group's rwx + other's rwx." Read them in blocks of three.

Lina: Here's the main event. I want to be able to read -rw-r--r--!

Linny-senpai: Let's break it apart. Those 10 characters are one leading character plus "3 characters × 3 blocks."

Lina: So you split them three at a time.

Linny-senpai: Right. The first character is the file type (- for a regular file, d for a directory). Split the remaining nine into three, and from left to right you get the permissions for owner, group, and other. It's exactly the "who × what" grid from before.

Split -rw-r--r-- and it reads like this:

-  rw-  r--  r--
↑   ↑    ↑    ↑
type owner group other

Leading -: a regular file (d would be a directory)
rw-: owner can read r, write w, but not execute -
r--: group can only read r
r--: other can also only read r

In other words, "the owner can read and write, but everyone else can only read"—a very common setting for config files.

Let's check it for real.

ls -l memo.txt

-rw-r--r-- 1 lina staff 42 Jun  6 10:00 memo.txt

A template for reading the 10 characters

1st character: - (file) or d (directory)
Characters 2–4: the owner's rwx
Characters 5–7: the group's rwx
Characters 8–10: the other's rwx

When in doubt, chant "type, me, team, everyone else" as you split into threes.

Read columns 3 and 4 of ls -l together

After the permission string, the lina staff part shows the owner name and group name. -rw-r--r-- only means something once you pair it with these owner and group names. Get into the habit of reading the names next to the permission string, not just the string itself.

5. Does rwx Mean the Same Thing for Directories?

Conclusion: No. For directories, r lists the contents, w adds or deletes files, and x lets you enter (cd into) it.

Lina: Directories also have rwx. Does it mean the same as for files?

Linny-senpai: Good eye. It actually shifts a bit. A directory is a "box that holds files," so the target of each action becomes the box itself.

Lina: Read, write, execute on a box...?

Linny-senpai: In order: r means "you can list the file names in the box," w means "you can add or remove files in the box," and x means "you can enter the box (cd into it)."

Lina: So x becomes "enter" instead of "execute."

Linny-senpai: That's the tricky part. Without x on a directory, you can't cd into it even if it has contents, and you can't reach the files inside. That's why directories usually have the x bit set.

Bit	For a file	For a directory
`r`	Read the contents	List the file names inside
`w`	Change the contents	Add or delete files
`x`	Run the program	Enter (`cd`) / access the contents

Removing x from a directory locks you out even when it has contents

If you strip x from a directory, cd fails with Permission denied. When "the file should be there but I can't open it," the cause is often a missing x on the directory side. See Fixing Permission denied for details.

6. What Are Numbers Like 755 and 644?

Conclusion: They are rwx written as numbers. Add up r=4, w=2, x=1, and write three digits in owner / group / other order.

Lina: I also see numbers like chmod 755 or 644. What are those?

Linny-senpai: They're rwx written as numbers—the same permissions, just expressed shorthand with digits instead of letters.

Lina: How do you convert them?

Linny-senpai: You give each permission a score: r is 4, w is 2, x is 1. Add up the scores of the granted permissions, and that's the digit for that position.

Lina: So rwx would be...?

Linny-senpai: 4 + 2 + 1 = 7. rw- is 4 + 2 = 6. r-- is 4. Line up three of these in owner / group / other order and you get a three-digit number like 644.

rwx	Sum	Digit
`rwx`	4 + 2 + 1	`7`
`rw-`	4 + 2	`6`
`r-x`	4 + 1	`5`
`r--`	4	`4`
`---`	0	`0`

So 644 means rw-r--r-- (owner=6, group=4, other=4), and 755 means rwxr-xr-x (owner=7, group=5, other=5).

chmod 644 memo.txt
ls -l memo.txt

-rw-r--r-- 1 lina staff 42 Jun  6 10:00 memo.txt

Just memorize these two first

644 (rw-r--r--): a normal file. Owner reads and writes; others read only.
755 (rwxr-xr-x): a script or directory. Owner does everything; others read and execute (enter).

These two cover most everyday cases. For the finer points of numeric versus symbolic modes, dig into chmod Numeric and Symbolic Modes.

7. How Do You Try It Hands-On?

Conclusion: The fastest way to make it stick is to actually type ls -l and chmod in a terminal.

Lina: I think I get it in my head, but I'm not confident yet...

Linny-senpai: Permissions stick faster when you "change and check" rather than just "look and memorize." Change a permission with chmod, then watch how ls -l changes—it clicks fast.

Lina: Isn't it scary to break things in my own environment?

Linny-senpai: Make a practice file and you'll be fine. If you're still nervous, use a playground you can try in the browser.

chmod u+x script.sh
ls -l script.sh

-rwxr--r-- 1 lina staff 18 Jun  6 10:05 script.sh

With u+x (add execute for the owner), you can see rw- change to rwx.

Type ls -l and chmod over and over in the Penguin Gym Linux terminal and watch how the display changes. Once you feel "change the number → the string changes," permissions stop being scary.

Summary

Permissions decide "who" can do "what" to a file
Who: owner (owner) / group (teammates) / other (everyone else)
What: r (read) / w (write) / x (execute, or enter for directories)
The first 10 characters of ls -l are "type + owner + group + other," three at a time
Numeric mode adds r=4, w=2, x=1; learn 644 and 755 first