Close-up view of a mouse cursor over digital security text on display.

Linux File Permissions: The Interview Question Everyone Gets Wrong

/ Homelab Builds, Linux Fundamentals, Uncategorized / By

The Question That Ends Interviews

“What does 755 mean?”

I’ve seen candidates with impressive CVs stumble on this. They know Linux, they’ve used chmod, but they can’t explain what the numbers actually mean. Interview over.

File permissions are the foundation of Linux security. Every file, every directory, every script you run is governed by permissions. Get this wrong, and you create security vulnerabilities. Get this right, and you demonstrate the security thinking that senior roles require.

This isn’t going to be a dry manual page recitation. This is how permissions actually work, why they matter, and how to answer every interview question about them.

Reading Permission Strings

When you run ls -la, you see something like this:

-rwxr-xr-x 1 www-data www-data 4096 Dec 20 10:30 script.sh
drwxr-xr-x 2 root     root     4096 Dec 20 10:30 configs/

Let’s break down -rwxr-xr-x:

Position Characters Meaning
1 - File type (-=file, d=directory, l=link)
2-4 rwx Owner permissions
5-7 r-x Group permissions
8-10 r-x Others (everyone else) permissions

Each permission means:

Letter For Files For Directories
r Read the file contents List directory contents
w Modify the file Create/delete files in directory
x Execute as program Enter the directory (cd into it)
- Permission not granted Permission not granted

Key insight: Directory permissions work differently than file permissions. You need x on a directory just to cd into it, even if you have r.

Octal Notation: The Interview Favourite

Here’s the part everyone struggles with. Each permission has a numeric value:

Permission Value
Read (r) 4
Write (w) 2
Execute (x) 1
None (-) 0

Add them up for each category:

Permission Calculation Result
rwx 4+2+1 7
rw- 4+2+0 6
r-x 4+0+1 5
r-- 4+0+0 4
--- 0+0+0 0

So 755 means:

  • Owner: 7 (rwx) – full access
  • Group: 5 (r-x) – read and execute
  • Others: 5 (r-x) – read and execute

Memory trick: 4-2-1 is like binary. r=100, w=010, x=001. Add them together.

Common Permission Patterns

Memorise these—they come up constantly:

Octal String Use Case
755 rwxr-xr-x Scripts, executables, directories (standard)
644 rw-r--r-- Regular files, configs (owner can edit, others can read)
600 rw------- Private files (SSH keys, secrets)
700 rwx------ Private directories, scripts
777 rwxrwxrwx Never use this. Ever. Security nightmare.
750 rwxr-x--- Group access, no public access
640 rw-r----- Sensitive configs (group can read)

chmod: Changing Permissions

Octal Method

# Set exact permissions
chmod 755 script.sh
chmod 644 config.ini
chmod 600 private_key

Symbolic Method

# Add execute for owner
chmod u+x script.sh

# Remove write for group and others
chmod go-w file.txt

# Set read for everyone
chmod a+r public.txt

# Multiple changes
chmod u+rwx,go+rx script.sh
Symbol Meaning
u User (owner)
g Group
o Others
a All (u+g+o)
+ Add permission
- Remove permission
= Set exactly

Recursive Changes

# Apply to directory and all contents
chmod -R 755 /var/www/html/

# Better: different perms for files and directories
find /var/www/html -type d -exec chmod 755 {} \;
find /var/www/html -type f -exec chmod 644 {} \;

Production warning: Be very careful with recursive chmod. I’ve seen people accidentally chmod -R 777 / and destroy systems. Always double-check the path.

chown: Changing Ownership

# Change owner
sudo chown nginx /var/www/html/index.html

# Change owner and group
sudo chown nginx:www-data /var/www/html/index.html

# Change group only
sudo chown :www-data /var/www/html/index.html

# Recursive
sudo chown -R nginx:www-data /var/www/html/

Ownership matters because permissions are evaluated based on who you are:

  1. If you’re the owner, owner permissions apply
  2. If you’re in the group, group permissions apply
  3. Otherwise, other permissions apply

Real-World Scenarios

Scenario 1: Web Server Files

A web server needs to read files but shouldn’t be able to modify them:

# Files owned by deployer, readable by web server
sudo chown -R deployer:www-data /var/www/html/
sudo find /var/www/html -type d -exec chmod 750 {} \;
sudo find /var/www/html -type f -exec chmod 640 {} \;

# Upload directory where web server needs write access
sudo chmod 770 /var/www/html/uploads/

Scenario 2: SSH Key Permissions

SSH is very picky about permissions. Too loose and it refuses to work:

# .ssh directory
chmod 700 ~/.ssh

# Private keys
chmod 600 ~/.ssh/id_rsa

# Public keys
chmod 644 ~/.ssh/id_rsa.pub

# authorized_keys
chmod 600 ~/.ssh/authorized_keys
  • Interview classic: “SSH says ‘permission denied’ but the key is correct. What do you check?”
  • Answer: permissions on .ssh directory and key files.

Scenario 3: Shared Project Directory

Multiple users need access to the same files:

# Create group
sudo groupadd developers

# Add users to group
sudo usermod -aG developers alice
sudo usermod -aG developers bob

# Set up directory
sudo mkdir /opt/project
sudo chown root:developers /opt/project
sudo chmod 775 /opt/project

# New files inherit group (setgid)
sudo chmod g+s /opt/project

Special Permissions

Beyond the basic rwx, there are special bits:

Setuid (4xxx)

# File runs as the file's owner, not the user running it
chmod 4755 /usr/bin/program
# Shows as: -rwsr-xr-x

The classic example is /usr/bin/passwd—it runs as root even when regular users execute it, because it needs to modify /etc/shadow.

Setgid (2xxx)

# Files in directory inherit the directory's group
chmod 2775 /shared/
# Shows as: drwxrwsr-x

Sticky Bit (1xxx)

# Only owner can delete their files (even with directory write access)
chmod 1777 /tmp
# Shows as: drwxrwxrwt

That’s why you can’t delete other users’ files in /tmp even though it’s world-writable.

Troubleshooting Permission Issues

Systematic Approach

# 1. Check the file permissions
ls -la /path/to/file

# 2. Check who you are
whoami
groups

# 3. Check directory permissions (you need x to traverse)
ls -la /path/to/
ls -la /path/

# 4. Check for ACLs (extended permissions)
getfacl /path/to/file

Common Fixes

Problem Likely Cause Fix
“Permission denied” on script Missing execute bit chmod +x script.sh
Can’t cd into directory Missing execute on directory chmod +x directory/
Web server can’t read files Wrong owner or permissions chown www-data:www-data
SSH refuses to authenticate Key permissions too open chmod 600 ~/.ssh/id_rsa
Can list files but not read them Directory has r+x, files lack r Check file permissions

Interview Questions

  • “What does 755 mean?”
  • Answer: “Owner has read, write, and execute. Group and others have read and execute. Broken down: 7 is 4+2+1 for rwx, 5 is 4+1 for r-x.”
  • “How would you secure a directory containing sensitive configs?”
  • Answer: “I’d set ownership to root or a service account, permissions to 750 or 700 depending on whether a group needs access. For highly sensitive files like database credentials, 600 with ownership by the service that needs them.”
  • “What’s the difference between remove (w on directory) and delete?”
  • Answer: “Write permission on a directory lets you create and delete files within it—even files you don’t own, unless the sticky bit is set. That’s why /tmp has the sticky bit: everyone can write there, but you can only delete your own files.”
  • “A user says they can’t access a file but the permissions look fine. What do you check?”
  • Answer: “Parent directory permissions—they need x on every directory in the path. Then I’d check if they’re in the required group with groups username. Finally, I’d check for ACLs with getfacl.”

The Career Translation

Understanding Level What It Means Role Level
Can use chmod/chown Follow instructions Helpdesk (£25-30k)
Knows octal notation cold Understand the system Junior Sysadmin (£32-38k)
Designs permission schemes Security thinking Mid-level (£40-50k)
ACLs, SELinux, AppArmor Advanced security Senior/Security (£50k+)

Quick Reference

# View permissions
ls -la file

# Change permissions (octal)
chmod 755 script.sh      # rwxr-xr-x
chmod 644 file.txt       # rw-r--r--
chmod 600 secret.key     # rw-------

# Change permissions (symbolic)
chmod u+x script.sh      # Add execute for owner
chmod go-w file.txt      # Remove write for group/others
chmod a+r file.txt       # Add read for everyone

# Change ownership
chown user:group file
chown -R user:group dir/ # Recursive

# Common patterns
chmod 755 directories/    # Standard directory
chmod 644 files           # Standard file
chmod 600 private_keys    # SSH keys, secrets
chmod 700 ~/.ssh          # SSH directory

# Check effective permissions
getfacl file              # Show ACLs
namei -l /path/to/file    # Check path permissions

Next Steps

File permissions are step one of Linux security. To go deeper:

  • ACLs – More granular permissions with setfacl/getfacl
  • SELinux/AppArmor – Mandatory access control systems
  • sudo configuration – Fine-grained privilege escalation
  • umask – Default permissions for new files

Security is a mindset, not a checklist. Understanding permissions is how you start thinking like someone who protects systems, not just uses them.

Part 4 of the Linux Fundamentals series. Next: network troubleshooting commands—because “is it the network?” is always the first question.

Linux Fundamentals Series – Part 4 of 12

Previous: apt Package Management Essentials

Next: Network Troubleshooting Commands

View the full series

Scroll to Top