What Are File Permissions? Read, Write, Execute
File permissions on Unix control who may read, write, or execute a file, defined for the owner, the group, and everyone else.
Every file on a Unix system carries permissions that decide who can read it, change it, or run it. These are split across three classes: the owner, the group, and others. In CI, permission issues show up as "permission denied" when a checked-out script lacks the execute bit, which is a common stumbling block.
The permission model
Each file has three permission types, read (r), write (w), and execute (x), for three classes: owner, group, and others. A listing like -rwxr-xr-- shows all nine bits at a glance.
What each permission means
- Read: view a file's contents or list a directory.
- Write: modify a file or add/remove entries in a directory.
- Execute: run a file as a program, or enter a directory.
Reading the bits
Permissions are often written as three octal digits, like 755 or 644. Each digit is the sum of read (4), write (2), and execute (1) for one class, so 7 is rwx and 6 is rw-.
The execute bit on scripts
A script needs the execute bit to be run directly with ./script.sh. Without it, you get "permission denied," even though running bash script.sh still works because that bypasses the bit.
Permissions in CI
A common CI failure is a committed script that lost its execute bit, so ./deploy.sh fails with "permission denied." Either commit the file with the execute bit set, or run it explicitly via bash deploy.sh to sidestep the issue.
Executable scripts on managed runners
On Latchkey runners, checked-out files keep the permissions stored in Git. If a script is not executable, set the bit with chmod +x in the step or invoke it through its interpreter directly.
Key takeaways
- File permissions grant read, write, and execute to owner, group, and others.
- They are often written in octal, like 755, summing 4/2/1 per class.
- In CI, a missing execute bit causes "permission denied" on scripts.