Definition
File permissions are the Unix access-control system that gates every read, write, and execute operation against three classes of identity: the file's owning user, the file's owning group, and everyone else. Each class gets three independent bits, yielding nine bits per file expressed compactly as the familiar rwxrwxrwx string from ls -l or the three-octal-digit number passed to chmod (754, 600, 777).
The same nine-bit pattern applies uniformly because under Unix every resource is a file — a regular document, a directory, a device node, a pipe. The kernel checks permissions on every open call before granting a descriptor, so the model controls not just storage but device access, process inspection, and inter-process communication.
Why it matters
How it works
Every file's inode stores its owner UID, group GID, and a sixteen-bit mode field whose lower nine bits are the rwx triplets and whose upper bits hold the suid, sgid, and sticky flags plus the file type. When a process attempts to open a file, the kernel compares the process's effective UID and GID against the file's owner and group. If the UID matches, the user triplet applies. If not, the kernel checks group membership; if any of the process's groups match the file's group, the group triplet applies. Otherwise the other triplet applies. Note that only one triplet ever applies — a permission denied to user is denied even if other has it.
The model has well-known limits. It cannot grant access to multiple groups (one group per file), it cannot express deny rules, and it cannot give specific users different permissions without changing group membership. Modern Linux supplements it with POSIX ACLs (extended attributes via setfacl) and Linux capabilities (fine-grained privileges that replace blanket root) for cases the nine-bit model cannot handle. But for everyday use, the original triplet system covers most needs with minimal complexity.