In UNIX/Linux systems, each file or directory is associated with 3 types of permissions that control access rights to them. The permissions are read, write and execute. This allows or prevents a user to read a file or write to a file. The execute permission allows a user to run the file as a script or executable.
In this tutorial, we learn about chmod command in Linux.
What is chmod command
Chmod command is used in Linux to change the access permissions of filesystem objects such as files and directories. It is also used to change special flags such as SUID, SGID, and sticky bit.
You can use ls -l
command to check the file modes denoted by r,w and x.
Linux File Permissions
In Linux/Unix like operating systems, every file and directory is owned by the user and group. When we talk about Linux file permission it involves file owner, group owner, and permissions.
There are three user based permission groups:
- owner - The user who owns the file or directory. By default when a user creates a file or directory the same user will become its owner.
- Group - The group which owns the file or directory. All the members in the group will have the same access permission on the file or directory.
- Other - The user who is not the owner of file or directory and doest belong to group. This means "everyone" or other way say the "world".
The files and directories ownership can be changed using chown command. To only change the group of files or directories can use chgrp command. The default file and directory permissions are set based on umask.
There are three file permissions types for each file or directory:
- read
- write
- execute
The characters represent for read is r
, for write is w
, and execute is x
.
Read permission
The read permission for a file means the file can be opened and read.
The read permission for a directory (folder) means the user can list the contents of the directory.
Write Permission
The write permission for a file means the file can be altered (changed or modified).
The write permission for a directory means the directory contents can be altered. For example, the user can create a new file, remove or rename files from the directory.
Execute Permission
The execute permission for a file means the file can be executed. For example, the user can execute a program or a shell script file.
The execute permission for a directory means the user can change (cd) to the directory. But this won't allow users to list directory contents.
Special Permission Modes
Other than read, write and execute there are a few special permission modes you can assign on files and directories. The special permission modes are SUID (setUID), SGID (setGID) and sticky bit.
When SUID bit is set on a file, the file always runs as the user who owns the file, not as the user who initiated the program. One example of a Linux command that uses SUID is ls -l /usr/bin/passwd
, which gives elevated privileges when run by a normal user.
When SGID is set on a file, the effective group is set to the group of the file. When executing a program, the users will get the file group permissions
The sticky bit is commonly set for directories. Once the sticky bit is set on a directory, then files or directories inside that directory can only be altered by the file owner or root.
How to perform chmod in Linux
Chmod uses either symbolic mode or numerical mode to specify permissions. You need to be root, file owner, or sudo user privileges to change to file permission.
Chmod Change file/directory permissions using numerical mode
Chmod numerical mode is also known as absolute mode. This is the most commonly used method.
The read, write and execute is assigned with a specific numerical number. We use that number or combinations to set permissions on files and directories.
Linux permissions numbers (octal value) are:
r (read) = 4 w (write) = 2 x (execute) = 1 no permission = 0
Syntax of chmod in numerical mode:
chmod <permission-number> <file-name or directory-name>
The permission number is normally a 3 digit number ( each triplet by an octal mode number ). The first digit represents the owner, the next digit for the group, and the last digit is for others.
For example to set chmod permission for a folder:
chmod 777 hello-programs
Here the first 7 permission means rwx ( 4+2 +1) permissions is given to the owner of the file. 777 means full permission (read, write and execute) is given to the owner, group, and others.
File permissions are arrived at by summing up the octal values in each user class.
For example, the permissions -rw-rw-r–-
can be represented as shown.
User ( u ) : rw-
= 4+2+0=6
Group ( g ): rw-
= 4+2+0=6
Other ( o ): r--
= 4+0+0=4
From the above summation, we come up with the number 664
Let us take another example of a file with the permissions: -rwxr-xr–x
User ( u ) : rw-
= 4+2+1=7
Group ( g ): rw-
= 4+0+1=5
Other ( o ): r--
= 4+0+1=5
In this case, the numerical permission is 755
You can set permissions for user, owner, and others at the same time.
To add special permission such as sticky bit, SUID or SGID we use 4 digits. The first digit is used to set the following special permissions:
SUID = 4 SGID = 2 sticky bit = 1 zero effect = 0
For example to set special permission sticky bit on /tmp directory:
chmod 1777 /tmp
When there are many files and directories you can recursively change permission:
chmod -R 755 directory-name
Chmod Change file/directory permissions using symbolic mode
The chmod symbolic mod is also known as relative mode. The chmod when using symbolic mode uses characters u
(owner), g
( group), o ( other) and a
( all users).
Basic Syntax of chmod symbolic mode:
chmod <ugoa><-+=><rwxst> file-name or directory-name
where,
"-" - Removes only the specified permission
"+" - Add permissions to other permissions that already has
"=" - Ignore all permissions and change permissions as specified
For example to set full permission on directory:
chmod u=rwx,g=rwx,o=rwx directory-name
or
chmod ugx+rwx directory-name
or
chmod a+rwx directory-name
Chmod Recursively Change directories and files Permissions
To recursively change file permissions for directories, use the -R
or --recursive
flags. Here is the syntax for recursively changing directory permissions:
chmod -R MODE filename
For example, to assign the numeric permission mode 755 to the subdirectories and files in the /var/www directory, run the following command:
sudo chmod -R 755 /var/www/html
In symbolic notation, this can be represented as follows:
chmod -R u=rwx,og=rx /var/www/html
All the files and subdirectories in the specified directory path will inherit the permissions assigned to the directory.
Change Permissions on Multiple files
There are occasions where you would want to change directory or files permissions in bulk.
find /path/to/directory -type d -exec chmod mode {} \; find /path/to/directory -type f -exec chmod mode {} \;
For example, the change the directory's permissions in the /usr/share/nginx/html directory path to 755, execute the following command:
find /usr/share/nginx/html -type d -exec chmod 755 {} \;
In symbolic notation, this would be:
find /usr/share/nginx/html -type d -exec chmod u=rwx,og=rx {} \;
Change Permissions using a reference file
Using the --reference=reference_file
option, you can transfer file permissions from one file to another. In the syntax shown, the filename
ends up having the same file permissions as the reference_file
.
chmod --reference=reference_file filename
Chmod with symbolic links
In most Linux systems symbolic link permission is not much cared. Typically, changing the file permissions on symbolic links alters the file permissions of the file that it points to, and not the symbolic link itself.
In some systems, if you need to change the permission of symbolic, type:
chmod 644 symlink
Useful Chmod command examples
Let check some more examples to change permission using chmod command using numerical and symbolic method.
chmod 755 directory-name
This equivalent to chmod u=rwx,go=rx. This set read, write and execute permissions (full permission) for the owner and read and execute permission for others.
chmod +x filename
This equivalent to chmod ugo+x or chmod u+x,g+x,o+x. This set execute permission for the owner, group, and others.
chmod 750 directory-name
This equivalent to chmod u+rwx,g=rx,o=. This set full permission for the owner, read & execute for the group, and no permission for others.
chmod u+rwx directory-name
Ignore all permission and set read, write and execute permissions for the owner.
chmod -R 700 directory-name
Recursively set full permission for the owner of the directory
chmod go-rwx filename
Remove read, write and execute permission for group and others to the file
chmod 644 filename
This assigns the read and write permissions for the owner, and only read permission for the file’s group and other users.
chmod g+x filename
Assign group members execute permissions to a file
chmod go-rw filename
To remove read and write permissions for user and group class for the file.
Conclusion
In this tutorial, we learned about linux chmod command. We have gone through Linux permissions and how to change them.
Comments