Chmod Command in Linux + Examples

Last updated: March 15, 2022

In UNIX/Linux systems, each file or directory is associated with 3 types of permissions that control access rights to them. The permissions are read, write and execute. This allows or prevents a user to read a file or write to a file. The execute permission allows a user to run the file as a script or executable.

In this tutorial, we learn about chmod command in Linux.

What is chmod command

Chmod command is used in Linux to change the access permissions of filesystem objects such as files and directories. It is also used to change special flags such as SUID, SGID, and sticky bit.

You can use ls -l command to check the file modes denoted by r,w and x.

Linux File Permissions

In Linux/Unix like operating systems, every file and directory is owned by the user and group. When we talk about Linux file permission it involves file owner, group owner, and permissions.

There are three user based permission groups:

  • owner - The user who owns the file or directory. By default when a user creates a file or directory the same user will become its owner.
  • Group - The group which owns the file or directory. All the members in the group will have the same access permission on the file or directory.
  • Other - The user who is not the owner of file or directory and doest belong to group. This means "everyone" or other way say the "world".

The files and directories ownership can be changed using chown command. To only change the group of files or directories can use chgrp command. The default file and directory permissions are set based on umask.

There are three file permissions types for each file or directory:

  • read
  • write
  • execute

The characters represent for read is r, for write is w, and execute is x.

Read permission

The read permission for a file means the file can be opened and read.

The read permission for a directory (folder) means the user can list the contents of the directory.

Write Permission

The write permission for a file means the file can be altered (changed or modified).

The write permission for a directory means the directory contents can be altered. For example, the user can create a new file, remove or rename files from the directory.

Execute Permission

The execute permission for a file means the file can be executed. For example, the user can execute a program or a shell script file.

The execute permission for a directory means the user can change (cd) to the directory. But this won't allow users to list directory contents.

Special Permission Modes

Other than read, write and execute there are a few special permission modes you can assign on files and directories. The special permission modes are SUID (setUID), SGID (setGID) and sticky bit.

When SUID bit is set on a file, the file always runs as the user who owns the file, not as the user who initiated the program. One example of a Linux command that uses SUID is ls -l /usr/bin/passwd, which gives elevated privileges when run by a normal user.

When SGID is set on a file, the effective group is set to the group of the file. When executing a program, the users will get the file group permissions

The sticky bit is commonly set for directories. Once the sticky bit is set on a directory, then files or directories inside that directory can only be altered by the file owner or root.

How to perform chmod in Linux

Chmod uses either symbolic mode or numerical mode to specify permissions. You need to be root, file owner, or sudo user privileges to change to file permission.

Chmod Change file/directory permissions using numerical mode

Chmod numerical mode is also known as absolute mode. This is the most commonly used method.

The read, write and execute is assigned with a specific numerical number. We use that number or combinations to set permissions on files and directories.

Linux permissions numbers (octal value) are:

r (read) =  4
w (write) =  2
x  (execute) =  1
no permission = 0

Syntax of chmod in numerical mode:

chmod <permission-number> <file-name or directory-name>

The permission number is normally a 3 digit number ( each triplet by an octal mode number ). The first digit represents the owner, the next digit for the group, and the last digit is for others.

For example to set chmod permission for a folder:

chmod 777 hello-programs

Here the first 7 permission means rwx ( 4+2 +1) permissions is given to the owner of the file. 777 means full permission (read, write and execute) is given to the owner, group, and others.

File permissions are arrived at by summing up the octal values in each user class. 

For example, the permissions -rw-rw-r–-  can be represented as shown.

 User ( u ) : rw- = 4+2+0=6

Group ( g ): rw- = 4+2+0=6

Other ( o ): r-- = 4+0+0=4

From the above summation, we come up with the number 664

Let us take another example of a file with the permissions:  -rwxr-xr–x

 User ( u ) : rw- = 4+2+1=7

Group ( g ): rw- = 4+0+1=5

Other ( o ): r-- = 4+0+1=5

In this case, the numerical permission is 755

You can set permissions for user, owner, and others at the same time.

To add special permission such as sticky bit, SUID or SGID we use 4 digits. The first digit is used to set the following special permissions:

SUID = 4
SGID = 2
sticky bit = 1
zero effect = 0

For example to set special permission sticky bit on /tmp directory:

chmod 1777 /tmp

When there are many files and directories you can recursively change permission:

chmod -R 755 directory-name

Chmod Change file/directory permissions using symbolic mode

The chmod symbolic mod is also known as relative mode. The chmod when using symbolic mode uses characters u (owner), g ( group), o ( other) and a ( all users).

Basic Syntax of chmod symbolic mode:

chmod <ugoa><-+=><rwxst> file-name or directory-name

where,

"-" - Removes only the specified permission

"+" - Add permissions to other permissions that already has

"=" - Ignore all permissions and change permissions as specified

For example to set full permission on directory:

chmod u=rwx,g=rwx,o=rwx directory-name

or

chmod ugx+rwx directory-name

or

chmod a+rwx directory-name

Chmod Recursively Change directories and files Permissions

To recursively change file permissions for directories, use the -R or --recursive flags. Here is the syntax for recursively changing directory permissions:

chmod -R MODE filename

For example, to assign the numeric permission mode 755 to the subdirectories and files in the /var/www directory, run the following command:

sudo chmod -R 755 /var/www/html

In symbolic notation, this can be represented as follows:

chmod -R u=rwx,og=rx /var/www/html

All the files and subdirectories in the specified directory path will inherit the permissions assigned to the directory.

Change Permissions on Multiple files

There are occasions where you would want to change directory or files permissions in bulk. 

find /path/to/directory -type d -exec chmod mode {} \;
find /path/to/directory -type f -exec chmod mode {} \;

For example, the change the directory's permissions in the /usr/share/nginx/html  directory path to 755, execute the following command:

find /usr/share/nginx/html -type d -exec chmod 755 {} \;

In symbolic notation, this would be:

find /usr/share/nginx/html -type d -exec chmod u=rwx,og=rx {} \;

Change Permissions using a reference file

Using the --reference=reference_file option, you can transfer file permissions from one file to another. In the syntax shown, the filename ends up having the same file permissions as the reference_file.

chmod --reference=reference_file  filename

Chmod with symbolic links

In most Linux systems symbolic link permission is not much cared. Typically, changing the file permissions on symbolic links alters the file permissions of the file that it points to, and not the symbolic link itself.

In some systems, if you need to change the permission of symbolic, type:

chmod 644 symlink

Useful Chmod command examples

Let check some more examples to change permission using chmod command using numerical and symbolic method.

chmod 755 directory-name

This equivalent to chmod u=rwx,go=rx. This set read, write and execute permissions (full permission) for the owner and read and execute permission for others.

chmod +x filename

This equivalent to chmod ugo+x or chmod u+x,g+x,o+x. This set execute permission for the owner, group, and others.

chmod 750  directory-name

This equivalent to chmod u+rwx,g=rx,o=. This set full permission for the owner, read & execute for the group, and no permission for others. 

chmod u+rwx  directory-name

Ignore all permission and set read, write and execute permissions for the owner.

chmod -R 700  directory-name

Recursively set full permission for the owner of the directory

chmod go-rwx filename

Remove read, write and execute permission for group and others to the file

chmod 644 filename

This assigns the read and write permissions for the owner, and only read permission for the file’s group and other users.

chmod g+x filename

Assign group members execute permissions to a file

chmod go-rw  filename

To remove read and write permissions for user and group class for the file.

Conclusion

In this tutorial, we learned about linux chmod command. We have gone through Linux permissions and how to change them.

SHARE

Comments

Please add comments below to provide the author your ideas, appreciation and feedback.

Leave a Reply

Leave a Comment