Chmod Command in Linux (File Permissions) - DesignLinux

Jun 04 2020
designlinux 0 Comments
Chmod Command in Linux

In Linux systems, the chmod command is used to change the permissions and access mode of files or directories. This article explains how to use chmod command to change the access permissions of files or directories.

File Permissions in Linux

In Unix based systems, a set of permissions and modes are associated with each file that determines who can access that file, and how they can access it. There are three different classes of users:

  • The file owner.
  • The group members.
  • Others.

You can change or assign file ownership using the chown and chgrp commands.

Following are the file permission types:

  • The read permission.
  • The write permission.
  • The execute permission.

It’s quick and easy way to view the file permissions using ls command:

ls -l index.php
-rw-rw-r-- 12 tecnstuff tnsg 6520 May 20 10:12 index.php

Below is what each part of this information means:

The first character represents the file type: - for a regular file, d for a directory, l for a symbolic link.

The next three characters represent the owner permissions for the file. In this example, the owner has read and write permission to file.

After that, next three characters represent the permissions for members of the file group. Last three characters shows everybody else permissions.

Below is the table of file permissions and options which effects on file:

Permission Character Meaning
Read - It is not readable and cannot view the file contents.
r The file is readable.
Write - The file can’t be modified or changed.
w You can change or modify.
Execute - The file cannot be executed.
x The file can be executed.
s If found in the user triplet it sets the setuid bit. If found in the group triplet, it sets the setgid bit. It also means that x flag is set.
When the setuid or setgid flags are set on an executable file, the file is executed with the file’s owner and/or group privileges.
S It’s same as s just x flag is not set.
t If found in the others triplet it sets the sticky bit.
It also means that x flag is set. This flag is useless on files.
T Same as t but the x flag is not set. This flag is useless on files.

Following is the table of directories permissions and options which effects on directories:

Permission Character Meaning
Read - Contents of directories can not be shown.
r The directory’s contents can be shown
Write - The directory’s contents can not be altered
w Contents of the directory can be altered.
Execute - The directory cannot be changed.
x You can navigate to directory using cd command
s If found in the user triplet it sets the setuid bit. If found in the group triplet, it sets the setgid bit. It also means that x flag is set.
When the setuid or setgid flag is set on a directory the new files created within it inherits the directory group ID (GID), instead of the primary group ID of the user who created the file. setuid has no effect on directories.
S It’s same as s just x flag is not set.
t If found in the others triplet it sets the sticky bit.
It also means that x flag is set. This flag is useless on files. When the sticky bit is set on a directory, only the file’s owner, the directory’s owner, or administrative user can delete or rename the files within the directory.
T Same as t but the x flag is not set. This flag is useless on directories.

How to Use chmod

Below is the common format for the chmod command:

chmod [OPTION]... MODE[,MODE]... FILE...
chmod [OPTION]... OCTAL-MODE FILE...
chmod [OPTION]... --reference=RFILE FILE...

The chmod command allows you to change the permissions on a file using either a symbolic or numeric mode or a reference file. The file owner, root or user with sudo privileges can change the permissions of a file.

Symbolic Method

Below is the syntax for symbolic method:

chmod [OPTIONS] [ugoa...[-+=]perms...[,...] FILE...

Here, [ugoa...] defines which users classes the permissions to the file are changed.

  • u – The file owner.
  • g – The users who are members of the group.
  • o – All other users.
  • a – All users, identical to ugo.

If the flag is not given then it will take a by default.

The second set of flags ([-+=]), the operation flags, defines whether the permissions are to be removed, added, or set:

  • - It removes the specified permissions.
  • + Adds specified permissions.
  • = It make changes the current permissions to the specified permissions.

The perms is either zero or more letters from the set r, w, x, X, s and t, or a single letter from the set u, g, and o. You can give multiple symbolic modes, separated by commas.

Following are some examples of how to use the chmod command in symbolic mode:

To give the members of the group permission to read the file, but not to write and execute it:

chmod g=r filename

Remove the execute permission for all users:

chmod a-x filename

To remove the write permission for other users:

chmod -R o-w dirname

Remove the read, write, and execute permission for all users except the file’s owner:

chmod og-rwx filename

The same thing can be do by using the following form:

chmod og= filename

Give read, write and execute permission to the file’s owner, read permissions to the file’s group and no permissions to all other users:

chmod u=rwx,g=r,o= filename

Add the file’s owner permissions to the permissions that the members of the file’s group have:

chmod g+u filename

Add a sticky bit to a given directory:

chmod o+t dirname

Numeric Method

Following the the syntax of the chmod command when used with Numeric method:

chmod [OPTIONS] NUMBER FILE...

In numeric mode, you can set the permissions for all owner, group, and all others at the same time.

The NUMBER will be in 3 or 4-digits number. When 3 digits number used, first digit represent permission of file’s owner, second is file group and last one for all other users.

Each write, read, and execute permissions have the following number value:

Values for the write, read, and execute permissions are as following:

  • r (read) = 4
  • w (write) = 2
  • x (execute) = 1
  • no permissions = 0

The permissions number are sum of values of the permissions of that group.

To find out the file’s permissions in numeric mode simply calculate the totals for all users classes. For instance, to give read, write and execute permission to the file’s owner, read and execute permissions to the file’s group and only read permissions to all other users you would do the following:

  • Owner: rwx=4+2+1=7
  • Group: r-x=4+0+1=5
  • Others: r-x=4+0+0=4

Now we got the number 754, which represents the desired permissions.

You have to use four digits number to set up the setuid, setgid, and sticky bit flags.

Digits have the following meaning when using the 4 digits number:

  • setuid=4
  • setgid=2
  • sticky=1
  • no changes = 0

If the first digit is 0 it can be ignored, and the mode can be represented with 3 digits. The numeric mode 0644 is the same as 644.

To check the file’s permissions in the numeric notation using the stat command:

stat -c "%a" filename
644

Following are the example of how to use the chmod command in numeric mode:

To give read and write permissions to the file’s owner and only read permissions to group members and all other users:

chmod 644 dirname

Allow file’s owner read, write and execute permissions, read and execute permissions to group members and no permissions to all other users:

chmod 750 dirname

Give read, write, and execute permissions, and a sticky bit to a given directory:

chmod 1777 dirname

Recursively set read, write, and execute permissions to the file owner and no permissions for all other users on a given directory:

chmod -R 700 dirname

Using a Reference File

To set the file’s permissions same as another specified reference file (ref_file), you can use --reference=ref_file option.

chmod --reference=REF_FILE FILE

For instance, the following command will assign the permissions of the file1 to file2

chmod --reference=file1 file2

Change the File’s Permissions Recursively

Using the -R (--recursive) option, you can give recursively permissions to all files and directories inside a specific directory.

chmod -R MODE DIRECTORY

For example, to change the permissions of all files and sub-directories under the /var/www directory to 755 you would use:

chmod -R 755 /var/www

Changing File Permissions in Bulk

In daily use, sometimes you need to change file and directories permissions in bulk. Mostly used to recursively change the website file’s permissions to 644 and directory’s permissions to 755.

You can do it using numeric method as following:

find /var/www/example.com -type d -exec chmod 755 {} \;
find /var/www/example.com -type f -exec chmod 644 {} \;

To do it using the symbolic method:

find /var/www/example.com -type d -exec chmod u=rwx,go=rx {} \;
find /var/www/example.com -type f -exec chmod u=rw,go=r {} \;

The find command will search for files and directories under /var/www/example.com and pass each found file and directory to the chmod command to set the permissions.

Conclusion

You successfully learned how to use chmod command to set or change the file and directories permissions using either the symbolic or numeric mode. For more information about chmod take a look at the chmod man page.

If you have any questions or suggestions, please feel free to leave a comment.

Tags: ,