LinuxCommandLibrary

chmod

Change file or directory permissions

TLDR

Give the [u]ser who owns a file the right to e[x]ecute it

$ chmod u+x [path/to/file]
copy

Give the [u]ser rights to [r]ead and [w]rite to a file/directory
$ chmod u+rw [path/to/file_or_directory]
copy

Remove e[x]ecutable rights from the [g]roup
$ chmod g-x [path/to/file]
copy

Give [a]ll users rights to [r]ead and e[x]ecute
$ chmod a+rx [path/to/file]
copy

Give [o]thers (not in the file owner's group) the same rights as the [g]roup
$ chmod o=g [path/to/file]
copy

Remove all rights from [o]thers
$ chmod o= [path/to/file]
copy

Change permissions recursively giving [g]roup and [o]thers the ability to [w]rite
$ chmod [[-R|--recursive]] g+w,o+w [path/to/directory]
copy

Recursively give [a]ll users [r]ead permissions to files and e[X]ecute permissions to sub-directories within a directory
$ chmod [[-R|--recursive]] a+rX [path/to/directory]
copy

SYNOPSIS

chmod [OPTION]... MODE[,MODE]... FILE...

PARAMETERS

-c, --changes
    Like verbose but report only when a change is made.

-f, --silent, --quiet
    Suppress most error messages.

-v, --verbose
    Output a diagnostic for every file processed.

--no-preserve-root
    Do not treat ‘/’ specially (the default).

--preserve-root
    Fail to operate recursively on ‘/’.

-R, --recursive
    Change files and directories recursively.

--reference=RFILE
    Use RFILE’s mode instead of MODE values.

-h, --no-dereference
    Affect symbolic links instead of any referred-to file (useful only on systems that can change the permissions of a symbolic link).

-H
    If a command line argument is a symbolic link to a directory, traverse it.

-L
    Traverse every symbolic link to a directory encountered.

-P
    Do not traverse any symbolic links (default).

--help
    Display this help and exit

--version
    Output version information and exit.

DESCRIPTION

The chmod command is used to modify the access permissions of files and directories in Linux and other Unix-like operating systems. It controls who can read, write, and execute files. Permissions are typically represented using octal notation (e.g., 755) or symbolic notation (e.g., u+rwx,go+rx).

chmod is fundamental for system security, ensuring that only authorized users can access sensitive data or execute critical programs. Incorrect usage can compromise system security, so understanding its options and implications is crucial. The command affects access based on the user's identity, group membership, and whether other users need access. Proper use is a key component of system administration.

CAVEATS

Incorrect permissions can lead to security vulnerabilities or prevent legitimate users from accessing necessary files. Using `chmod 777` (full read, write, and execute access for everyone) should be avoided in production environments unless absolutely necessary and with a thorough understanding of the risks.

SYMBOLIC MODES

Symbolic modes allow you to specify permissions using letters instead of octal numbers. For example:

* `u` (user): Owner of the file.
* `g` (group): Group associated with the file.
* `o` (others): All other users.
* `a` (all): Everyone (user, group, and others).

Operators include `+` (add permission), `-` (remove permission), and `=` (set permission exactly). Example: `chmod u+x file.sh` (adds execute permission for the owner).

OCTAL MODES

Octal modes use a three-digit number to represent permissions for user, group, and others, respectively. Each digit is a sum of the following values:

* 4: Read permission.
* 2: Write permission.
* 1: Execute permission.

For example, `chmod 755 file.txt` means: Owner (7 = 4+2+1) has read, write, and execute permissions; Group (5 = 4+1) has read and execute permissions; Others (5 = 4+1) have read and execute permissions.

HISTORY

The chmod command has been a core utility in Unix-like operating systems since their early development. It was designed to provide a mechanism for controlling access to files, reflecting the multi-user nature of these systems. Over time, minor improvements and feature additions have been made, but the fundamental functionality has remained consistent, demonstrating its enduring importance to system security and administration.

SEE ALSO

chown(1), chgrp(1), umask(1), stat(1)

Copied to clipboard