LinuxCommandLibrary

chmod

Change file or directory permissions

TLDR

Give the [u]ser who owns a file the right to e[x]ecute it

$ chmod u+x [path/to/file]
copy

Give the [u]ser rights to [r]ead and [w]rite to a file/directory
$ chmod u+rw [path/to/file_or_directory]
copy

Remove e[x]ecutable rights from the [g]roup
$ chmod g-x [path/to/file]
copy

Give [a]ll users rights to [r]ead and e[x]ecute
$ chmod a+rx [path/to/file]
copy

Give [o]thers (not in the file owner's group) the same rights as the [g]roup
$ chmod o=g [path/to/file]
copy

Remove all rights from [o]thers
$ chmod o= [path/to/file]
copy

Change permissions recursively giving [g]roup and [o]thers the ability to [w]rite
$ chmod [[-R|--recursive]] g+w,o+w [path/to/directory]
copy

Recursively give [a]ll users [r]ead permissions to files and e[X]ecute permissions to sub-directories within a directory
$ chmod [[-R|--recursive]] a+rX [path/to/directory]
copy

SYNOPSIS

chmod [OPTION]... MODE[,MODE]... FILE...
chmod [OPTION]... OCTAL-MODE FILE...
chmod [OPTION]... --reference=RFILE FILE...

PARAMETERS

-c, --changes
    Like verbose, but report only when a change is made.

-f, --silent, --quiet
    Suppress most error messages.

-v, --verbose
    Output a diagnostic for every file processed.

--no-preserve-root
    Do not treat '/' specially (default).

--preserve-root
    Fail to operate recursively on '/'.

--reference=RFILE
    Use RFILE's mode instead of MODE values.

-R, --recursive
    Change files and directories recursively.

--help
    Display this help and exit.

--version
    Output version information and exit.

DESCRIPTION

The chmod command is a fundamental Linux utility used to change access permissions of file system objects (files and directories). Permissions dictate who can read, write, or execute a file, and who can traverse or list a directory. There are three primary types of permissions: read (r), write (w), and execute (x). These permissions can be assigned to three distinct categories of users: the owner of the file (u), the group associated with the file (g), and others (o).

chmod supports two main modes for specifying permissions: symbolic mode and octal (numeric) mode. In symbolic mode, you use characters to add (+), remove (-), or set (=) permissions for specific user categories (e.g., u+x, g-w, o=rwx). Octal mode uses a three or four-digit octal number, where each digit represents the permissions for owner, group, and others, respectively. Each permission type has a numeric value: read (4), write (2), and execute (1). These values are summed to form the octal digit (e.g., 7 = rwx (4+2+1), 5 = rx (4+1)). A fourth leading digit can specify special permissions like SUID, SGID, or the sticky bit.

CAVEATS

Using chmod -R on the root directory (/) can render a system unbootable or unusable if not done with extreme caution. Be mindful of special permissions (SUID, SGID, sticky bit) as they have security implications. The execute bit for directories grants permission to traverse or search the directory, not necessarily to list its contents (which requires read permission).

SYMBOLIC MODE EXPLAINED

Symbolic mode uses a combination of user types (u, g, o, a for all), operators (+ to add, - to remove, = to set exactly), and permission types (r, w, x, s for SUID/SGID, t for sticky bit). For example, chmod u+x,go-w myfile adds execute permission for the owner and removes write permission for group and others.

OCTAL MODE EXPLAINED

Octal mode uses a numerical representation of permissions. Each digit in the three-digit number corresponds to owner, group, and others. The values are: read (4), write (2), execute (1). These sum up for each category. For example, 755 means owner has rwx (4+2+1=7), group has rx (4+1=5), and others have rx (4+1=5). A four-digit number includes special permissions: 4000 for SUID, 2000 for SGID, 1000 for sticky bit (e.g., 2755 for SGID on a directory).

SPECIAL PERMISSIONS

The setuid (SUID) bit (4000) on an executable allows it to run with the privileges of its owner. The setgid (SGID) bit (2000) on an executable runs it with the privileges of its group; on a directory, new files/subdirectories inherit the parent's group ownership. The sticky bit (1000) on a directory prevents users from deleting or renaming files in that directory unless they own the file or the directory, even if they have write permission for the directory itself (common for /tmp).

HISTORY

The concept of file permissions and the chmod command have been integral to Unix-like operating systems since their inception in the late 1960s and early 1970s. It was a foundational component of the security and multi-user capabilities designed into Unix, allowing administrators and users to control access to their files and programs effectively. Its syntax and core functionality have remained remarkably consistent over decades, underscoring its fundamental role in system administration.

SEE ALSO

chown(1), chgrp(1), ls(1), umask(1)

Copied to clipboard