chmod
Change file or directory permissions
TLDR
Give the [u]ser who owns a file the right to e[x]ecute it
Give the [u]ser rights to [r]ead and [w]rite to a file/directory
Remove e[x]ecutable rights from the [g]roup
Give [a]ll users rights to [r]ead and e[x]ecute
Give [o]thers (not in the file owner's group) the same rights as the [g]roup
Remove all rights from [o]thers
Change permissions recursively giving [g]roup and [o]thers the ability to [w]rite
Recursively give [a]ll users [r]ead permissions to files and e[X]ecute permissions to sub-directories within a directory
SYNOPSIS
chmod [OPTION]... MODE[,MODE]... FILE...
chmod [OPTION]... OCTAL-MODE FILE...
chmod [OPTION]... --reference=RFILE FILE...
PARAMETERS
-c, --changes
Like verbose, but report only when a change is made.
-f, --silent, --quiet
Suppress most error messages.
-v, --verbose
Output a diagnostic for every file processed.
--no-preserve-root
Do not treat '/' specially (default).
--preserve-root
Fail to operate recursively on '/'.
--reference=RFILE
Use RFILE's mode instead of MODE values.
-R, --recursive
Change files and directories recursively.
--help
Display this help and exit.
--version
Output version information and exit.
DESCRIPTION
The chmod command is a fundamental Linux utility used to change access permissions of file system objects (files and directories). Permissions dictate who can read, write, or execute a file, and who can traverse or list a directory. There are three primary types of permissions: read (r), write (w), and execute (x). These permissions can be assigned to three distinct categories of users: the owner of the file (u), the group associated with the file (g), and others (o).
chmod supports two main modes for specifying permissions: symbolic mode and octal (numeric) mode. In symbolic mode, you use characters to add (+), remove (-), or set (=) permissions for specific user categories (e.g., u+x, g-w, o=rwx). Octal mode uses a three or four-digit octal number, where each digit represents the permissions for owner, group, and others, respectively. Each permission type has a numeric value: read (4), write (2), and execute (1). These values are summed to form the octal digit (e.g., 7 = rwx (4+2+1), 5 = rx (4+1)). A fourth leading digit can specify special permissions like SUID, SGID, or the sticky bit.
CAVEATS
Using chmod -R on the root directory (/) can render a system unbootable or unusable if not done with extreme caution. Be mindful of special permissions (SUID, SGID, sticky bit) as they have security implications. The execute bit for directories grants permission to traverse or search the directory, not necessarily to list its contents (which requires read permission).
SYMBOLIC MODE EXPLAINED
Symbolic mode uses a combination of user types (u, g, o, a for all), operators (+ to add, - to remove, = to set exactly), and permission types (r, w, x, s for SUID/SGID, t for sticky bit). For example, chmod u+x,go-w myfile adds execute permission for the owner and removes write permission for group and others.
OCTAL MODE EXPLAINED
Octal mode uses a numerical representation of permissions. Each digit in the three-digit number corresponds to owner, group, and others. The values are: read (4), write (2), execute (1). These sum up for each category. For example, 755 means owner has rwx (4+2+1=7), group has rx (4+1=5), and others have rx (4+1=5). A four-digit number includes special permissions: 4000 for SUID, 2000 for SGID, 1000 for sticky bit (e.g., 2755 for SGID on a directory).
SPECIAL PERMISSIONS
The setuid (SUID) bit (4000) on an executable allows it to run with the privileges of its owner. The setgid (SGID) bit (2000) on an executable runs it with the privileges of its group; on a directory, new files/subdirectories inherit the parent's group ownership. The sticky bit (1000) on a directory prevents users from deleting or renaming files in that directory unless they own the file or the directory, even if they have write permission for the directory itself (common for /tmp).
HISTORY
The concept of file permissions and the chmod command have been integral to Unix-like operating systems since their inception in the late 1960s and early 1970s. It was a foundational component of the security and multi-user capabilities designed into Unix, allowing administrators and users to control access to their files and programs effectively. Its syntax and core functionality have remained remarkably consistent over decades, underscoring its fundamental role in system administration.