What is chmod?
Chmod means ‘change mode’ and it changes file or directory mode bits (the way a file can be accessed). You can use chmod in the command line to change file or directory permissions on unix or unix-like systems such as linux or BSD.
How to use chmod?
You can change file permissions in this format:
chmod [options] [mode] [file_name]
You can change permissions using alphanumeric characters (a+rwx) or with octal numbers (777).
Here’s a chmod example using for setting permissions so that:
- Owner can read, write and execute
- Group can read, write and execute
- Others can read, write and execute
Chmod example (alphanumeric): chmod a+rwx
Chmod example (octal): chmod 777
What are permissions?
Each file on a system has a set of permissions associated with it, meaning which users have access and what type of access they have.
There are three types of users:
- User, meaning the user who owns the file
- Group, meaning the files defined ownership group
- Other, meaning everyone else
Each of these types of users can have three types of file access:
- Read (r), meaning the ability to look at the contents of a file
- Write (w), meaning the ability to change the contents of a file
- Execute (x), meaning the ability to run the contents of a file
File access, meaning permissions, can be represented alphanumerically (using symbols like r for read, w for write and x for execute) or using octal numeric values (755 for example).
You can extend chmod permissions with options.
Most popular options are:
- -r for ‘recursive’, include same mode in subdirectories
- -f for ‘force’, forge ahead with all objects even if errors occur
- -v for ‘verbose’, show objects processed
|-f, --silent, --quiet||Suppress most error messages|
|-v, --verbose||Output a diagnostic for every file processed|
|-c, --changes||Like verbose but report only when a change is made|
|--reference=RFile||Use RFile's mode instead of MODE values|
|-R, --recursive||Change files and directories recursively|
|--help||Display help and exit|
|--version||Output version information and exit|
Chmod special modes
Setuid and setgid
Setuid and setgid (short for 'set user ID upon execution' and 'set group ID upon execution', respectively) are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group respectively and to change behaviour in directories. They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.
Setuid for a directory
The setuid permission set on a directory is ignored on UNIX and Linux systems.
Setgid for a directory
Setting the setgid permission on a directory ('chmod g+s') causes new files and subdirectories created within it to inherit its group ID, rather than the primary group ID of the user who created the file (the owner ID is never affected, only the group ID). Newly created subdirectories inherit the setgid bit. Thus, this enables a shared workspace for a group without the inconvenience of requiring group members to explicitly change their current group before creating new files or directories. Note that setting the setgid permission on a directory only affects the group ID of new files and subdirectories created after the setgid bit is set, and is not applied to existing entities.
Chmod in numeric mode (octal)
|Octal number||Permissions||As seen in file listing|
|7||read, write and execute||rwx|
|6||read and write||rw-|
|5||read and execute||r-x|
|3||write and execute||-wx|
Chmod examples in octal mode
Readable by owner only
$ chmod 400 chmodExampleFile.txt
Readable by group only
$ chmod 040 cchmodExampleFile.txt
Readable by anyone
$ chmod 004 chmodExampleFile.txt
Writeable by owner only
$ chmod 200 chmodExampleFile.txt
Writeable by group only
$ chmod 020 chmodExampleFile.txt
Writeable by anyone
$ chmod 002 chmodExampleFile.txt
Executeable by owner only
$ chmod 100 chmodExampleFile.txt
Executeable by group only
$ chmod 010 chmodExampleFile.txt
Executeable by anyone
$ chmod 001 chmodExampleFile.txt
Allow read permission to owner and group and anyone.
$ chmod 444 chmodExampleFile.txt
Allow everyone to read, write, and execute file.
$ chmod 777 chmodExampleFile.txt
Chmod in symbolic mode
|u||User / owner|
Chmod examples in symbolic mode
Deny execute permission to everyone.
$ chmod a-x chmodExampleFile.txt
Allow read permission to everyone.
$ chmod a+r chmodExampleFile.txt
Make a file readable and writable by the group and others.
$ chmod go+rw chmodExampleFile.txt
Make a shell script executable by the user/owner.
$ chmod u+x chmodExampleScript.sh
Allow everyone to read, write, and execute the file and turn on the set group-ID.
$ chmod =rwx,g+s chmodExampleScript.sh
Links for more learning:
File system permissions