Chmod Command in Linux (File Permissions)
In Linux, access to the files is managed through the file permissions, attributes, and ownership. This ensures that only authorized users and processes can access files and directories.
This tutorial covers how to use the chmod command to change the access permissions of files and directories.
Linux File Permissions
Before going further, let’s explain the basic Linux permissions model.
In Linux, each file is associated with an owner and a group and assigned with permission access rights for three different classes of users:
File ownership can be changed using the chown and chgrp commands.
There are three file permissions types that apply to each class:
This concept allows you to specify which users are allowed to read the file, write to the file, or execute the file.
File permissions can be viewed using the ls command:
$ ls -l filename.txt
Output
-rw-r--r-- 12 linuxize users 12.0K Apr? 8 20:51 filename.txt
|[-][-][-]-?? [------] [---]
| |? |? | |????? |?????? |
| |? |? | |????? |?????? +-----------> 7. Group
| |? |? | |????? +-------------------> 6. Owner
| |? |? | +--------------------------> 5. Alternate Access Method
| |? |? +----------------------------> 4. Others Permissions
| |? +-------------------------------> 3. Group Permissions
| +----------------------------------> 2. Owner Permissions
+------------------------------------> 1. File Type
The first character shows the file type. It can be a regular file (-), directory (d), a symbolic link , or any other special type of file.
The next nine characters represent the file permissions, three triplets of three characters each. The first triplet shows the owner permissions, the second one group permissions, and the last triplet shows everybody else permissions. The permissions can have a different meaning depending on the file type.
In the example above (rw-r--r--) means that the file owner has read and write permissions (rw-), the group and others have only read permissions (r--).
Each of the three permission triplets can be constructed of the following characters and have a different effects, depending on whether they are set to a file or to a directory:
Effect of Permissions on Files
Effect of Permissions on Directories (Folders)
In Linux, Directories are special types of files that contain other files and directories.
Using chmod
The chmod command takes the following general form:
chmod [OPTIONS] MODE FILE..
The chmod command allows you to change the permissions on a file using either a symbolic or numeric mode or a reference file. We will explain the modes in more detail later in this article. The command can accept one or more files and/or directories separated by space as arguments.
Only root, the file owner or user with sudo privileges can change the permissions of a file. Be extra careful when using chmod, especially when recursively changing the permissions.
Symbolic (Text) Method
The syntax of the chmod command when using the symbolic mode has the following format:
chmod [OPTIONS] [ugoa…][-+=]perms…[,…] FILE..
The first set of flags ([ugoa…]), users flags, defines which users classes the permissions to the file are changed.
If the users flag is omitted, the default one is a and the permissions that are set by unmask are not affected.
The second set of flags ([-+=]), the operation flags, defines whether the permissions are to be removed, added, or set:
The permissions (perms...) can be explicitly set using either zero or one or more of the following letters: r, w, x, X, s, and t. Use a single letter from the set u, g, and o when copying permissions from one to another users class.
When setting permissions for more than one user classes ([,…]), use commas (without spaces) to separate the symbolic modes.
Numeric Method
The syntax of the chmod command when using numeric method has the following format:
chmod [OPTIONS] NUMBER FILE..
When using the numeric mode, you can set the permissions for all three user classes (owner, group, and all others) at the same time.
The NUMBER can be a 3 or 4-digits number.
When 3 digits number is used, the first digit represents the permissions of the file’s owner, the second one the file’s group, and the last one all other users.
Each write, read, and execute permissions have the following number value:
The permissions number of a specific user class is represented by the sum of the values of the permissions for that group.
To find out the file’s permissions in numeric mode simply calculate the totals for all users classes. For example, to give read, write and execute permission to the file’s owner, read and execute permissions to the file’s group and only read permissions to all other users you would do the following:
Using the method above we come up to the number 754, which represents the desired permissions.
To set up the setuid, setgid, and sticky bit flags use four digits number.
When the 4 digits number is used, the first digit has the following meaning:
The next three digits have the same meaning as when using 3 digits number.
If the first digit is 0 it can be omitted, and the mode can be represented with 3 digits. The numeric mode 0755 is the same as 755.
To calculate the numeric mode you can also use another method (binary method), but it is a little more complicated. Knowing how to calculate the numeric mode using 4, 2, and 1 is sufficient for most users.
You can check the file’s permissions in the numeric notation using the stat command:
stat -c "%a" filename
Output
644
Using a Reference File
The --reference=ref_file option allows you to set the file’s permissions to be same as those of the specified reference file (ref_file).
chmod --reference=REF_FILE FILE
Recursively Change the File’s Permissions
To recursively operate on all files and directories under the given directory, use the -R (--recursive) option:
$ chmod -R MODE DIRECTORY
Operating on Symbolic Links
Symbolic links always have 777 permissions.
By default, when changing symlink’s permissions, chmod will change the permissions on the file the link is pointing to.
chmod 755 symlink
Chances are that instead of changing the target ownership, you will get a “cannot access ‘symlink’: Permission denied” error.
The error occurs because by default on most Linux distributions symlinks are protected, and you cannot operate on target files. This option is specified in /proc/sys/fs/protected_symlinks. 1 means enabled and 0 disabled. It is recommended not to disable the symlink protection.
Changing File Permissions in Bulk
Sometimes there are situations where you would need to bulk change files and directories permissions.
The most common scenario is to recursively change the website file’s permissions to 644 and directory’s permissions to 755.
Using the numeric method:
$ find /var/www/my_website -type d -exec chmod 755 {} \;
$ find /var/www/my_website -type f -exec chmod 644 {} \;
Using the symbolic method:
$ find /var/www/my_website -type d -exec chmod u=rwx,go=rx {} \;
$ find /var/www/my_website -type f -exec chmod u=rw,go=r {} \;
The find command will search for files and directories under /var/www/my_website and pass each found file and directory to the chmod command to set the permissions.
Conclusion
The chmod command changes the file’s permissions. The permissions can be set using either the symbolic or numeric mode.