The chmod (change mode) command is used to change the access permissions of files and directories in Unix and Linux systems. Permissions determine who can read, write, or execute a file or directory. This reference provides an overview of how to use chmod with both symbolic and numeric modes, along with examples to help you manage file permissions effectively.
Each file and directory has three types of permissions for three categories of users:
The permissions are:
In symbolic mode, you specify permissions using letters and symbols.
chmod [references][operator][modes] fileu - User/Ownerg - Groupo - Othersa - All (user, group, and others)+ - Adds the specified modes.- - Removes the specified modes.= - Sets the specified modes and removes others.r - Read permissionw - Write permissionx - Execute permissions - Set user or group ID on executiont - Sticky bit| Command | Description |
|---|---|
chmod u+x file |
Add execute permission for the owner. |
chmod g-w file |
Remove write permission for the group. |
chmod o=r file |
Set read-only permission for others. |
chmod a+rw file |
Add read and write permissions for all. |
chmod u=rw,g=r,o= file |
Set read/write for owner, read for group, no permissions for others. |
chmod +x file |
Add execute permission for all (if no reference is specified, a is assumed). |
In numeric mode, permissions are represented by a three-digit octal number, with each digit corresponding to user, group, and others.
| Octal Digit | Permission | Description |
|---|---|---|
0 |
--- |
No permissions |
1 |
--x |
Execute only |
2 |
-w- |
Write only |
3 |
-wx |
Write and execute |
4 |
r-- |
Read only |
5 |
r-x |
Read and execute |
6 |
rw- |
Read and write |
7 |
rwx |
Read, write, and execute |
chmod [mode] file| Command | Permissions | Description |
|---|---|---|
chmod 755 file |
rwxr-xr-x |
Owner can read, write, execute; group and others can read and execute. |
chmod 644 file |
rw-r--r-- |
Owner can read and write; group and others can read. |
chmod 700 file |
rwx------ |
Owner can read, write, execute; group and others have no permissions. |
chmod 600 file |
rw------- |
Owner can read and write; group and others have no permissions. |
chmod 666 file |
rw-rw-rw- |
All can read and write. |
chmod 444 file |
r--r--r-- |
All can read only. |
Special permissions include the setuid, setgid, and sticky bits.
When set on an executable file, users executing the file will have the permissions of the file owner during execution.
# Set setuid bit
chmod u+s file
# Numeric mode (4XXX)
chmod 4755 fileWhen set on a file, users executing the file will have the permissions of the file's group during execution. When set on a directory, new files created within inherit the directory's group.
# Set setgid bit
chmod g+s directory
# Numeric mode (2XXX)
chmod 2755 directoryWhen set on a directory, files within can only be deleted or renamed by their owner, the directory owner, or the root user.
# Set sticky bit
chmod +t directory
# Numeric mode (1XXX)
chmod 1755 directorySpecial bits are represented by an additional digit in the numeric mode:
| Special Bit | Numeric Value |
|---|---|
| Setuid | 4 |
| Setgid | 2 |
| Sticky Bit | 1 |
Example:
# Set setuid and setgid bits
chmod 6755 file # (4+2)=6, then regular permissions
# Permissions: rwxr-sr-xUse the -R option to change permissions of directories and their contents recursively.
# Set permissions recursively
chmod -R 755 /path/to/directory
# Add execute permission for all directories recursively
find /path/to/directory -type d -exec chmod 755 {} \;Use ls -l to view file permissions:
ls -l file
-rw-r--r-- 1 user group 1234 Oct 12 12:34 fileThe first 10 characters represent the file type and permissions:
- or d - File type (- for regular file, d for directory)rwx - User permissionsrwx - Group permissionsrwx - Others permissions| Permission | Numeric Mode | Description |
|---|---|---|
rwxr-xr-x |
755 |
Common for executable files and directories. |
rw-r--r-- |
644 |
Default for text files; owner can read/write, others can read. |
rwx------ |
700 |
Private files and directories; only owner has full access. |
rw-rw-r-- |
664 |
Owner and group can read/write; others can read. |
rwsr-xr-x |
4755 |
Setuid executable; runs with owner's permissions. |
rwxr-sr-x |
2755 |
Setgid executable; runs with group's permissions. |
rwxrwxrwt |
1777 |
Sticky bit set on directory; e.g., /tmp. |
chmod o= filechmod ug+x filechmod --reference=source_file target_fileModify permissions for files matching certain criteria:
# Find all .sh files and make them executable
find /path -type f -name "*.sh" -exec chmod +x {} \;
# Change permissions of all directories to 755
find /path -type d -exec chmod 755 {} \;
# Change permissions of all files to 644
find /path -type f -exec chmod 644 {} \;777 (full access for everyone) as it poses security risks.| Option | Description |
|---|---|
-R |
Recursively change permissions of directories and their contents. |
-v |
Verbose output; show files as permissions are modified. |
-c |
Like verbose but reports only when changes are made. |
-f |
Suppress most error messages. |
--reference=FILE |
Set permissions to match those of FILE. |
ls -l before making changes.chown and chgrp to change ownership and group if needed.umask to set default permission for new files and directories.