LinuxOperating SystemWindows

Chmod Command in Linux (File Permissions)

September 10, 20190 Comments by Coporton WorkStation

File access in Linux is controlled by managing file permissions, attributes, and ownership. By implementing this security measure, only authorized users and processes are granted access to files and directories.

This tutorial provides a comprehensive guide on utilizing the chmod command to modify the access permissions of files and directories.

Understanding Linux File Permissions

Now, let’s delve into the fundamentals of the Linux permissions model. Linux assigns ownership and permission access rights to each file for different classes of users.

  • Owner of the file.
  • The members of the group.
  • Others (everyone else).

You can easily change file ownership by utilizing the chown and chgrp commands.

There are three file permission types that apply to each class:

  • The read permission.
  • The write permission.
  • The execute permission.

This concept enables you to define the user permissions for reading, writing, and executing the file.

You can view file permissions by using the ls command.

ls -l filename.txt
-rw-r--r-- 12 linuxize users 12.0K Apr  8 20:51 filename.txt
|[-][-][-]-   [------] [---]
| |  |  | |      |       |
| |  |  | |      |       +-----------> 7. Group
| |  |  | |      +-------------------> 6. Owner
| |  |  | +--------------------------> 5. Alternate Access Method
| |  |  +----------------------------> 4. Others Permissions
| |  +-------------------------------> 3. Group Permissions
| +----------------------------------> 2. Owner Permissions
+------------------------------------> 1. File Type

The first character indicates the file type. It can be a conventional file (-), directory (d), a symbolic link (l) is a specific sort of file.

The following nine characters are file permissions, three triplets of three characters each. The first triplet displays the owner’s permissions, the second shows group permissions, and the final triplet displays permissions for everyone else. Permissions might indicate different things based on the file type.

The example above (rw-r--r--) indicates that the file owner has both read and write permissions (rw-), but the group and others only have read permissions (r--).

Each of the three permission triplets can be built from the following characters and have distinct effects depending on whether they are set to a file or a directory:

Effect of Permissions on Files
PermissionCharacterMeaning on File
Read-The file is not readable. You cannot view the file contents.
rThe file is readable.
Write-The file cannot be changed or modified.
wThe file can be changed or modified.
Execute-The file cannot be executed.
xThe file can be executed.
sIf found in the user triplet it sets the setuid bit. If found in the group triplet, it sets the setgid bit. It also means that x flag is set.
When the setuid or setgid flags are set on an executable file, the file is executed with the file’s owner and/or group privileges.
SSame as s but the x flag is not set. This flag is rarely used on files.
tIf found in the others triplet it sets the sticky bit.
It also means that x flag is set. This flag is useless on files.
TSame as t but the x flag is not set. This flag is useless on files.
Effect of Permissions on Directories (Folders)

In Linux, directories are unique file types that include other files and directories.

PermissionCharacterMeaning on Directory
Read-The directory’s contents cannot be shown.
rThe directory’s contents can be shown.
(e.g. You can list files inside the directory with ls .)
Write-The directory’s contents cannot be altered.
wThe directory’s contents can be altered.
(e.g. You can create new files , delete files ..etc.)
Execute-The directory cannot be changed to.
xThe directory can be navigated using cd .
sIf found in the user triplet, it sets the setuid bit. If found in the group triplet it sets the setgid bit. It also means that x flag is set. When the setgid flag is set on a directory the new files created within it inherits the directory group ID (GID), instead of the primary group ID of the user who created the file.
setuid has no effect on directories.
SSame as s but the x flag is not set. This flag is useless on directories.
tIf found in the others triplet it sets the sticky bit.
It also means that x flag is set. When the sticky bit is set on a directory, only the file’s owner, the directory’s owner, or administrative user can delete or rename the files within the directory.
TSame as t but the x flag is not set. This flag is useless on directories.
By using chmod

This is how the chmod command usually looks:

chmod [OPTIONS] MODE FILE...

You can use a symbolic or numeric mode or a reference file with the chmod command to change a file’s rights. We’ll talk about the modes in more depth later in this piece. It’s possible for the command to be given more than one file or directory path split by a space.

It is only possible for root, the file owner, or a user with sudo rights to change a file’s access. When you use chmod, be extra careful, especially when changing rights over and over again.

The Symbolic (Text) Method

It looks like this when you use the symbolic mode with the chmod command:

Chmod THE OPTIONS [ugoa][-+=]Perms... [,] FILE...

This first group of flags, called “users flags,” tells the file’s owner which types of users can change its permissions.

  • u – The file owner.
  • g – The users who are members of the group.
  • o – All other users.
  • a – All users, identical to ugo.

If the users flag is omitted, the default one is a and the permissions that are set by umask are not affected.

The second set of flags ([-+=]), the operation flags, defines whether the permissions are to be removed, added, or set:

  • - Removes the specified permissions.
  • + Adds specified permissions.
  • = Changes the current permissions to the specified permissions. If no permissions are specified after the =symbol, all permissions from the specified user class are removed.

The permissions (perms...) can be explicitly set using either zero or one or more of the following letters: r, w, x, X, s, and t. Use a single letter from the set u, g, and o when copying permissions from one to another users class.

When setting permissions for more than one user classes ([,…]), use commas (without spaces) to separate the symbolic modes.

Below are some examples of how to use the chmod command in symbolic mode:

  • Give the members of the group permission to read the file, but not to write and execute it:
    chmod g=r filename
  • Remove the execute permission for all users:
    chmod a-x filename
  • Recursively remove the write permission for other users:
    chmod -R o-w dirname
  • Remove the read, write, and execute permission for all users except the file’s owner:
    chmod og-rwx filename

    The same thing can be also accomplished by using the following form:

    chmod og= filename
  • Give read, write and execute permission to the file’s owner, read permissions to the file’s group and no permissions to all other users:
    chmod u=rwx,g=r,o= filename
  • Add the file’s owner permissions to the permissions that the members of the file’s group have:
    chmod g+u filename
  • Add a sticky bit to a given directory:
    chmod o+t dirname
Numeric Method

The syntax of the chmod command when using numeric method has the following format:

chmod [OPTIONS] NUMBER FILE...

When using the numeric mode, you can set the permissions for all three user classes (owner, group, and all others) at the same time.

The NUMBER can be a 3 or 4-digits number.

When 3 digits number is used, the first digit represents the permissions of the file’s owner, the second one the file’s group, and the last one all other users.

Each write, read, and execute permissions have the following number value:

  • r (read) = 4
  • w (write) = 2
  • x (execute) = 1
  • no permissions = 0

The permissions number of a specific user class is represented by the sum of the values of the permissions for that group.

To find out the file’s permissions in numeric mode simply calculate the totals for all users classes. For example, to give read, write and execute permission to the file’s owner, read and execute permissions to the file’s group and only read permissions to all other users you would do the following:

  • Owner: rwx=4+2+1=7
  • Group: r-x=4+0+1=5
  • Others: r-x=4+0+0=4

Using the method above we come up to the number754, which represents the desired permissions.

To set up the setuid, setgid, and sticky bit flags use four digits number.

When the 4 digits number is used, the first digit has the following meaning:

  • setuid=4
  • setgid=2
  • sticky=1
  • no changes = 0

The next three digits have the same meaning as when using 3 digits number.

If the first digit is 0 it can be omitted, and the mode can be represented with 3 digits. The numeric mode 0755 is the same as 755.

To calculate the numeric mode you can also use another method (binary method), but it is a little more complicated. Knowing how to calculate the numeric mode using 4, 2, and 1 is sufficient for most users.

You can check the file’s permissions in the numeric notation using the stat command:

stat -c "%a" filename
644

Here are some examples of how to use the chmod command in numeric mode:

  • Give the file’s owner read and write permissions and only read permissions to group members and all other users:
    chmod 644 dirname
  • Give the file’s owner read, write and execute permissions, read and execute permissions to group members and no permissions to all other users:
    chmod 750 dirname
  • Give read, write, and execute permissions, and a sticky bit to a given directory:
    chmod 1777 dirname
  • Recursively set read, write, and execute permissions to the file owner and no permissions for all other users on a given directory:
    chmod -R 700 dirname
Using a Reference File

The --reference=ref_file option allows you to set the file’s permissions to be same as those of the specified reference file (ref_file).

For example, the following command will assign the permissions of the file1 to file2

chmod --reference=file1 file2
Recursively Change the File’s Permissions

To recursively operate on all files and directories under the given directory, use the -R (--recursive) option:

For example, to change the permissions of all files and subdirectories under the /var/www directory to 755 you would use:

chmod -R 755 /var/www
Operating on Symbolic Links

Symbolic links always have 777 permissions.

By default, when changing symlink’s permissions, chmod will change the permissions on the file the link is pointing to.

chmod 755 symlink

Chances are that instead of changing the target ownership, you will get a “cannot access ‘symlink’: Permission denied” error.

The error occurs because by default on most Linux distributions symlinks are protected, and you cannot operate on target files. This option is specified in /proc/sys/fs/protected_symlinks. 1 means enabled and 0 disabled. It is recommended not to disable the symlink protection.

Changing File Permissions in Bulk

Sometimes there are situations where you would need to bulk change files and directories permissions.

The most common scenario is to recursively change the website file’s permissions to 644 and directory’s permissions to 755.

Using the numeric method:

find /var/www/my_website -type d -exec chmod 755 {} \;
find /var/www/my_website -type f -exec chmod 644 {} \;

Using the symbolic method:

find /var/www/my_website -type d -exec chmod u=rwx,go=rx {} \;
find /var/www/my_website -type f -exec chmod u=rw,go=r {} \;

The find command will search for files and directories under /var/www/my_website and pass each found file and directory to the chmod command to set the permissions.

Conclusion

chmod changes the access of a file. You can set the rights in either the symbolic or numeric mode.

The chmod man page is where you can find out more about chmod.

You can leave a note if you have any questions or thoughts.

606 Views
AboutCoporton WorkStation
We specialize in simplifying technology through our Linux System Administrator, Cyber Security, Web Development, and Virtual Assistance expertise. Our passion lies not only in delivering professional solutions but also in sharing our knowledge with others. Through insightful topics, tutorials, tips, and tricks, we aim to illuminate complex technical concepts and provide practical, easy-to-apply solutions. Whether you're a tech enthusiast interested in technology or a business seeking to optimize its operations, Coporton WorkStation is your trusted partner in making technology more accessible and effective.
Methods for Analytics: What, How, and Why?Methods for Analytics: What, How, and Why?January 1, 2019
Microsoft Activation Script - An Open-Source Tool to ActivateDecember 2, 2019Microsoft Activation Script - An Open-Source Tool to Activate

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *