How to use the chmod Command in Linux

by Mayank
chmod-command

The chmod (change mode) command is used to set access permissions for a file or a directory to protect them from unauthorized access to users on the same system. The basic permissions are read, write & execute and these permissions are limited to owner, group or everyone else on the system. Here I’ll explain the chmod command and how to use it in the Linux terminal.

Note: To list the permissions of an object (file or directory), use the ls -l command.

Command Format

chmod [options] mode files

The Options Parameter

The options parameter can take the following arguments:

ArgumentFunction
-f, –silent,–quietSuppress most error messages
-v, –verboseOutput a diagnostic for every file processed (Show objects changed; unaffected objects are not shown).
-c, –changes
Like verbose but report only when a change is made
-R,–recursiveChange files and directories recursively (Explained below)
–helpDisplay help and exit
–versionOutput version information and exit

Note: The options parameter is can be ignored all together when using the chmod command. 

Note: The recursive attribute (-R) is used to recursively operate on all files and directories under a given directory (i.e. to include the contents of a directory while executing chmod on the parent directory).

The Mode parameter

The mode parameter is what sets the permissions for the three security levels (owner, group, others). The mode parameter can have 3 different forms: 

  • The octal representation of the symbolic (rwx permissions). This octal value can be of upto 4 bits long. The last 3 bits represent: owner, group and others respectively. The 4th bit holds the sticky bit.

Note: The sticky bit holds either a 1 or 0. This bit does a really great job if you know what you’re doing. Normally, what happens is that if you have the write permissions for a directory, you can delete & modify the files inside that directory. But if you set the sticky bit to 1, you would need separate write permissions for deleting the files even when you have the same for the directory itself.

Here’s a chart that shows the octal representations of rwx permissions. To learn more about file permissions on Linux, read this article.

PermissionsOctal ValueDescription
0No permissions
–x1Execute-only permission
-w-2Write-only permission
-wx3Write & Execute permissions
r–4Read-only permission
r-x5Read & Execute permissions
rw-6Read & Write permissions
rwx7Read, Write & Execute permissions
  • –reference=file, to set the same permissions as a different file specified to the current file.
  • The symbolic representation consisting of three sets of three characters (each for the owner, group & everyone else). The symbols either specify absolute permissions or relative permissions (related to the file’s existing permissions). The correct format for specifying a permission under this mode is:

[ugoa…] [+-=] [rwxXstugo…]

The first set defines to whom these new permissions apply:

  • u for the user or the owner
  • g for the group
  • o for others or everyone else
  • a for all of the above

The second set of characters indicate whether you want to add the new permissions to the existing permissions (+ sign), remove the permissions from the existing permissions (- sign) or set the new permissions directly (= sign).

The third set defines the permission itself:

  • r for read permission
  • w for write permission
  • x for execute permission
  • X to assign execute permissions only if the object is a directory or already has execute permissions
  • s (setuid or setgid) to set the UID or GID on execution of a script or an executable file (Explained below)
  • t for the sticky bit
  • u to duplicate user permissions
  • g to duplicate group permissions
  • o to duplicate others permissions

The setuid (Set User ID) and setgid (Set Group ID) attributes have a really powerful function when applied to shell scripts or executables.

Consider for example, a file named program.sh owned by some user named John and a group named Colleagues. If the file program.sh has setuid enabled in the permissions, then anyone who runs program.sh will become the user “John” with all rights and privileges (as defined in the permissions), till the program ends. In a similar manner, if the file program.sh has setgid enabled, then anyone who runs it will become the member of the group Colleagues with all privileges.

Warning: As you might think, the setuid & setgid has an effect on the security of the system. Therefore, use these attributes carefully.

Command Examples

Here are some examples of me using the chmod command that will help you understand it’s usage better:

  • chmod 755 program.sh
Notice how rw- changes to rwx while the rw- & r– change to r-x

Explanation: The octal value 7 gives rwx permissions to the user i.e. phantomphreak while giving only read execute permissions to the group and everyone else.

  • chmod 1755 program.sh 
Notice that r-x changes to r-t

Explanation: This command is same as the previous one but with an added sticky bit. Sticky bit is explained earlier in this article.

  • chmod u-x program.sh
Here we removed the execute (x) permission from the user

Explanation: This command removed the execute permissions from the user i.e. phantomphreak. Notice the (-) sign.

Related Posts

Leave a Comment