Using chmod Command In Linux- Changing File Permissions

chmod command in linux

chmod command in Linux operating system is an abbreviation of change mode, and is used in order to alter access mode of a file. Actually, the files access in operating system is managed through various related entities like file permissions, attributes and ownership, which ensures that only authorized users can access files or directories. So, in order to assign or alter access permissions of files and directories, chmod command is utilized. In this article, we would discuss more about the command in detail.

Understanding File Permissions in Linux

In Linux or any other operating system, a file access mostly refers to access grants to an owner, and a group. So, based on this, the file permission access rights can be classified in 3 classes of users which are:

  • File owner
  • Group member
  • Others
Note: Altering ownership to files and directories can easily be accomplished by using chown or chgroup commands, which we have discussed earlier.

Since there are three classes of users, also, the file permission types will be of 3 types applied to every user class:

  • Read
  • Write
  • Execute

Including all above discussed facts, it concludes to a concept that every file or directory needs to be specified with permissions, which users can read, write and execute it. If you don’t know what file permission is given to a file on your Linux system, you can use ls -l File_Name command.

For example

ls -l servo.txt
ls -l example

As we noticed in the output, the first character (-) indicates to a regular file type. In case if we have checked the file permission for a directory or symlink, it has shown the output as (d), or (1) respectively.

After the first character, the all next 9 char values indicates the file permissions offered to every user class as we discussed above, in which the first 3 chars shows the permissions granted to owner, the second 3 chars shows permissions granted to group, whereas the last 3 chars shows permissions offered to anybody else.

In the output we noticed in the example above, the rw-r–r– shows that the file owner has read and write permissions, while the group and anybody else have only read permissions.

Understanding Permission Effects On Files/Directories

Effects On Files:

Permission Character Effect on File
Read The file is not readable.
r The file is readable.
Write The file can’t be changed or modified.
w The file can be changed or modified.
Execute The file can’t be executed.
x The file can be executed.
s If found in the user triplet it sets the setuid bit. If found in the group triplet, it sets the setgid bit. It also means that x flag is set. When the setuid or setgid flags are set on an executable file, the file is executed with the file’s owner and/or group privileges.
S Same as s but the x flag is not set. This flag is rarely used on files.
t If found in the others triplet it sets the sticky bit. It also means that x flag is set. This flag is useless on files.
T Same as t but the x flag is not set. This flag is useless on files.

Effects on Directories:

In the terms of Linux operating system, Directories are also considered as such a file that includes more files and directories within it.

Permission Character Effect on Directory
Read The directory’s contents cannot be shown.
r The directory’s contents can be shown. (e.g. You can list files inside the directory with ls.)
Write The directory’s contents cannot be altered.
w The directory’s contents can be altered. (e.g. You can create new files, delete files ..etc.)
Execute The directory cannot be changed to.
x The directory can be navigated using cd.
s If found in the user triplet, it sets the setuid bit. If found in the group triplet it sets the setgid bit. It also means that x flag is set. When the setgid flag is set on a directory the new files created within it inherits the directory group ID (GID), instead of the primary group ID of the user who created the file. setuid has no effect on directories.
S Same as s but the x flag is not set. This flag is useless on directories.
t If found in the others triplet it sets the sticky bit. It also means that x flag is set. When the sticky bit is set on a directory, only the file’s owner, the directory’s owner, or administrative user can delete or rename the files within the directory.
T Same as t but the x flag is not set. This flag is useless on directories.

Syntax of chmod command in Linux

While using chmod command, it takes the values in the following form or say syntax:

chmod [OPTIONS] MODE FILE(s)/Directory(s)
Note: In order to change the file permissions using chmod command, make sure you are sudo enabled or root user or the owner of a file. It’s often recommended to be careful while changing permissions of files or directories recursively.

Various Modes and its usage

As we noticed in the syntax above, the chmod command takes Modes while changing permissions of files or directories. In Linux, the modes can be Symbolic mode, Numeric mode, or a Reference mode (using reference file). So, let’s discuss each of the modes and how it can be used with chmod.

Symbolic Method

This is also known as Text method for which the syntax should be:

chmod [OPTIONS] [ugoa…][-+=]perms…[,…] FILE…

The flag set ([ugoa…]) includes the definition of users classes for which the permission to files are changed. In case if users flag is not used with the command, it will assign its value as a by default. Here’s what it actually means:

  • u: The owner of file.
  • g: Users who are member of the group.
  • o: Other users.
  • a: All users.

The other flags ([-+=]), that’s referred as operation flags defines if the specified permissions are to be removed, added or set. Let’s discuss each operators and its meaning:

  • – : Removes the specified permissions.
  • + : Adds the specified permissions.
  • = : Alters the currently set permissions with mentioned permissions. However, if no values are specified after =, it removes all permissions from specified user class.

The perms… or permissions in the syntax can be set either 0 or 1 or letters like r, w, x, X, s and t. If you wish to copy permissions from one user class to another, you should use a single letter from the set u, g, and o.

If the permission is being set for more than one user classes, you can separate them using commas ([,…]) without any space to separate symbolic modes. Here includes some examples in which we discuss using chmod in symbolic mode:

1: Granting permissions to a group with read only permissions:

chmod g=r servo.txt

2: Removing all permissions for everyone:

chmod a-x servo.txt

3: Removing read, write and execute permission for everyone except the owner of file:

chmod og-rwx servo.txt

Numeric Method

When using chmod command in numeric method, its syntax should be:

chmod [OPTIONS] NUMBER FILE…

Means, the permission for all use classes such as owner, group, and others, can be set at the same time using numeric values. The numeric value basically includes a number of 3 or 4 digits. When 3 digit value is passed, the first digit indicates file owner’s permission, the second digit represents group’s permission, while the last digit indicates to all user’s permissions.

Every read, write and execute permissions can be set as the values discussed here:

  • r (read) = 4
  • w (write ) = 2
  • x (execute) = 1
  • no permissions = 0

Means, in order to specify a permission to specific user class, the exact number would be the sum of values based on the permissions required to be granted (7 for granting all permissions, 0 for granting no permissions, 4 for read only permissions, 6 for read and write permissions, and so on).

However, if the 4 digit values are entered, the first digit stands for setuid, setgid, and sticky bit flags. Here’s the values required values for every entities:

  • setuid = 4
  • setgid = 2
  • sticky = 1
  • no changes = 0

In the case while using 4 digits, the next 3 digits stands for same as we discussed above. Here are some of the examples of chmod command using numeric mode.

1: Granting owners with read and write, but the group and other users with read only permisisons:

chmod 644 servo.txt

2: Granting owner with read, write and execute, while the group with read and execute, whereas the other users with no permissions:

chmod 750 servo.txt

3: Granting read write and execute permissions to all users:

chmod 777 servo.txt

4: Granting permission as same as in example 3, but a sticky bit also to be added:

chmod 1777 servo.txt

Reference File Method

chmod command also allows to set file’s or folder’s permission based on a reference file. In order to do so, we can use –reference=ref_file option with command. The required syntax should be:

chmod --reference=REF_FILE FILE

For example, we will assign the permission of servo.txt to node.txt:

chmod –reference=servo.txt node.txt

Using chmod with Symlinks (Symbolic Links)

When the symlinks are created, they are assigned with 777 permissions (Read, Write and Execute). But, these permissions can also be altered with chmod.

chmod 755 symlink

In this case, you might get an error “cannot access ‘symlink’” on screen while changing the target ownership because the symlinks are protected in most of the Linux distributions. However, this setting can be altered as well from /proc/sys/fs/protected_symlinks. Setting its value as 1, means protection is enabled, while 0 means the protection is disabled. As per the recommendation, the sysmlink protection should be enabled.

Changing the file’s permission in bulk

In some instances, you might end up to change the file’s permission in bulk, probably this kind of scenario comes when changing the files permission recursively for a website either to 755 or 644. this can be accomplished using either numeric method or symbolic method.

Examples of numeric method:

find /var/www/servonode.com -type d -exec chmod 755 {} \;
find /var/www/servonode.com -type f -exec chmod 644 {} \;

Examples of symbolic method:

find /var/www/servonode.com -type d -exec chmod u=rwx,go=rx {} \;
find /var/www/servonode.com -type f -exec chmod u=rw,go=r {} \;

In the above instances, we have used find command to search for files and directories under /var/www/servonode.com and altered every internal element’s permissions as per the requirements.

Final Thoughts

Using chmod command in Linux, the file’s or directory’s permissions can easily be assigned. There’s various modes or methods through which modification of permissions can be accomplished, and above mentioned examples easily clarifies the same. To learn more about the chmod command in details, visit chmod man page. Do share this tutorial with your friends. If you have any question, you can click to Visit Our Discussion Board.