Introduction
Access to files in Linux is controlled by file permissions, attributes, and ownership. Only authorized users and processes can access files and folders as a result of this.
It stands for "change mode." The chmodcommand allows users to modify the permissions that control who can read, write, and execute a file or directory. This command is commonly used to manage the access privileges of files and ensure proper security settings.
This tutorial will show you how to change the access permissions of files and directories using the chmod command. We will also address a few FAQs on chmod Command in Linux (File Permissions).
Linux File Permissions
Before we go any further, let's go through the fundamentals of Linux permissions.
Each file in Linux is allocated an owner and a group, as well as access permissions for three main types of users:
- The owner of the file.
- Members of the group.
- Others (everybody else).
The chown and chgrp commands can be used to change file ownership.
Each class has three different sorts of file permissions:
- Read Permission.
- Write Permission.
- Execute Permission.
This notion allows you to designate which users have permission to read, write, or execute the file.
The ls command can be used to check file permissions:
ls -l filename.txt
Output
-rw-r--r-- 12 linuxize users 12.0K Apr 8 20:51 filename.txt
|[-][-][-]- [------] [---]
| | | | | | |
| | | | | | +-----------> 7. Group
| | | | | +-------------------> 6. Owner
| | | | +--------------------------> 5. Alternate Access Method
| | | +----------------------------> 4. Others Permissions
| | +-------------------------------> 3. Group Permissions
| +----------------------------------> 2. Owner Permissions
+------------------------------------> 1. File Type
The file type is indicated by the first character. It could be a normal file (-), a directory (d), a symbolic link (l), or any other sort of file.
The file permissions are represented by the next nine characters, which are divided into three triplets of three characters each. The first triplet displays owner permissions, the second displays group permissions, and the third triplet displays permissions for everyone else. Depending on the file format, permissions may have different meanings.
(rw-r--r--) signifies that the file owner has read and write permissions (rw-), but the group and others only have read permissions (r--).
Depending on whether they are set to a file or a directory, each of the three permission triplets can be made up of the following characters and have various implications.
Effect of Permissions on Files
| Permission | Character | Meaning on File |
|---|---|---|
| Read | - |
The file is not readable. You cannot view the file contents. |
r |
The file is readable. | |
| Write | - |
The file cannot be changed or modified. |
w |
The file can be changed or modified. | |
| Execute | - |
The file cannot be executed. |
x |
The file can be executed. | |
s |
If found in the user triplet it sets the setuid bit. If found in the group triplet, it sets the setgid bit. It also means that x flag is set. When the setuid or setgid flags are set on an executable file, the file is executed with the file’s owner and/or group privileges. |
|
S |
Same as s but the x flag is not set. This flag is rarely used on files. |
|
t |
If found in the others triplet it sets the sticky bit. It also means that x flag is set. This flag is useless on files. |
|
T |
Same as t but the x flag is not set. This flag is useless on files. |
Effect of Permissions on Directories (Folders)
Directories in Linux are unique file types that include other files and directories.
| Permission | Character | Meaning on File |
|---|---|---|
| Read | - |
The directory’s contents cannot be shown. |
r |
The directory’s contents can be shown. (e.g. You can list files inside the directory with ls.) |
|
| Write | - |
The directory’s contents cannot be altered. |
w |
The directory’s contents can be altered. (e.g. You can create new files, delete files ..etc.) | |
| Execute | - |
The directory cannot be changed to. |
x |
The directory can be navigated using cd. |
|
s |
If found in the user triplet, it sets the setuid bit. If found in the group triplet it sets the setgid bit. It also means that x flag is set. When the setgid flag is set on a directory the new files created within it inherits the directory group ID (GID), instead of the primary group ID of the user who created the file. setuid has no effect on directories. |
|
S |
Same as s but the x flag is not set. This flag is useless on directories. |
|
t |
If found in the others triplet it sets the sticky bit. It also means that x flag is set. When the sticky bit is set on a directory, only the file’s owner, the directory’s owner, or administrative user can delete or rename the files within the directory. |
|
T |
Same as t but the x flag is not set. This flag is useless on directories. |
Using chmod
The chmod command is written in the following format:
chmod [OPTIONS] MODE FILE...
The chmod command lets you change a file's permissions using a symbolic or numeric mode, as well as a reference file. Later in this tutorial, we'll go over the modes in greater depth. As arguments, the command can take one or more files and/or folders separated by spaces.
A file's permissions can only be changed by root, the file owner, or a user with sudo access. When using chmod, be extremely cautious, especially if you're modifying permissions recursively.
Symbolic (Text) Method
When using the symbolic mode, the syntax of the chmod command is as follows:
chmod [OPTIONS] [ugoa…][-+=]perms…[,…] FILE...
The first set of flags, ([ugoa…]), defines which user's classes have their file permissions altered.
u- The owner of the file.g- The users who belong to the group.o- Everyone else.a- All users, the same asugo.
If the user's flag is not specified, the default value is a, and umask permissions are unaffected.
The operation flags, the second set of flags ([-+=]), determine whether permissions are to be withdrawn, added, or set:
=- Changes the existing permissions to the supplied permissions. All rights from the specified user class are removed if no permissions are specified following the=sign.-- Removes the specified permissions.+- Adds the specified permissions.
Permissions (perms...) can be established explicitly by entering zero or one or more of the letters r, w, x, X, s, and t. When copying rights from one user class to another, use a single letter from the set u, g, and o.
Use commas (no spaces) to separate the symbolic modes when defining rights for several user classes ([,…]).
In symbolic mode, below are some examples of how to use the chmod command:
- Give group members permission to read the file, but not to write to it or execute it:
chmod g=r filename
- For all users, disable the execute permission:
filename
- Remove the write permission for all other users in a recursive manner:
chmod -R o-w dirname
- All users except the file's owner should have read, write, and execute permissions removed:
chmod og-rwx filename
- The following form can also be used to accomplish the same thing:
chmod og= filename
- Give the file's owner read, write, and execute permissions, as well as read permissions to the file's group and no permissions to everyone else:
chmod u=rwx,g=r,o= filename
- Add the permissions of the file's owner to the permissions of the file's group members:
chmod g+u filename
- Toggle a sticky bit in a directory:
chmod o+t dirname
Numeric Method
When using the numeric technique, the chmod command has the following syntax:
chmod [OPTIONS] NUMBER FILE...
You can specify rights for all three user classes (owner, group, and all others) at the same time while utilizing the numeric mode.
The NUMBER can be three or four digits long.
When a three-digit number is used, the first digit represents the file's owner's permissions, the second represents the file's group, and the third represents all other users.
The following number value is assigned to each write, read, and execute permission:
r= 4 (read)w(write) = 2x(execute) = 1- no permissions = 0
The total of the values of the permissions for a certain user class represents the number of permissions for that group.
Calculate the totals for all user classes to determine the file's permissions in numeric mode. For example, to provide the file's owner read, write, and execute permissions, read and execute permissions to the file's group, and just read permissions to all other users, you'd do the following:
- Owner: rwx=4+2+1=7
- Group: r-x=4+0+1=5
- Others: r-x=4+0+0=4
We arrive at the number 754, which reflects the needed permissions, using the approach outlined above.
Use a four-digit number to set the setuid, setgid, and sticky bit flags.
The first digit of a four-digit number has the following meaning:
- setuid=4
- setgid=2
- sticky=1
- no changes = 0
The meaning of the next three digits is the same as when using a three-digit number.
If the initial digit is 0, the model can be represented with only three digits. The numeric mode 0755 is the same as the numerical mode 755.
Another method (binary method) can be used to calculate the numeric mode, however, it is a little more involved. For most users, knowing how to calculate the numeric mode using 4, 2, and 1 is sufficient.
The stat command can be used to check the file's permissions in numeric notation:
stat -c "%a" filename
Output
644
In numeric mode, here are some examples of how to use the chmod command:
- Give the file's owner read and write permissions, but only give group members and other users read permissions:
chmod 644 dirname
- Give the file's owner read, write, and execute permissions, group members read and execute permissions, and all other users no permissions:
chmod 750 dirname
- Give a directory read, write, and execute rights, as well as a sticky bit:
chmod 1777 dirname
- Set read, write, and execute permissions for the file owner and none for all other users on a directory recursively:
chmod -R 700 dirname
Using a Reference File
You can use the --reference=ref file option to make the file's permissions match those of the provided reference file (ref file).
chmod --reference=REF_FILE FILE
The following command, for example, will assign file1's permissions to file2.
chmod --reference=file1 file2
Recursively Change the File’s Permissions
Use the -R(--recursive) option to recursively act on all files and folders beneath the supplied directory:
chmod -R MODE DIRECTORY
To set the permissions of all files and subdirectories in the /var/www directory to 755, for example, type:
chmod -R 755 /var/www
Operating on Symbolic Links
Symbolic links have 777 permissions by default.
By default, when modifying the permissions of a symlink, chmod also changes the permissions of the file that the link points to.
chmod 755 symlink
You'll probably get a "can't access symlink': Permission refused" error instead of updating the target ownership.
The problem occurs because symlinks are protected by default on most Linux versions, and you cannot operate on target files. /proc/sys/fs/protected symlinks specify this option. 1 indicates that the item is enabled, whereas 0 indicates that it is disabled. It's not a good idea to turn off the symlink protection.
Changing File Permissions in Bulk
There are instances when you'll need to adjust the permissions of many files and directories.
The most usual scenario is to set the permissions of the website file to 644 and the directory's permissions to 755.
Using the numerical approach:
find /var/www/my_website -type d -exec chmod 755 {} \;
find /var/www/my_website -type f -exec chmod 644 {} \;
Using the symbolic technique is as follows:
find /var/www/my_website -type d -exec chmod 755 {} \;
find /var/www/my_website -type f -exec chmod 644 {} \;
The find command will look for files and directories in /var/www/my_website and give each one to the chmod program, which will change the permissions.
FAQs on chmod Command in Linux (File Permissions)
What are the different permission types used with "chmod"?
The permission types used with "chmod" are read (r), write (w), and execute (x). These permissions can be set for the file's owner, group, and others. Additionally, there are special permissions like setuid, setgid, and sticky that can be set.
How can I set permissions for multiple users or groups with "chmod"?
To set permissions for multiple users or groups, you can utilize the symbolic method with comma-separated values. For example, "chmod u+r,g+w file.txt" adds read permission for the user and write permission for the group.
Can I change permissions recursively for directories and their contents?
Yes, the "-R" option with "chmod" allows you to change permissions recursively for directories and their contents. This is useful for modifying permissions of multiple files and subdirectories within a directory.
How can I view the current permissions of a file or directory?
You can use the "ls -l" command to view the current permissions of a file or directory. The permissions are displayed as a series of letters and symbols in the output.
What is the meaning of the numbers displayed in the permissions output?
The numbers represent the octal value of the permissions. The first digit indicates the special permissions, while the next three digits represent the permissions for the owner, group, and others respectively.
Can regular users change permissions on any file in Linux?
Regular users can only change permissions on files and directories they own. However, the root user (superuser) has the authority to change permissions on any file or directory.
Are there any security implications to be aware of when using "chmod"?
Yes, misconfiguring file permissions can have security implications. It is important to set appropriate permissions to maintain security, such as restricting write access to sensitive files and ensuring executable files are properly protected.
Conclusion
The chmod command modifies the permissions of a file. The symbolic or numeric mode can be used to set permissions.
Visit the chmod man page to learn more about chmod.
If you have any queries, please leave a comment below and we’ll be happy to respond to them.