chmod Command

The chmod command (change mode) modifies file and directory permissions in Linux and Unix systems. It controls who can read, write, or execute files, making it essential for system security and file access management.

Syntax

chmod [options] mode file...

Description

The chmod command changes the access permissions of files and directories. Permissions determine who can read (r), write (w), or execute (x) a file. There are three categories of users: owner (u), group (g), and others (o).

Permission structure: -rwxrwxrwx

  • First character: File type (- for file, d for directory)
  • Next 3 characters: Owner permissions (rwx)
  • Next 3 characters: Group permissions (rwx)
  • Last 3 characters: Others permissions (rwx)

Octal Notation

Permissions are represented by three-digit octal numbers:

  • 4 = Read (r)
  • 2 = Write (w)
  • 1 = Execute (x)

Add values together: 4+2+1=7 (rwx), 4+2=6 (rw-), 4+1=5 (r-x), 4=4 (r--)

Common Permission Values

Octal Symbolic Description Use Case
755 rwxr-xr-x Owner: rwx, Group/Others: r-x Executable files, directories
644 rw-r--r-- Owner: rw-, Group/Others: r-- Regular files, documents
600 rw------- Owner: rw-, Group/Others: --- Private files, config files
777 rwxrwxrwx Everyone: rwx Temporary files (use carefully)
700 rwx------ Owner: rwx, Group/Others: --- Private directories

Symbolic Notation

Use letters to modify permissions:

  • Who: u (user/owner), g (group), o (others), a (all)
  • Operation: + (add), - (remove), = (set exactly)
  • Permission: r (read), w (write), x (execute)

Examples: u+x (add execute for owner), go-w (remove write for group and others)

Examples

Octal notation examples

chmod 755 script.sh # Make script executable
chmod 644 document.txt # Standard file permissions
chmod 600 private.key # Private file (owner only)
chmod 777 temp_dir/ # Full permissions (use carefully)

Set specific permission combinations using three-digit octal numbers

Symbolic notation examples

chmod +x script.sh # Make executable for all
chmod u+x script.sh # Make executable for owner only
chmod go-w file.txt # Remove write for group and others
chmod u=rwx,go=rx dir/ # Set exact permissions

Add, remove, or set permissions using symbolic notation

Recursive permission changes

chmod -R 755 /var/www/ # Set permissions recursively
chmod -R u+w project/ # Add write permission for owner
chmod -R go-rwx private/ # Remove all permissions for group/others

Apply permission changes to all files and subdirectories

Multiple files

chmod 644 *.txt # Change all .txt files
chmod +x *.sh # Make all shell scripts executable
chmod 600 config.* secret.* # Set private permissions

Change permissions for multiple files using wildcards

Check permissions before and after

ls -l file.txt # Check current permissions
# -rw-r--r-- 1 user group 1234 Jan 21 10:30 file.txt
chmod 755 file.txt # Change permissions
ls -l file.txt # Verify changes
# -rwxr-xr-x 1 user group 1234 Jan 21 10:30 file.txt

Always verify permission changes with ls -l

🔒 Security Best Practices

  • Principle of least privilege: Give minimum permissions needed
  • Avoid 777: Never use full permissions unless absolutely necessary
  • Protect sensitive files: Use 600 for private files like SSH keys
  • Executable files: Use 755 for scripts and programs
  • Web files: Use 644 for web content, 755 for directories
  • Regular review: Periodically audit file permissions

Common Use Cases

  • Make script executable: chmod +x script.sh
  • Secure SSH keys: chmod 600 ~/.ssh/id_rsa
  • Web directory setup: chmod 755 public_html/
  • Config file security: chmod 640 /etc/config.conf
  • Log file permissions: chmod 644 /var/log/app.log
  • Temporary directory: chmod 1777 /tmp (with sticky bit)

See also