How to Use the Chmod Command in Linux

Introduction

The Linux chmod (Change Mode) command allows you to change permissions for files and directories. Chmod is crucial for managing user privileges on specific files and directories to ensure strict security and accessibility to specific authorized users. The command allows users to control who can access or modify particular files while maintaining the flexibility for collaboration in multi-user environments.

This article explains how to use the chmod command in Linux and provides practical examples to help you effectively manage file and directory permissions.

Understand File Permissions

Every Linux file and directory has associated users and permissions that determine who can read, write, or execute the file as explained below.

Linux File Users

Linux permissions involve three types of users:

• Owner (User): A user who owns a file.
• Group: A collection of users who share access to a file.
• Others: Other system users who don't own or belong to a group that owns the file.

Linux Permissions

Linux uses the following combination of letters or octal numbers to represent permissions:

• r: Read: Allows users to view files and directory contents.
• w: Write: Allows users to write, edit, and modify files and directory contents.
• x: Execute: Allows users to execute a file. For example, a script or binary program.

Linux displays files and directories permissions using a string of r,w, and x letters depending on the active permissions. For example, rwxr-xr-- represents:

• rwx: The owner has read, write, and execute permissions.
• r-x: All group users have read and execute permissions.
• r--: All system users (others) have read permissions.

View Active Permissions

Use the long list command (ls -l) to view the active permissions for a file or directory in a detailed format. For example, run the following command to view the active permissions for the sample.txt file.

$ ls -l sample.txt

Output:

-rwxr-xr-- 1 user group  4096 Sep  1 12:34 sample.txt

In the above output:

• The file owner has read, write, and execute (rwx) permissions.
• The group has only read and execute (r-x) permissions.
• Other users have only read (r--) permissions.

The chmod Command Syntax

The following is a basic chmod command syntax:

$ chmod [options] mode file/directory

In the command:

• [options]: Modifies the command's behavior. This flag is optional.
• mode: Specifies the new permissions mode.
• file/directory: Sets the file or directory affected by the permissions.

Common chmod Command Options

The following are the most common chmod command options:

Create Sample Directories and Files

This article uses the following sample files and directories to test permissions. Follow the steps below to create the samples.

1. Create three sample .txt files.

   console Copy

   $ touch file1.txt file2.txt file3.txt
   

2. Create directory, directory1, dir, shared, and shared/directory sample directories.

   console Copy

   $ mkdir directory directory1 dir shared shared/directory
   

3. Create a new backup.sh file.

   console Copy

   $ touch backup.sh
   

Set File and Directory Permissions

When running the chmod command, you can specify permissions using symbolic or numeric modes. Follow the sections below to use the chmod command with symbolic and numeric modes.

Symbolic Mode

This mode represents permissions using letters:

• u: User.
• g: Group.
• o: Others.
• a: All (owner, group, and others).

To change permissions in symbolic mode, use the following operators:

• +: Adds a permission.
• -: Removes a permission.
• =: Sets a permission (removes all other permissions not specified).

For example:

• u+r: Sets read permission for the owner.
• g-w: Removes write permission for the group.
• o=x: Sets execute permission for others.

Change Permissions Using the chmod Command in Symbolic Mode

1. Grant execute permissions to the owner of the file.txt file.

   console Copy

   $ chmod u+x file.txt
   

   The u represents the user (owner) and +x adds the execute permission.

   

2. Remove write permissions for a group.

   console Copy

   $ chmod g-w file.txt
   

   The g represents the group, and -w removes the write permissions.

   

3. Grant read and write permissions to others.

   console Copy

   $ chmod o=rw file.txt
   

   The o refers to others while =rw sets the read and write permissions.

   

Numeric (Octal) Mode

This mode allows you to set permissions using a three-digit octal number representing read, write, or execute permissions. The following are the numeric values for each permission:

• 4: Read.
• 2: Write.
• 1: Execute.

You can also combine the numbers to form a specific group of permissions as follows:

• 7 (rwx): Read (4), write (2), and execute (1).
• 6 (rw-): Read (4) and write (2).
• 5 (r-x): Read (4) and execute (1).
• 4 (r--): Read only.
• 3 (-wx): Write (2) and execute (1).
• 2 (-w-): Write only.
• 1 (--x): Execute only.
• 0 (---): No permissions.

For example:

• 777: Grants full read, write, and execute permissions for all users.
• 755: Grants full access for the owner and sets only read and execute permissions for the group and other users.
• 644: Grants read and write permissions for the owner and read-only permissions for the group and other users.

Change Permissions Using the chmod Command in Numeric Mode

1. Grant 755 permissions to the file.txt file.

   console Copy

   $ chmod 755 file.txt
   

   The above command sets read, write, and execute permissions (7) for the file owner only and read and execute permissions (55) for the group and others.

   

2. Set the file permissions to 644.

   console Copy

   $ chmod 644 file.txt
   

   The above command sets read and write permissions (6) for the file owner and only read permissions (44) for the group and others.

   

Change Permissions Recursively

1. Change the permissions mode for the directory1 and all files in the subdirectories to 755.

   console Copy

   $ chmod -R 755 directory1
   

   The above command grants the directory owner full permissions and sets read and execute permissions for the group and others.

   

2. Change the file.txt permissions and display a detailed progress.

   console Copy

   $ chmod -v 755 file.txt
   

   The -v option displays detailed processing information.

   

3. Change permissions for the sample directory1 and display a detailed progress.

   console Copy

   $ chmod -Rv 755 directory1
   

   The -R option sets a recursive mode, and the -v option displays detailed processing information.

   

4. Change the permissions on multiple files at once.

   console Copy

   $ chmod 644 file1.txt file2.txt file3.txt
   

   The above command grants read and write permissions (6) to the file owner and read-only permissions (44) to the group and other users.

   

Use chmod with Special SUID, SGID, and Sticky Bit Permissions

Linux offers special permissions that allow enhanced control when executing files and managing directories in addition to the standard read, write, and execute permissions. Follow the steps below to use the chmod command with special Linux permissions.

SUID (Set User ID)

When you set the SUID bit on an executable file, the file runs with the owner's permissions, regardless of the user who executes the file. SUID is useful when standard users must run files that require elevated privileges. Follow the steps below to use SUID with the chmod command.

1. Set the SUID bit on. For instance, to set the SUID bit on for the file1.txt file, run the following u+s command.

   console Copy

   $ chmod u+s file1.txt
   

   The above command allows all users to execute the file with the owner's permissions.

   

SGID (Set Group ID)

The SGID bit applies to both files and directories:

• Executable files: SGID allows users to run a file with the group's privileges.
• Directories: New files or subdirectories inherit the directory's group and permissions instead of a user's group.

Set the SGID bit on a directory such as directory1.

$ chmod g+s directory1

The above command allows any files created within the directory to inherit the directory's group instead of the user's group.

Sticky Bit

The sticky bit applies to directories and ensures that only the file owner or the root user can delete or rename files within the directory. Sticky bit disables modification privileges even if the group or other users have write permissions on a directory. Use this permission with shared directories like /tmp.

Set a directory's sticky bit on. For instance, directory.

$ chmod +t directory

The above command ensures that only the file owner or the root user can delete or rename files in the directory.

Advanced chmod Command Usage

1. Find all .txt files and set the file permissions to 644.

   console Copy

   $ find . -name "*.txt" -exec chmod 644 {} \;
   

   The above command finds all .txt files in your working directory . and executes the chmod 644 command to apply new permissions to each file.

   

2. Set specific permissions for all files in a directory but keep the directory unchanged.

   console Copy

   $ find /dir -type f -exec chmod 644 {} \;
   

   The above command finds all regular files and sets their permissions to 644.

   

3. Set directory permissions that allow all users in a group to add files and limit deleting files to the file owner or the root user.

   console Copy

   $ chmod 1770 /shared/directory
   

   In addition to the sticky bit, the above command grants read, write, and execute permissions for the subdirectory's owner and group.

   

4. Allow only the backup.sh file owner to execute the file and restrict other users.

   console Copy

   $ chmod 700 backup.sh
   

   The above command grants the file owner read, write, and execute permissions and removes all permissions to the group and other users.

   

Conclusion

You have used the chmod command in Linux to manage file and directory permissions effectively. The chmod command provides access control for your Linux system. For more flexibility, security, and advanced permissions, use the SUID, SGID, and sticky bit permissions.