What it is
chmod is a command-line utility for changing file and directory permissions on Unix-like operating systems. You reach for it when you need to control who can read, write, or execute a file or directory.
Installation
chmod is a standard Unix utility and is pre-installed on virtually all Linux and macOS systems.
Core Concepts
File permissions are typically represented in two ways:
-
Symbolic Notation: Uses letters to represent user categories and permissions.
- User Categories:
u: User (owner of the file)g: Group (users in the file’s group)o: Others (everyone else)a: All (equivalent tougo)
- Permissions:
r: Readw: Writex: Execute
- Operators:
+: Add a permission-: Remove a permission=: Set permissions exactly (overwrites existing)
- User Categories:
-
Octal Notation: Uses a three-digit number where each digit represents permissions for the owner, group, and others, respectively.
- Values:
4: Read (r)2: Write (w)1: Execute (x)
- Combinations:
7:rwx(4+2+1)6:rw-(4+2)5:r-x(4+1)4:r--(4)3:-wx(2+1)2:-w-(2)1:--x(1)0:---(no permissions)
- Values:
Commands / Usage
Changing Permissions (Symbolic Notation)
-
Add execute permission for the owner:
chmod u+x my_script.shAdds execute permission (
x) for the user (u) tomy_script.sh. -
Remove write permission for the group and others:
chmod go-w my_document.txtRemoves write permission (
w) for the group (g) and others (o) frommy_document.txt. -
Set permissions for owner to read/write, group to read-only, and others to none:
chmod u=rw,g=r,o= my_config.confSets permissions precisely for
my_config.conf: ownerrw, groupr, others no permissions. -
Add read and write permission for everyone:
chmod a+rw shared_file.dataAdds read (
r) and write (w) permissions for all (a) toshared_file.data. -
Make a file executable by everyone:
chmod +x my_programThis is shorthand for
a+x, adding execute permission for all user categories.
Changing Permissions (Octal Notation)
-
Make a script executable by the owner, readable by group and others:
chmod 744 my_script.shSets permissions to
rwxr--r--formy_script.sh(ownerrwx, groupr--, othersr--). -
Make a file readable and writable by the owner, and readable by the group:
chmod 640 sensitive_data.csvSets permissions to
rw-r-----forsensitive_data.csv(ownerrw-, groupr--, others---). -
Give full permissions to the owner, and read/execute to group and others:
chmod 755 public_html/index.htmlSets permissions to
rwxr-xr-xforpublic_html/index.html(ownerrwx, groupr-x, othersr-x). -
Remove all permissions for others:
chmod 660 private_file.txtSets permissions to
rw-rw----forprivate_file.txt(ownerrw-, grouprw-, others---).
Recursive Permissions
-
Make all files in a directory readable and writable by the owner:
chmod -R u+rw project_files/Recursively (
-R) adds read (r) and write (w) permissions for the user (u) to all files and directories withinproject_files/. -
Make all files executable by the owner, and directories executable by group and others:
find project_files/ -type f -exec chmod u+x {} \; find project_files/ -type d -exec chmod g+x,o+x {} \;This is a common pattern: first, find all files (
-type f) and add execute for the owner (u+x). Then, find all directories (-type d) and add execute for group and others (g+x,o+x). This ensures scripts can run and directories can be traversed.
Changing Ownership (Related Commands)
While chmod changes permissions, chown and chgrp change ownership.
-
Change owner of a file:
chown jane:devs my_project/main.pyChanges the owner to
janeand the group todevsformy_project/main.py. -
Change only the group of a file:
chgrp users important_document.pdfChanges the group of
important_document.pdftousers.
Common Patterns
-
Making a script executable:
chmod +x run_backup.shThis is the most frequent use case for scripts.
-
Setting standard web server permissions (owner: read/write, group: read, others: none):
chmod 640 web_config.phpCommon for sensitive configuration files.
-
Setting standard directory permissions for web content (owner: rwx, group: rx, others: rx):
chmod 755 public_directory/Allows traversal and execution for web server processes.
-
Setting standard file permissions for web content (owner: rw, group: r, others: r):
chmod 644 static_asset.cssAllows reading by everyone, writing only by the owner.
-
Securing sensitive files (owner: rw, group: none, others: none):
chmod 600 private_key.pemOnly the owner can read or write.
-
Restricting access to only the owner:
chmod 700 private_script.shOnly the owner can read, write, and execute.
-
Resetting permissions to default (often 644 for files, 755 for directories):
# For files find . -type f -exec chmod 644 {} \; # For directories find . -type d -exec chmod 755 {} \;Useful after cloning a repository or if permissions have been messed up.
Gotchas
- Execute permission on directories: For directories, the
xpermission means "can enter or traverse the directory". Without it, you cannotcdinto it or list its contents, even if you have read permissions. - The
-Rflag is powerful: Usingchmod -Rcan have unintended consequences if applied to the wrong directory. Always double-check the path. - Octal vs. Symbolic: While octal is concise, symbolic notation is often more readable for specific changes like "add execute for owner only".
- Umask: The default permissions for newly created files and directories are determined by the
umasksetting of the user.chmodoverrides these defaults. - ACLs (Access Control Lists): Some systems support ACLs, which provide more granular permissions than the standard owner/group/others.
chmodmight not fully manage these; tools likesetfaclandgetfaclare used for ACLs. - Root privileges: You can only change permissions on files you own, unless you are the root user (or have
sudoprivileges).