On Unix-like operating systems, the chmod command sets file or directory permissions.
This page describes the GNU/Linux version of chmod
.
Description
In Unix-like operating systems,
a set of flags associated with each file determines who can access that file and how they can access it. These flags are called permissions or file modes, as in “access mode.” The name of the chmod command stands for “change mode.” Restricts how a file can be accessed.
For more information about file modes, see: What are file permissions and how do they work? in our umask command documentation. Contains a complete description of how to define and specify file permissions.
In general, chmod commands take the form: chmod options permissions filename
If no option is specified, chmod modifies the permissions of the file specified by file name to the permissions specified by permissions.
permissions defines
permissions for the owner of the file (the “user”), members of the group
owner of the file (the “group”), and anyone else (“others”). There are two ways to represent these permissions: with symbols (alphanumeric characters) or with octal numbers (the digits 0 through 7).
Let’s say you are the owner of a file called myfile, and you want to set your permissions so that: the
u can be r ead, w rite, y e x ecute;
- Members of your groupcan r ead and ex ecute; and
- otherscan only
- read.
This command does the trick:
chmod u=rwx,g=rx,o=r myfile
This example uses symbolic permissions notation. The letters u, g and o stand for “user“, “group” and “other“. The equal sign (“=“) means “set permissions exactly like this,” and the letters “r“, “w” and “x” stand for “read”, “write” and “execute”, respectively. Commas separate the different classes of permissions and there are no spaces between them.
Here
is the equivalent command using octal permission notation:
chmod 754 myfile
Here the digits 7, 5, and 4 individually represent the permissions for the user, group, and others, in that order. Each digit is a combination of the numbers 4, 2, 1 and 0: 4 means “read”, 2 means “write”, 1 means “execute” and 0 means “without permission”. So 7 is the combination of permissions 4+2+1 (read, write, and execute), 5 is 4+0+1 (read, write, and execute), and 4 is
4+0+0
(read, do not write and do not execute).
chmod
syntax
[OPTION]… MODE[,MODE]… ARCHIVE… chmod [OPTION]… OCTAL MODE FILE… chmod [OPTION]… -reference=RFILE FILE…
Options
–c, –changes Like -verbose, but gives detailed output only when a change is made. -f, –silent, -quiet Silent mode; Delete most error messages. -v, -verbose verbose mode; Generates a diagnostic message for each processed file. –no-preserve-root Do not treat ‘/‘ (the root directory) in any special way, which is the default setting. –preserve-root Do not operate recursively on ‘/‘. -reference=RFILE Set permissions to match those of the RFILE file, ignoring any specified MODE. –R, –recursive Change files and directories recursively. -help Display a help message and exit. -version Output and output version information.
Technical description
chmod changes the file mode of each specified file according to MODE, which can be a symbolic representation of the changes to be made, or an octal number representing the bit pattern for the new mode bits
.
The format of a symbolic mode is:
[ugoa…] [[
+-=][permanent…] …]
where perms is zero or more letters of the set r, w, x, x, s and t, or a single letter of the set u, g and o. Multiple symbolic modes can be given, separated by commas.
A combination of the letters u, g, or and a controls which users will access the file will be changed: the user who owns it (u), other users in the file group (g), other users who are not in the file group (o), or all users (a). If none of these are given, the effect is as if it were given to, but the bits that are set in the mask are not affected.
The + operator causes the selected file mode bits to be added to the existing file mode bits of each file; – causes them to be deleted; y = causes unmentioned bits to be added and removed, except that unmentioned user ID and group bits in a directory are not affected.
The letters r, w, x, X
, s, and t select file mode bits for affected users: read (r), write (w), execute (x), execute only if the file is a directory or already has execute permission for some user (X), set user or group ID on execution(s), restricted delete indicator, or sticky bit (t). For directories, the X and X run options define the permission to view the contents of the directory.
Instead of one or more of these letters, you can specify exactly one of the letters u, g, or o: the permissions granted to the user who owns the file (u), the permissions granted to other users who are
members of the file group (g), and the permissions granted to users who are not in either of the previous two categories (o).
A numerical mode is one to four octal digits (0-7), derivatives by adding the bits with values 4, 2, and 1. The omitted digits are assumed to be leading zeros. The first digit selects the set user ID (4) and set group ID (2) and restricted deletion or sticky attributes (1). The second digit selects the permissions for the user who owns the read (4), write (2) and execute (1); the third selects permissions for other users in the file’s group, with the same values; and the fourth for other users who are not in the filegroup, with the same values.
chmod never changes the permissions of symbolic links; the chmod system call cannot change their permissions. However, this is not a problem as symbolic link permissions are never used. However, for each symbolic link that appears on the command line, chmod changes the permissions of the pointed file. In contrast, chmod ignores symbolic links found during recursive directory traverses.
Setuid and setgid bits
chmod clears the set-group-ID bit of a regular file if the file’s group ID does not match the user’s effective group ID or one of the user’s supplemental group IDs, unless the user has the appropriate privileges. Additional restrictions can cause the set-user-ID and set-group-ID bits of MODE or RFILE. This behavior depends on the policy and functionality of the underlying chmod system call. If in doubt, check the underlying behavior of the system.
chmod retains the set-user-ID and set-group-ID directory bits unless you explicitly specify otherwise. You can set or delete bits with symbolic modes such as u+s and g-s, and you can set (but not delete) bits with a numeric mode.
Restricted delete flag (or “sticky bit”) The
restricted delete indicator or sticky
bit
is a single bit, the interpretation of which depends on the file type. For directories, prevents unprivileged users from deleting or renaming a file in the directory unless they own the file or directory; This is called a restricted deletion flag for the directory, and is commonly found in world-writing directories such as /tmp. For normal files on some older systems, the bit saves the text image of the program on the swap device so that it loads faster when executed; This is called the sticky bit.
Viewing
permissions in the file list
A quick and easy way to list a file’s permissions is with the long list (-l) option of the ls command. For example, to view file.txt permissions, you can use the command: ls -l file.txt
… showing output similar to the following
: -rwxrw-r- 1 hope hopestaff 123 Feb 03 15:36 file.txt
Here’s what each piece of this information means
: – The first character represents the file type: “–” for a normal file, “d” for a directory, “l” for a symbolic link. RWX The following three characters represent the permissions for the owner of the file: the owner can read de, write to, ore xecute the file. Rw- The following three characters represent permissions for filegroup members. Any member of the group that owns the file can go from or goto the file. The final hyphen is a placeholder; Group members do not have permission to run this file. r- The permissions for “other” (all others). Others can only retrievethis file. 1 The number of hard links to this file. hope The owner of the file’s. Hopestaff Group to which the file belongs. 123 File size in blocks. Feb 03 15:36 The mtime of the file (date and time the file was last modified). file.txt name of the file.
Chmod
644 file examples.htm
Set file permissions.htm to “owner can read and write; group can read only; others can read only “.
chmod -R 755 myfiles
Recursively (-R) Change the permissions of the myfiles directory, and all folders and files in it, to 755 mode. The user can read, write and execute; Group members and other users can read and execute, but cannot write.
chmod u=rw sample.jpg Change the
permissions for the owner of the sample.jpg so that the owner can read and write the file. Do not change permissions for the group or others.
chmod u+s comphope.txt Set the “Set-User-ID” bit of comphope.txt,
so that anyone who tries to access that file does so as if they were the owner of the file. chmod u-s comphope
.txt
The opposite of the previous command; disables the SUID bit.
chmod 755.cgi Set
the file permissions.cgi to “read, write, and execute by owner” and “read and execute by group and all others”.
File chmod 666.txt
Set the file permission.txt to “read and written by everyone.”.
chmod a=rw.txt
It accomplishes the same as the previous command, using symbolic notation
.
chown related commands
—
Change ownership of files or directories. getfacl — Show file access control lists. ls — List the contents of a directory or directories.
