Table of Contents
Understanding `chmod`: Changing File Permissions
In this chapter you’ll learn how to change permissions, assuming you already understand what users, groups, and the r, w, x bits are.
We’ll focus on:
- The
chmodcommand - Symbolic vs numeric (octal) modes
- Recursive changes
- Common real-world patterns
- Avoiding dangerous mistakes
The `chmod` Command: Basic Usage
chmod (change mode) is used to modify the permission bits of files and directories.
Basic syntax:
chmod [OPTIONS] MODE FILE...MODEdescribes what permissions to set or modifyFILEis one or more files or directories- Use
sudoif you’re not the owner and need elevated privileges
Symbolic Mode: Human-Readable Permission Changes
Symbolic mode lets you describe which permissions to add/remove/change using letters.
Parts of a symbolic mode
A symbolic mode looks like:
[who][operator][permissions]who(who to affect):u– user (owner)g– groupo– othersa– all (u+g+o); default if omittedoperator:+– add permission(s)-– remove permission(s)=– set permission(s) exactly (replace existing)permissions:r– readw– writex– execute (or “enter” for directories)X– execute only if it’s a directory or already executable- (there are also special bits like
sandt, usually for advanced topics)
You can chain multiple symbolic instructions separated by commas:
chmod u+r,g-w,o= fileCommon symbolic examples
Make a script executable for its owner
chmod u+x script.sh- Only the owner gets execute permission added
Allow group read access
chmod g+r report.txtRemove write permission from others
chmod o-w notes.txtGive everyone read permission
chmod a+r picture.jpg
# Same as:
chmod ugo+r picture.jpgSet exact permissions for others (override)
chmod o=rx public_script.sho=clears all existingotherspermissions, then addsrandx
Multiple changes in one command
chmod u=rw,g=r,o= file.txt- User:
rw- - Group:
r-- - Others:
---
Using `X` (capital X) safely
X adds execute only to:
- directories
- or files that already had execute set for someone
Example: Make a directory tree readable and searchable by others, but don’t accidentally make all files executable:
chmod -R o+rX shared_dir- Directories: get
x(so others can enter them) - Existing executable files: keep
x - Non-executable files: no new
x
Numeric (Octal) Mode: Precise Permission Settings
Numeric mode uses numbers to set all three permission groups (user, group, others) at once.
You map r, w, x to bits:
r= 4w= 2x= 1
For each of user (u), group (g), others (o), you add the values:
0–---(no permissions)1–--x2–-w-3–-wx4–r--5–r-x6–rw-7–rwx
So an octal mode is usually three digits:
$$
\text{mode} = U \, G \, O
$$
Where each of U, G, O is from 0–7.
Numeric examples
`chmod 644 file`
- User:
6=4+2=rw- - Group:
4=r-- - Others:
4=r--
Permissions: rw-r--r-- – very common for text files.
chmod 644 document.txt`chmod 600` – private file
chmod 600 secret.txt- User:
rw- - Group:
--- - Others:
---
Good for private keys, personal notes, etc.
`chmod 755` – typical program/script
chmod 755 script.sh- User:
rwx - Group:
r-x - Others:
r-x
Common for executables under/usr/bin,/usr/local/bin, etc.
`chmod 700` – private directory or script
chmod 700 private_dir
chmod 700 backup.sh- Only owner can read, write, execute (or enter the directory).
Choosing Symbolic vs Numeric
Use symbolic when:
- You want to adjust permissions relative to current ones (e.g. just “add execute for user”)
- You’re not sure about the existing bits, and only want to tweak
Use numeric when:
- You want to set an exact known pattern (e.g. “make it
644”) - You’re scripting and want predictable results
Changing Permissions Recursively
To change permissions for a directory and everything inside it, use -R:
chmod -R MODE DIRECTORY
Example: Make everything in project readable and writable by the owner only:
chmod -R 700 project
Be careful: -R can affect a lot of files. Always double-check the path and mode.
Different permissions for files and directories
Sometimes you want:
- One mode for directories
- Another mode for files
You can’t express that in one chmod call without additional tools, but you can combine find + chmod (just conceptually here):
# Directories: 755
find mydir -type d -exec chmod 755 {} +
# Files: 644
find mydir -type f -exec chmod 644 {} +This pattern is common when fixing permissions in web projects, Git repos, etc.
Practical Permission Patterns
Here are some patterns you’ll see often:
1. A typical text file (config, document)
- Mode:
644(rw-r--r--)
chmod 644 file.txt2. Private config or secret
- Mode:
600or400
chmod 600 id_rsa
chmod 400 id_rsa # read-only for owner3. Private scripts or directories
- Mode:
700
chmod 700 backup.sh
chmod 700 ~/private4. Shared project directory (group-based collaboration)
If multiple users in the same group work on project:
chmod 775 project- Owner:
rwx - Group:
rwx - Others:
r-x
Often combined with group ownership and other settings (handled in another chapter).
Permissions on Directories vs Files
Changing permissions works the same syntactically, but the meaning of bits on directories matters:
r– list directory contents (ls)w– create/delete/rename entries insidex– “enter” the directory (cd), access contents by name
Common directory modes:
755– world-readable, only owner can modify700– private directory775– shared directory for a group
Viewing Changes: Using `ls -l`
Always verify what you did:
ls -l file
ls -ld directoryls -l fileshows file permissions and ownerls -ld directoryshows the directory’s own permissions, not its contents
Example:
$ ls -l script.sh
-rw-r--r-- 1 alice alice 1234 Dec 1 12:00 script.sh
$ chmod u+x script.sh
$ ls -l script.sh
-rwxr--r-- 1 alice alice 1234 Dec 1 12:00 script.shSafety Tips and Common Mistakes
- Avoid
chmod 777on anything important: - Gives full control to everyone
- Huge security risk, especially on shared systems or servers
- Be extra careful with
-R: - A small typo (e.g.
/etcinstead of~/etc) can break the system - When in doubt, test
lsorfindfirst to see what you’ll affect - Don’t change permissions in system directories unless you know why:
- Many files in
/bin,/usr,/lib, etc. have carefully set modes - Remember that permissions don’t override ownership:
- If you’re not the owner (and not
root),chmodmay fail - Use
sudo chmod ...if necessary and appropriate
Practice Ideas
To get comfortable with chmod, try:
- Create a file and:
- Set it to
600, then to644, then to664using numeric modes. - Create a script file:
- Add execute for user with symbolic mode.
- Make a directory tree:
- Give it sensible permissions using
-Rand then adjust withX. - Experiment:
- Use
ls -lbefore and after eachchmodto see exactly what changed.
By combining symbolic and numeric modes, and by understanding the impact on files vs directories, you can precisely control who can do what with every file on your system.