Table of Contents
Understanding Permission Changes
In Linux, every file and directory has three sets of permissions, one for the owner, one for the group, and one for others. Changing these permissions lets you control who can read, write, or execute a file. The main tool you will use for this is the chmod command.
You will not change who owns a file here, only what each class of user is allowed to do with it.
Remember: Permissions control what users can do with a file. Ownership controls who the file belongs to. They are related but different concepts.
The `chmod` Command
The standard way to change permissions is with chmod. Its general structure is:
chmod [options] mode file
The mode part describes the new permissions. There are two main styles of modes you will see and use, symbolic mode and numeric (octal) mode. Both end up doing the same thing, they just express the changes in different ways.
Symbolic Mode
Symbolic mode describes changes in words and symbols that look close to plain English. It focuses on who you want to affect, what kind of change you want, and which permissions you are changing.
The basic pattern is:
[who][operator][permissions]
The who part can be:
ufor user (the owner)gfor groupofor othersafor all (user, group, and others)
The operator can be:
+to add a permission-to remove a permission=to set permissions exactly, replacing existing ones
The permissions can be:
rfor readwfor writexfor execute
For example, if you have a script file called run.sh and you want to make it executable by its owner, you can run:
chmod u+x run.sh
This does not affect any existing group or others permissions. It only adds execute permission for the owner.
If you want to remove write access for others on a file called notes.txt:
chmod o-w notes.txt
If you want to give everyone read permission on public.txt:
chmod a+r public.txt
You can also combine several changes at once by separating them with commas. For example:
chmod u+w,g-w,o-rwx file.txt
This adds write permission for the owner, removes write permission for the group, and removes all permissions for others in a single command.
You can also specify multiple who values together. For instance, to remove execute permission from user and group at once:
chmod ug-x script.sh
If you use = as the operator, you are telling chmod to set the permissions for that class exactly as given and clear anything else. For example:
chmod u=rwx,g=rx,o= file.txt
sets the user to read, write, execute; group to read and execute; and others to no permissions at all.
Using = replaces existing permissions for that class. Be careful not to remove something you still want by accident.
Numeric (Octal) Mode
Numeric mode describes permissions with a three or four digit number. Each digit represents a set of permissions using the sum of values for read, write, and execute.
For one user class, the mapping is:
- read: 4
- write: 2
- execute: 1
You add these values together to form a single digit. Some examples for one class:
0means no permissions1means execute only2means write only3means write and execute (2 + 1)4means read only5means read and execute (4 + 1)6means read and write (4 + 2)7means read, write, and execute (4 + 2 + 1)
A full permission set for a file or directory usually uses three digits, one for user, one for group, and one for others, in that order.
For example, chmod 644 file.txt sets:
- user to 6 (read + write)
- group to 4 (read)
- others to 4 (read)
chmod 755 script.sh sets:
- user to 7 (read + write + execute)
- group to 5 (read + execute)
- others to 5 (read + execute)
You can think of the three digits as $u,g,o$, and the value for each class is
$$\text{value} = 4 \cdot r + 2 \cdot w + 1 \cdot x$$
where $r,w,x$ are either 0 or 1 depending on whether that permission is set.
Common patterns: 644 for regular text files and configuration files, 755 for most executable programs and scripts, and 600 or 700 for private files that only the owner should access.
Sometimes you will see a fourth digit at the beginning, which handles special bits such as setuid, setgid, and the sticky bit. Those special permissions are covered elsewhere, but the idea is similar: the extra digit is another sum that controls special behavior.
Changing Permissions Recursively
Often you want to change permissions not only on a directory, but on everything inside it. For this, you can use the -R (recursive) option:
chmod -R 755 mydir
This walks through mydir and all its subdirectories, changing each item it finds. This can be convenient, but you must use it carefully because it may end up making many more changes than you expect.
It is usually a good idea to inspect what you are about to change. One approach is to combine find with chmod to be more selective, for example targeting only directories or only files. Such combinations are more advanced and are typically used when you want different permissions for directories and files under the same tree.
Using chmod -R on system directories like / or /etc can break your system. Only use recursive changes when you understand exactly which files will be affected.
Using `chmod` Safely
In practice you will use both symbolic and numeric modes. Symbolic mode can be easier when you want to make small adjustments, such as adding execute permission without changing anything else. Numeric mode is very compact when you already know the full final permission pattern you want.
Before changing permissions on unfamiliar files, it is often useful to look at the current settings using ls -l. You can then adjust carefully. After using chmod, you can check again with ls -l to confirm that the change had the intended effect.
On files that affect system security, such as SSH keys or configuration files, you may also find instructions that require very specific numeric modes. Following those exactly is important, because incorrect permissions can cause services to refuse to run or can expose sensitive data.
With experience, you will start to recognize common patterns and when to use each mode. The key idea is that chmod only changes what you tell it to change, using either symbolic adjustments or complete numeric patterns.