Overview
The chmod command is a fundamental tool for security management in Linux. It sets access permissions—”who” (owner, group, others) can do “what” (read, write, execute)—for files and directories. You will use this command frequently for tasks like setting up web servers or making shell scripts executable.
Specifications (Arguments and Options)
Syntax
chmod [options] mode filename
Main Arguments and Options
| Option | Description |
-R | Changes permissions for all files and directories within a folder recursively. |
-f | Forces the change and hides error messages (e.g., if permissions are insufficient). |
-c | Shows details only when an actual change is made. |
--reference=<file> | Applies the same permissions as the specified reference file. |
File Type Symbols
When you run ls -l, the first character of the output tells you the file type.
| Symbol | File Type | Description |
- | Regular file | Text files, binary files, etc. |
d | Directory | Folders. |
l | Symbolic link | A shortcut to another file. |
c | Character device | Input/output devices (mouse, terminal). |
s | Socket | Files used for inter-process communication. |
Access Permission Symbols
| Symbol | Name | Meaning (File) | Meaning (Directory) |
| r | Read | Can read the content. | Can list files (ls). |
| w | Write | Can edit or overwrite the content. | Can create or delete files. |
| x | Execute | Can run as a program. | Can enter the directory (cd). |
Permission Numbers (Mode Bits)
Permissions are often specified as a three-digit octal number (e.g., 755, 644). You calculate these by adding the following values:
| Symbol | Binary | Octal Value | Meaning |
--- | 000 | 0 | No permissions |
--x | 001 | 1 | Execute only |
-w- | 010 | 2 | Write only |
-wx | 011 | 3 | Write + Execute |
r-- | 100 | 4 | Read only |
r-x | 101 | 5 | Read + Execute |
rw- | 110 | 6 | Read + Write |
rwx | 111 | 7 | Full access (Read, Write, Execute) |
Basic Usage
This is the most common way to change file permissions by specifying the numeric mode.
Command
# Set permissions to: Owner (6=rw), Group (4=r), Others (4=r)
chmod 644 sample.txt
# Verify
ls -l sample.txt
Execution Result
-rw-r--r-- 1 user user 0 Jan 20 10:00 sample.txt
Practical Commands
Restrict Access to Only Yourself (Confidential Files)
Use this for sensitive data like SSH private keys to block access from all other users.
# Only the owner can read/write (4+2=6), others have no access (0)
chmod 600 secret_key.pem
# Even stricter: read-only for the owner
chmod 400 private_memo.txt
-rw------- 1 user user 1024 Jan 20 10:05 secret_key.pem
-r-------- 1 user user 512 Jan 20 10:05 private_memo.txt
Give Execution Permission to Shell Scripts
To run a script, you must grant it the x (execute) permission. You can do this using numbers or symbols.
# Method 1: Numeric (Owner has all, others have read/execute)
chmod 755 deploy_script.sh
# Method 2: Symbolic (Add execute permission to current settings)
chmod +x deploy_script.sh
# Run the script
./deploy_script.sh
Change Permissions for a Specific Group
You can add or remove permissions for specific categories (u=user, g=group, o=others).
# Add (+) Read (r) and Execute (x) permissions for the Group (g)
chmod g+rx /var/www/cgi-bin/app.cgi
# Remove (-) Write (w) permission from Group (g) and Others (o)
chmod go-w shared_doc.txt
Apply Changes Recursively to a Directory
Use this to change permissions for a folder and everything inside it at once.
# Add Read (r) permission for the group to all files in the html directory
chmod -R g+r /var/www/html/
Customization Points
- Numbers vs. Symbols: Use numbers (e.g., 755) when you want to force a specific state. Use symbols (e.g.,
+x) when you want to add or remove a specific permission while keeping the rest unchanged. - Directory Permissions: To list files in a folder, you need
r. To enter a folder (cd), you needx. Most directories are set to 755 or 700.
Important Notes
- Avoid chmod 777: Setting permissions to 777 (everyone can do everything) is dangerous. It makes your system vulnerable to hacking. Always use the minimum required permissions (e.g., 755 or 644).
- Ownership: You cannot change the permissions of a file owned by another user unless you use
sudo. - Recursive Risks: Running
chmod -R 755on a directory makes every single file inside it executable, even text files. It is usually better to set different permissions for files and directories.
Applications
Set Different Permissions for Directories and Files at Once
Using the find command is the best way to set directories to 755 and files to 644 recursively.
# Set only directories to 755
find /var/www/html -type d -exec chmod 755 {} \;
# Set only files to 644
find /var/www/html -type f -exec chmod 644 {} \;
Summary
The chmod command is essential for controlling both security and program execution in Linux. Correct permissions act as a shield against unauthorized access. When building servers or creating scripts, always try to grant the minimum permissions necessary for the task. Understanding both numeric (755, 644) and symbolic (+x, g+w) methods will help you manage your system efficiently.
