Linux chmod run permission

Modify File Permissions with chmod

Modify File Permissions with chmod

The chmod command allows users to change read and write permissions in Unix systems. In this guide, we will show you how to modify file and directory permissions with chmod.

Unix-like systems, including the Linux systems that run on the Linode platform, have an incredibly robust access control system that allows systems administrators to effectively permit multiple users access to a single system without giving every user access to every file on the file system. The chmod command is the best and easiest way to modify these file permissions.

This guide provides a brief overview of file permissions and the operation of the chmod command in addition to a number of practical examples and applications of chmod . If you find this guide helpful, please consider our basic administration practices guide and the Linux users and groups guide next.

Basics of Linux File Permissions

All file system objects on Unix-like systems have three main types of permissions: read, write, and execute access. Permissions are bestowed upon three possible classes: the owner, the group, and all other system users.

To view the file permissions of a set of files, use:

In the first column of the output, there are 10 characters that represent the permission bits. To understand why they are called permission bits, see the section on octal notation below.

A way to understand the meaning of this column is to divide the bits into groups.

File type	User	Group	Global
d Directory	rwx	r-x	r-x
— Regular file	rw-	r—	r—
l Symbolic Link	rwx	rwx	rwx

The first character represents the type of file. The remaining nine bits in groups of three represent the permissions for the user, group, and global respectively. Each stands for:

• r : Read
• w : Write
• x : eXecute

Note that access to files targeted by symbolic links is controlled by the permissions of the targeted file, not the permissions of the link object. There are additional file permissions that control other aspects of access to files.

How to Use chmod

In this guide, chmod refers to recent versions of chmod such as those provided by the GNU project. By default, chmod is included with all images provided by Linode, and as part of the common “base” selection of packages provided in nearly all distributions of Linux-based operating systems.

Changing File Permissions with chmod

To change the file permissions using chmod, run chmod

, swapping in the desired file permissions and the directory or file. The owner can change file permissions for any user, group or others by adding — to remove or + to add certain permissions. These permissions are categorized into read, write, or executable.

In the next few sections, we are going to dive deep into chmod syntax.

Using Symbolic Notation Syntax with chmod

The format of a chmod command is:

Consider the following chmod command:

This grants all members of the usergroup that owns the file

/example.txt write permissions. Other possible options to change permissions of targeted users are:

Who (Letter)	Meaning
u	user
g	group
o	others
a	all

The + operator grants permissions whereas the — operator takes away permissions. Copying permissions is also possible:

The parameter g=u means grant group permissions to be same as the user’s.

Multiple permissions can be specified by separating them with a comma, as in the following example:

This adds write permissions to the usergroup members, and removes read and write permissions from the “other” users of the system. Finally the a+x adds the execute permissions to all categories. This value may also be specified as +x . If no category is specified, the permission is added or subtracted to all permission categories.

In this notation the owner of the file is referred to as the user (e.g. u+x ).

The -R option applies the modification to the permissions recursively to the directory specified and to all of its contents.

Using Octal Notation Syntax with chmod

Another method for setting permissions is through octal notation.

Here is example of a file permission that is equivalent to chmod u=rwx,g=rx,o= .

The permissions for this file are — rwx r-x — .

Disregarding the first bit, each bit that is occupied with a — can be replaced with a 0 while r , w , or x is represented by a 1 . The resulting conversion is:

This is called octal notation because the binary numbers are converted to base-8 by using the digits 0 to 7:

Binary	Octal	Permission
000	0	—
001	1	–x
010	2	-w-
011	3	-wx
100	4	r–
101	5	r-x
110	6	rw-
111	7	rwx

Each digit is independent of the other two. Therefore, 750 means the current user can read, write, and execute, the group cannot write, and others cannot read, write, or execute.

744 , which is a typical default permission, allows read, write, and execute permissions for the owner, and read permissions for the group and “world” users.

Either notation is equivalent, and you may choose to use whichever form more clearly expresses your permissions needs.

Examples of Common Permissions with chmod

chmod 600 ( rw——- )

600 permissions means that only the owner of the file has full read and write access to it. Once a file permission is set to 600, no one else can access the file. Example chmod commands (in octal and symbolic notions) setting permissions to 600:

chmod 664 ( rw-rw-r— )

664 ( rw-rw-r— ) enables the following permissions: read and write for the owner; read and write for the group; read for others. If you trust other users within the same group and everyone needs write access to the files, this is a common setting to use. Otherwise 644 permissions can be used to restrict write access to the group. Example chmod commands (in octal and symbolic notions) setting permissions to 664:

chmod 777 ( rwxrwxrwx )

chmod 777 is used to grant permissions to everyone to read, write, and execute a file. While using these permissions is a quick way to overcome a permissions-based error, it’s not a best practice for securing most files and applications. Example chmod commands (in octal and symbolic notions) setting permissions to 777:

Making a File Executable

The following examples changes the file permissions so that any user can execute the file “

Restore Default File Permissions

The default permissions for files on a Unix system are often 600 or 644 . Permissions of 600 mean that the owner has full read and write access to the file, while no other user can access the file. Permissions of 644 mean that the owner of the file has read and write access, while the group members and other users on the system only have read access.

Issue one of the following chmod commands to reset the permissions on a file back to one of the likely defaults:

For executable files, the equivalent settings would be 700 and 755 which correspond to 600 and 644 except with execution permission.

Use one of the following examples to achieve these executable “default” permissions:

Removing File Permissions with chmod

In order to remove read write permissions given to a file, use the following syntax:

For our file example.txt, we can remove read write permissions using chmod for group by running the following command:

To remove chmod read write permissions from the group while adding read write permission to public/others, we can use the following command:

But, if you wish to remove all permissions for group and others, you can do so using the go= instead:

Restrict File Access: Remove all Group and World Permissions

There are a number of cases where administrators and users should restrict access to files, particularly files that contain passwords and other sensitive information. The configuration files for msmtp and Fetchmail (

/.fetchmailrc ) are two common examples.

You can remove all access to these files with commands in one of the following forms:

Understanding Linux Directory Permissions

While directory permissions within Linux are similar to file permissions, there are a few key differences regarding how these permissions affect user operations:

• Read ( r ): User can list the items in a directory (such as when using the ls command).
• Write ( w ): User can add, delete, or rename files in a directory — provided the user also has execute permissions.
• Execute ( x ): User can navigate to the directory (such as when using the cd command).

To view permissions of all files and directories within the working directory, run ls -la . The output will be similar to snippet below. Directories are differentiated from files by the first bit within the permissions. As was covered previously, d stands for directory and — denotes the item is a file.

Permissions on an individual directory can also be viewed by running ls -dl example-directory .

How To Change Directory Permissions using chmod

Directory permissions can be adjusted using the same chmod commands as were previously outlined for modifying file permissions. The following example changes permissions on a directory to 755 (owner has read, write and execute permissions, while users with the group or any other user have read and execute permissions):

In many cases, the permissions should also be changed recursively on all files and subdirectories. This can be done through chmod by using the -R option. To change all permissions for files within a directory to read and write for the owner, read for the group, and read for other users, run the following command:

Still have a few questions?

Join our Community and post your questions for other Linode and Linux enthusiasts to help you out.

Related Questions:

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

This page was originally published on Thursday, July 1, 2010.

Источник

Linux permissions: An introduction to chmod

[Want to try out Red Hat Enterprise Linux? Download it now for free.]

If you have ever worked Linux system, you for sure have dealt with files, and that means that you might have encountered messages like this one below:

Or, similar to this, error messages like «You do not have the permissions to upload files to this folder,» which might have prevented you from reading, writing, or accessing a particular file. And, naturally, this error might have made you wonder—the first time you encountered this problem, at least—as to why you were denied access.

Let’s take a look into Linux file permissions and the ways to restrict them, plus play with files a little bit. When you list files in a particular directory in Linux, you might have seen r, w, and x, and wondered what these letters mean. They have tremendous significance in determining what exactly a particular user can do with a file.

Let’s take a look at an example:

Default file permissions are rw-r—r— (from the umask value (covered later in the article)), as shown in the example above.

Each permission has a numeric value assigned to it:

• r (read) has a value of 4
• w (write) has a value of 2
• x (execute) has a value of 1

These values are additive for each «triplet», meaning that a file permission of rw- has the value of 6 and rwx has the value of 7. As discussed above, any file that’s newly created, the default value is 644 (rw-r—r—), meaning that the file’s owner can read and write, and all others can only read this file. The first triplet is the permission for the file owner/creator, the second is for group permissions, and the third is for others (users outside of the owner/creator or a group with permissions). This setting makes sense for obvious reasons: The owner should have higher control over the file’s contents in order to both read and write to it. Others might want to read the contents but not modify them. Of course, you can change this setting with the chmod command, which is the focus of this article.

More Linux resources

So to understand this concept in a simpler way, think of file permissions as a 3×3 matrix, where owners, groups, and others each have r, w, and x settings. In the above example:

• The file’s creator (owner/user) has read and write permissions: —rw-r—r—.
• The file’s group creator (group) has read permissions: -rw-r—r—.
• Others have read permissions represented by the last bits: -rw-r—r—.

Now, let’s see the default permission values for a directory. Let’s say the directory chmod_directory was created with the default permissions of 755. Unlike files, a directory has files in it. In order for anyone other than the owner to ‘ cd ‘ into the directory, it needs an execute permission, which in turn makes the directory:

• Readable, writable and executable by the owner (rwx is 7).
• Readable and executable by the group (r-x is 5).
• Readable and executable for others (r-x is 5).

Note: The r-x designation does NOT mean r minus x, it means read and execute but missing write. The — is a placeholder for a permission.

(Please take a minute to think about why this is the default behavior.)

Ok, now that you have learned the basics of file and directory permissions, let’s take a look into the chmod command, which helps with making permission changes for files and directories.

As mentioned in the man page:

Using octal representation

For changing file permissions, you can either use octal representation (numeric), or symbolic representation (the letters). In octal representation, the first digit is for the user, the second digit is for the group, and the third digit is for others. Let’s look at two examples of setting permissions with octal representation to understand this concept.

Example 1: If you want to give read (4), write (2), and execute (1) permissions to both the user and group, and only read (4) permission to others, you can use:

Example 2: If you want to restrict write permissions to all others except the file’s owner, you can use:

Using symbolic representation

You can also change permissions using symbolic representation rather than numeric. Symbolic representation is assigning permissions to user (u), group (g), and others (o) using letters (symbols) and the letter designations: r, w, and x.

Let’s look at these examples again, but using symbolic representation.

Example 1: Read, write, and execute for the user and group, plus only read for others, maps as:

Example 2: Read, write, and execute for the user and only read permissions for group and others maps as:

Awesome, I’m proud of you all: You have now mastered file permission concepts. But I’ll caution you that there are two dangerous scenarios that you might want to avoid, so keep this as a best practice while using chmod. Avoid using boundary cases, such as chmod 777 and chmod 000 . Using chmod 777 gives everyone rwx permissions, and it is generally not a good practice to give full powers to all the users in a system. The second case, I will leave you guys to figure out.

Using umasks

I will leave you guys with one more concept that you need to be aware of (umask) that decides the default permissions for a file. Overall, the default values are:

As you might remember, the default file permission value is 0644, and the default directory’s is 0755. The default umask value is subtracted from the overall file/directory default value. You can set the umask values in /etc/profile or in

Wrapping up

Chmod is a great Linux command for manipulating file and directory permissions. With the concepts mentioned in this article, you are equipped with sufficient knowledge to handle permissions in Linux-based distros.

Источник