Chmod in Linux

In this article, you will learn what Linuchmod is and its use, and understand the different file permissions. We will also see the syntax of the chmod command and the options used along with it. We shall also see how to change the file permissions and modify them accordingly.

What is chmod in Linux?

In UNIX-like operating systems, there is a set of instructions or in Linux language – “flags”. These flags are associated with each file and determine who can open them and how can they access them. These flags are called ‘modes’ or ‘permissions’

Chmod is the abbreviation for Change Mode. it is a command which allows you to change the access permissions of files and directories.

In fact, if you run the command: “ls -l” in the terminal you get this output:

So when we list the contents of the desktop directory, you can see a prefix to each of the content there in the form of “-rw-rw-r–”, these are the file permissions that determine who can open and how can they access them.

Why use Linux chmod?

With chmod, you have the freedom to authorize users according to your needs. You are the master of everything, you can be specific as to who reads, writes, or executes the files. In a nutshell, you can change the access permissions of a file system as per your liking.

Understanding file permissions

Before we even touch on the syntax and options related to chmod, let us get a better understanding of the permission of a file system.

Let us take the above file permissions: “-rw-rw-r–”. On closer observation, we can see that this file permission is a combination of 3 specific sets of instructions as follows: ”rw”, “rw” and “r–”. The first hyphen also gives us information regarding the file type, however, the subsequent hyphens simply act as null values (as in there is no permission).

Before we even look into what ‘r’ and ‘w’ are, let us see what these 3 sets of permission do. The 1st set of permissions is for the user, the 2nd set is for the group and the 3rd set is for others. Let us look into each of these.

User

The user is the owner of the file. By default, the person who creates the file or directory becomes the owner. Therefore a user is also called the owner.

Group

A group can contain multiple users. Say you have a project and a number of people need access to a file. Instead of individually assigning permissions to each of them, you can simply add all the users in a group and assign group permissions.

Other

As the name suggests, it is for any other user who has access to the file. This user has nighter created a file, nor do they belong to a group. So basically, when you set the other permissions, it applies to the rest of the world.

Now there is 1 minuscule topic left before we look at what ‘r’ and ‘w’ are. What does the first hyphen represent?

If you look carefully at the contents of the desktop directory, the directories “movies” and “other” have the same set of permissions, except for one difference: “drwxrwxr-x”, the first hyphen was replaced with a d, indicating it is a directory and not a file: here is what each file type is denoted by:

• d = Directory
• – = Regular file
• l = Symbolic link

Now that we know what each set of permissions is for, let us now understand the terminology and how to use ‘r’, ‘w’, and ‘x’

As we say the first character represents the type of file. The remaining 9 bits in groups of 3 represent permissions for the user, group, and global. Each of the bits stands for:

• r = Read
• w = Write
• x = Execute
• – = No permission (no value)

Let us look into a few examples before proceeding further.

a. “-rwxrwxrwx”

This permission is for a regular file and the user, group, and others can read, write and execute it.

b. “dr-xr-xr-x”

This permission is for a directory and the user, group, and others can only read and execute it.

c. “-rwxrwxr-x”

This permission is for a regular file and the user and user group can read, write and execute but others can only read and execute it.

d. “-rwx-r-x—”

This permission is for a regular file and the user can read, write and execute, the user group can only read and execute, whereas others have no permissions at all.

Now that we have understood the permissions, let is try to analyze the permission for a file in the desktop: “-rw-rw-r–”. These permission are for a regular file and the user and user group can read and write but not execute, and others can only read the file.

Octal notation of permission

Before we see the syntax and option, it is important to denote the permissions in the form of binary and octal forms. This will prove to be helpful while changing file permissions using the chmod command.

This way of representation is called octal notation because the binary numbers are converted to base – 8 by using the digits 0 to 7:

Let us look at a few examples using octal notations:

a. 705

705 stands for “rwx—r-x”. This means that the user can read write and execute, the user group has no instructions whatsoever and others can only read and execute.

b. 635

635 stands for “rw–wxr-x”. This means that the user can read and write, the user group can write and execute and the others can read and execute.

c. 721

721 stands for “rwx-w—x”. This means that the user can read write and execute, the user group can only write and other can only execute the file.

How to use chmod command?

Now that we are clear with the permission, let us see how to use the chmod command to tinker with the permissions.

Let us start with the basics by understanding the syntax. The syntax for chmod is :

chmod <options> <permissions> <filename>

This is the most basic way of writing chmod commands, you can play with this command by using different things by using the syntax:

chmod <options> <u,g,o,a><-,+, =><permissions><filename>

First let us look at the fields where we enter u, g, o, a and -, +, =, before we look at the options used with chmod.

The flags “u, g, o, a” define which users classes the permission to the files are changed.

• u – represents the owner/user
• g – represents the user group
• o – represents all the other users (rest of the world)
• a – represents all the users: user + group + other users (same as ugo)

If this flag is omitted, the default value will be taken as ‘a’

The set of flags which deal with “-, +, =” defines the permissions to be removed or added.

• The + means Add the permissions
• – means Removes the permissions
• = means Changes the current permissions to the specified permissions.

Let us look at some examples using the “u, g, o, a” and the “-, +, =” flags (yes, we don’t need options just yet!)

a. “rwxrwxrwx”

To give the permissions of reading, writing and executing to all the users, we can use the octal notation and simply write:

chmod 777 <filename>

Or using the flags we just discussed you can write:

chmod u=rwx, g=rwx, u=rwx <filename>

You can also write:

chmod a=rwx <filename>

As ‘a’ is the same as ‘ugo’

b. “rw——-”

To give only the user the permissions to read, write and execute, you can simply use the octal notation and write:

chmod 600 <filename>

Or you can use the flags “u, g, o, a” and write:

chmod u = rw, g= , o= <filename>

You can also use the flags “-, +, =” and write:

chmod a+rwx, u-x, g-rwx, o-rwx <filename>

Let us look into the last command in slightly more detail:

First, we assign the permissions to read, write and execute to all the users (a), then from the user we removed the command of executing by using the ‘-’ flag. We also removed the permissions of reading, writing, and executing from the user group and other users.

c. “rw-rw-r–”

To give the permissions of reading and writing to the user and user group and only reading to another user, you can use the octal notation and write:

chmod 664 <filename>

Or you can use the flags “u, g, o, a” and write:

chmod u = rw, g= rw, o=r <filename>

You can also use the flags “-, +, =” and write:

chmod a+rwx, u-x, g-x, o-wx <filename>

Options used with chmod

Now that we have seen how to use chmod in linux to give permission, let us look into the different options that are used with Linux chmod command:

a. -v

This option provides verbose by providing a diagnostic message for every single file processed. This option can also be written as: –verbose.

b. -c

This option is similar to verbose, except it gives verbose output only when a change is made to a file. This option can also be written as: –change.

c. -f

This option suppresses most of the error messages. This option can also be written as: ‘–silent’ or ‘–quiet.

d. –help

This option displays a message and exits.

e. –version

This option outputs the version information and exits.

f. -R

This option changes file directories recursively. This option can also be written as: –recursive.

g. –reference=RFILE

This option sets permissions to match those of the RFILE, ignoring any specific mode.

h. –preserve-root

This option does not operate recursively on ‘/’ (the root directory).

i. –no-preserve-root

This option does not treat ‘/’(the root directory) in any special way.

Examples of chmod in Linux

Now that we have covered the different permissions, flags options, and octal notation, let us see a few examples using chmod in Linux.

1. Giving user group permission to read

chmod g=r <filename>

This command gives the members of the group permission to only read the file and not to write or execute it.

2. Removing executing permission for all users

chmod a-r <filename>
chmod 666 <filename>

This command removes the executing permission to all the users, including the owner.

3. Recursively removing the write permission for others

chmod -R o-w <filename>

This command recursively (-R) removes the writing permission to the other users.

4. Removing ‘rwx’ for all users except owner

chmod og-rwx <filename>
chmod 700 <filename>

This command removes permissions to read, write, and execute from the user group and other users (all except the user). This command can also be written as:

chmod og= filename

5. Giving ‘rwx’ to the user, ‘r’ to the group, and nothing to others

chmod u=rwx, g=r, o= <filename>
chmod 740 <filename>

This command gives the permission to read, write, and execute from the user. Gives permission to read to the user group and other users get no permissions.

What are setuid and setgid bits

The chmod tool clears the set-group-ID bit of a regular file if the file’s group ID does not match either the user’s group ID or one of the user’s supplementary group ID.

Extra restrictions may cause the set-user-ID (setuid) and set-groupID (setgid) bits of MODE or RFILE to be ignored. This depends on the policy and functionality of the underlying chmod call system.

Linux Chmod protects a directory’s setuid and setgid bits unless you specifically specify it. You can also set or clear these bits with the options we discussed earlier like “u+s” and “g-s”.

What is a sticky bit?

A sticky bit or restricted deletion flag is a single bit whose interpretation depends on the file type. In directories, it prevents deprived users from removing or renaming any file in that directory unless they own that file.

A restricted deletion flag for a directory is commonly found on world-writable directories like /tmp. For normal files on older systems, the bit saves the program’s text image on the swap device so it loads quicker when run. This is what sticky nits are.

Summary

As you have seen, chmod is an extremely powerful tool, which allow you to change or assign permissions to different people in linux. Since you are the master, you can control who can read, write and execute a particular file or directory.