What is the chmod Command on GNU/Linux?

On the Linux operating system, accessing a file is subject to the permissions you have on it. To control these permissions, we use the chmod command.

This shot aims at teaching you about files permissions on GNU/Linux and how to effectively use chmod to set these permissions, both using symbolic or octal modes.

Linux file permissions in a nutshell

To query information about files permissions, we use the ls command with the -l parameter:

ls -l

Your output would be similar to this:

total 4945
drwxr-xr-x 2 abelmbula abelmbula   197121 Nov 10 15:57 CS_1102-AY2022-T1-JAVA/
-rw-r--r-- 1 abelmbula abelmbula 539663 Dec 10 10:43 AS-curriculum.pdf
-rw-r--r-- 1 abelmbula abelmbula   197121 Dec 10 15:57 Think_Python_2e.pdf

Each column in the output above has a meaning. But, for this shot, we’ll only consider the first column, which represents file types and permissions.

Let’s break it down.

The first character indicates the file type. This can be:

  • A dash (-) for a regular file.
  • d for a directory.
  • l for a symbolic link (a shortcut to another file or directory).

Next, we find permission classes composed of nine characters representing three triplets of three characters each. Let’s see these permissions in detail:

  • Permissions for the file owner, also referred to as the user or u.
  • Permissions for the group owning the file, also referred to as g.
  • Permissions for anyone else, also known as others or o.

Let’s now understand the permissions.

As seen in the output above, permissions are represented by these three characters: rwx.

  • r is short for read, which means that we can open a file and read its contents.
  • w is short for write, which means that we can edit or delete a file.
  • x is short for execute, which means a file can be run as an executable or script.

Note: a dash, -, in the file permission classes, means the lack of permission. E.g., a file with the permission rw- means that it can be read and written to but cannot be executed.

File permissions

Modifying the permissions using the symbolic mode

This mode is suitable if you want to add or revoke a single permission without modifying others in the set.

The symbolic mode syntax looks like this:

chmod [OPTIONS] [ugoa…][-+=]perms…[,…] FILE...

As you’ll already know, ugo represents the users. a stands for all and is used when we want to set the same permissions for the three users at once.

The next set of flags are:

  • - to revoke the specified permissions.
  • + to add the specified permissions.
  • = to change the current permissions to the specified ones.

The perms... flag is used to explicitly set the permissions using either zero or one or more of the following letters: r, w, x.

Note:

  • If no permissions are specified after the = sign, all permissions from the specified user class are revoked.
  • To set the permissions for more than one user class ([,…]), we use commas between each permission.

Examples

  1. Grant the write permission to the members of the group owning the file example.md.
chmod g=w example.md # or chmod g+w example.md

Copy/paste the command above into the terminal below and type the ls -l command to see the result.

Terminal 1
Terminal
Loading...

2. Revoke the read, write, and execute permissions for all users except the owner of the resume.pdf file.

chmod go-rwx resume.pdf # or chmod go= resume.pdf
Terminal 1
Terminal
Loading...

3. Grant the read, write and execute permissions to the resume.pdf file’s owner, read permission to the file’s group, and no permissions to all other users.

chmod u=rwx,g=r,o- resume.pdf # or chmod u+rwx,g+r,o- resume.pdf
Terminal 1
Terminal
Loading...

Note: Make sure you don't use spaces after commas(,).

Quiz

Feel free to choose any file you want for this exercise. Write the commands in the Terminal below.

  1. Grant the read and write permissions and revoke the execute permission for everyone.

  2. Revoke the execute permission for all other users.

Terminal 1
Terminal
Loading...

Modifying the permissions using the numeric mode

In numeric mode, also called octal mode, the permissions are specified as a three-digit value in octal notation (a base-8 numeric system). This mode is easier to remember and quick to use if you wish to set all permission values at once.

The syntax looks like this

chmod [OPTIONS] NUMBER FILE...

The NUMBER flag represents the three-digit value, each digit (0 - 7) representing permission for one category of users.

Let’s see the corresponding value for each permission.

  • 4 means read permission.

  • 2 is for write permission.

  • 1 represents execute permission.

  • 0 for no permission.

Symbolic mode

Octal mode

rwx

7 (4+2+1)

r-x

5 (4+0+1)

rw-

6 (4+2+0)

Examples

  1. Grant the read and write permissions to the owner of example.md and only read permission to group members and all other users.

  • for the user: 4 + 2 = 6

  • for the group: 4

  • for the world: 4

chmod 644 example.md

Terminal 1
Terminal
Loading...

2. Revoke the read, write, and execute permissions for all users except the owner of the resume.pdf file.

  • for the owner: 4 + 2 + 1 = 7

  • for the group: 0 + 0 + 0 = 0

  • for other: 0 + 0 + 0 = 0

chmod 700 resume.pdf

Terminal 1
Terminal
Loading...

3. Grant the read, write and execute permissions to the resume.pdf file’s owner, read permissions to the file’s group, and no permission to all other users.

chmod 740 resume.pdf

Terminal 1
Terminal
Loading...

Quiz

  1. Grant the read and write permissions and revoke the execute permission for everyone.

  2. Grant the read, write, and no execute permissions for the owner of the file and its group, revoke the read, write, and execute permissions for all other users.

Terminal 1
Terminal
Loading...

Summary

chmod is the command we use to control the file permission on GNU/Linux. We can use the symbolic mode or the octal mode to set the permission. The file permissions we learned so far are:

  • r (4) to read.

  • w (2) to write.

  • x (1) to execute.

The permission is set for different categories of users:

  • u for the user or the owner of the file.

  • g for a group.

  • o other users.

Free Resources