What is the chmod Command on GNU/Linux?
On the Linux operating system, accessing a file is subject to the permissions you have on it. To control these permissions, we use the chmod command.
This shot aims at teaching you about files permissions on GNU/Linux and how to effectively use chmod to set these permissions, both using symbolic or octal modes.
Linux file permissions in a nutshell
To query information about files permissions, we use the ls command with the -l parameter:
ls -l
Your output would be similar to this:
total 4945
drwxr-xr-x 2 abelmbula abelmbula 197121 Nov 10 15:57 CS_1102-AY2022-T1-JAVA/
-rw-r--r-- 1 abelmbula abelmbula 539663 Dec 10 10:43 AS-curriculum.pdf
-rw-r--r-- 1 abelmbula abelmbula 197121 Dec 10 15:57 Think_Python_2e.pdf
Each column in the output above has a meaning. But, for this shot, we’ll only consider the first column, which represents file types and permissions.
Let’s break it down.
The first character indicates the file type. This can be:
- A dash (
-) for a regular file. dfor a directory.lfor a symbolic link (a shortcut to another file or directory).
Next, we find permission classes composed of nine characters representing three triplets of three characters each. Let’s see these permissions in detail:
- Permissions for the file owner, also referred to as the user or
u. - Permissions for the group owning the file, also referred to as
g. - Permissions for anyone else, also known as others or
o.
Let’s now understand the permissions.
As seen in the output above, permissions are represented by these three characters: rwx.
ris short for read, which means that we can open a file and read its contents.wis short for write, which means that we can edit or delete a file.xis short for execute, which means a file can be run as an executable or script.
Note: a dash,
-, in the file permission classes, means the lack of permission. E.g., a file with the permissionrw-means that it can be read and written to but cannot be executed.
Modifying the permissions using the symbolic mode
This mode is suitable if you want to add or revoke a single permission without modifying others in the set.
The symbolic mode syntax looks like this:
chmod [OPTIONS] [ugoa…][-+=]perms…[,…] FILE...
As you’ll already know, ugo represents the users. a stands for all and is used when we want to set the same permissions for the three users at once.
The next set of flags are:
-to revoke the specified permissions.+to add the specified permissions.=to change the current permissions to the specified ones.
The perms... flag is used to explicitly set the permissions using either zero or one or more of the following letters: r, w, x.
Note:
- If no permissions are specified after the
=sign, all permissions from the specified user class are revoked.- To set the permissions for more than one user class (
[,…]), we use commas between each permission.
Examples
- Grant the write permission to the members of the group owning the file
example.md.
chmod g=w example.md # or chmod g+w example.md
Copy/paste the command above into the terminal below and type the ls -l command to see the result.
2. Revoke the read, write, and execute permissions for all users except the owner of the resume.pdf file.
chmod go-rwx resume.pdf # or chmod go= resume.pdf
3. Grant the read, write and execute permissions to the resume.pdf file’s owner, read permission to the file’s group, and no permissions to all other users.
chmod u=rwx,g=r,o- resume.pdf # or chmod u+rwx,g+r,o- resume.pdf
Note: Make sure you don't use spaces after commas(,).
Quiz
Feel free to choose any file you want for this exercise. Write the commands in the Terminal below.
- Grant the read and write permissions and revoke the execute permission for everyone.
- Revoke the execute permission for all other users.
Modifying the permissions using the numeric mode
In numeric mode, also called octal mode, the permissions are specified as a three-digit value in octal notation (a base-8 numeric system). This mode is easier to remember and quick to use if you wish to set all permission values at once.
The syntax looks like this
chmod [OPTIONS] NUMBER FILE...
The NUMBER flag represents the three-digit value, each digit (0 - 7) representing permission for one category of users.
Let’s see the corresponding value for each permission.
4means read permission.2is for write permission.1represents execute permission.0for no permission.
Symbolic mode | Octal mode |
rwx | 7 (4+2+1) |
r-x | 5 (4+0+1) |
rw- | 6 (4+2+0) |
Examples
- Grant the read and write permissions to the owner of
example.mdand only read permission to group members and all other users.
- for the user: 4 + 2 = 6
- for the group: 4
- for the world: 4
chmod 644 example.md
2. Revoke the read, write, and execute permissions for all users except the owner of the resume.pdf file.
- for the owner: 4 + 2 + 1 = 7
- for the group: 0 + 0 + 0 = 0
- for other: 0 + 0 + 0 = 0
chmod 700 resume.pdf
chmod 740 resume.pdf
Quiz
- Grant the read and write permissions and revoke the execute permission for everyone.
- Grant the read, write, and no execute permissions for the owner of the file and its group, revoke the read, write, and execute permissions for all other users.
Summary
chmod is the command we use to control the file permission on GNU/Linux. We can use the symbolic mode or the octal mode to set the permission. The file permissions we learned so far are:
r(4) to read.w(2) to write.x(1) to execute.
The permission is set for different categories of users:
ufor the user or the owner of the file.gfor a group.oother users.
