Chmod: Change permissions. Linux Commands: CHMOD Chmod Options

Team chmod, chown team and the chgrp command.

Team chmod designed to change the access rights of files and directories in Linux. The name of the team comes from the phrase “ ch ange mod e".

Syntax chmod commands are as follows:

Chmod permissions filename

Permissions can be set in two ways:

• Number
• Symbols

Changing permissions using the chmod command

Recording access rights by number

Chmod 764 myfile

IN this format access rights are not specified using symbols rwx, as described above, but a three-digit number. Each digit of the number represents a specific set of access rights.

• The first digit is used to indicate access rights for the user.
• Second digit for the group.
• The third one is for everyone else.

The table below lists all possible combinations of rwx permissions and their corresponding numbers (which are used in the chmod command):

Let's look at using the chmod command with a number of access rights as an example. Let's set the file permissions to 764:

Chmod 764 myfile

This means (see table above) that for the file myfile we set access rights 7 6 4 , which mean:

• 7 — rights for the owner-user. The owner of the file can read, modify and run the file (r+w+x).
• 6 — rights for the group. Users who belong to the group can read and modify the file (r+w).
• 4 - rights for everyone else. Everyone else can only read the file (r).

If we write 764 using symbols (see table), we get: “ rwxrw-r-».

The table below shows some commonly used values numerical values access rights:

Writing permissions with symbols

Chmod +x myfile1 chmod g=rw myfile2 chmod u-w myfile3

As you can see, in this format, access rights are specified by symbols rwx, but the syntax also uses other auxiliary symbols, for example, mathematical operations " + " And " - " and symbols such as, for example, " g" or " u».

The general syntax can be written something like this:

Chmod (owner)(math operation)(permissions) filename

The designations for file owners are as follows:

Mathematical operations mean the following:

In one command, you can list owners and their permissions separated by commas (see example below).

Let's look at examples:

• chmod +x myfile1

  In this case, we do not use owner designations, which means permissions are set for all users. " +x"means - set permission to launch ( x) file for all users. This is equivalent to running the command: chmod a+x myfile1 .

• chmod g=rw myfile2

  The notation used here is g and the equal symbol " = " This means that for the group we set the permissions to read and write the file ( rw).

• chmod u-w myfile3

  For the file owner ( u) we remove permission to change ( w) file.

• chmod ug+x myfile2

  We allow the owner ( u) and group ( g) run file ( x).

• chmod u+x,g-w,o-r myfile3

  This is exactly the case when we list the owners separated by commas and set permissions for them. For the file owner ( u) we allow the file to be launched for the group ( g) we prohibit changing the file, for everyone else ( o) we prohibit reading the file.

Recursively changing access rights

If you need to change the access rights for all files in a directory, including subdirectories, then there is an option for this -R, which means recursively changing the access rights for directories and their contents. For example, let's change the access rights of all files in the Mydir directory:

Chmod -R 644 Mydir

And one moment. If the user is not the owner of the file, but needs to change the permissions this file, then the command chmod must be done using sudo, For example:

Sudo chmod 644 file

Video review of the chmod command

chown command - change owner and group

To change the owner and group of a file, use the command chown.

To change the owner of a file, use the following syntax:

Chown new_owner file_name

myfile new owner Vasya:

Chown vasya myfile

To change the owner and group of a file, use the following syntax:

Chown new_owner:new_group file_name

For example, let's set for a file myfile new owner Vasya and group sambashare:

Chown vasya: sambashare myfile

chgrp command - change group

There is another command - chgrp. It allows you to change only the group. For example:

Chgrp sambashare myfile

Summary

In Linux, every file has permissions - permissions, owner and group.

Permissions are set for owner, group, and everyone else.

There are three types of permissions − r- reading, w- change, x— launch.

To change file permissions use the command chmod.

To change the owner or group use the command chown.

To change the group is used chgrp.

Good health, dear blog readers! We would all like everyone or a folder located on the hosting server and belonging to the site to be protected as much as possible from unauthorized access.

This protection is ensured due to the fact that 90% of hosters use Unix-like operating systems, in which it is possible to regulate access rights to all files and directories. The server of my hosting provider, on which several of my projects are located, is no exception.

By the way, be sure to take an interest by following the link provided. But let's continue. The rules established in Unix differ from the rules of work in the operating room that many are accustomed to. Windows system, where protection in this aspect is not so strong, which sometimes leads to disastrous consequences in the form of virus infection of the system.

CHMOD for users and access rights to files and folders (directories)

In systems managed by Unix, the situation is different and there is an opportunity to seriously complicate life for bad guys who will try to take advantage of the results of your painstaking work over a long period. Namely, correctly configure CHMOD access rights. Our task is to give the minimum possible rights to access files and folders, which nevertheless will not violate correct operation site.

Agree, it’s a sin not to take advantage of the opportunity to seriously strengthen. Of course, in this case, editing some files will take a little more time, but here you have to choose: either optimizing system security, or... Below I will try to systematize the information on CHMOD (access rights), because there are several nuances that are necessary webmaster knows. So, let's begin.

Access rights vary for different user groups. When a connection is attempted, the server determines which group to assign a particular user to. All users are divided into three categories:

1. "user" - file owner
2. "group" - one of the members of the group to which the owner belongs
3. “world” - “rest of the world”, that is, all other users

If you connect to the server using and log in using your username and password, you will be identified as "user"(u) if anyone else connects via FTP it will be detected as "group"(g), if the user uses a browser, then he falls under the category "world"(o).

Now about CMOD access rights to files and directories. In essence, they are slightly different, although the designations are the same. File permissions:

• r (read) - the right to read file data
• w (wright) - the right to change content (you can only edit the content - write, but cannot delete)
• x (eXutive) - the right to execute the file

Access rights to folders (directories):

• r - the right to read the folder (you can get the contents of the directory, that is, the list of files included in it)
• w - the right to change the contents (permission to create and delete objects in the directory; if you have the right to write files, then you can even delete objects that do not belong to you)
• x - access right to a particular directory (the peculiarity here is that even if you have all the necessary rights to a file that is located “deep” in the directories, but do not have access rights to at least one subdirectory on the path to this object, then you won't be able to access it)

The hyphen “-” indicates the absence of any rights. All these rights are assigned by the administrator, who gains this opportunity by entering a password. If we can set the maximum possible restrictions on CHMOD access rights to certain resource files, then we can practically eliminate the danger of virus programs carrying out their “dirty deeds”.

For clarity, let's consider an example when the owner of the file u has all possible rights: read, write and execute. Users assigned to category g (group) have read and write only, all others (w) have only read rights. Then the CHMOD entry will look like this: “rwx rw- r- -”.

Access rights to files and folders in digital terms: CHMOD (777, 755, 444)

But more often, webmasters in their practical activities have to assign certain access rights in digital terms:

• r (read) - 4
• w (record) - 2
• x (performance) - 1
• - (no rights) - 0

Now let's look at the above example again to assign access rights "rwx rw- r- -". To display the rights of each user, the addition of his rights is used (r read + w write + x execute). Thus, part of the entry for the file owner u (user) - “rwx” will turn into 7 (4+2+1). For a member of the group g (group) - “rw-” in 6 (4+2+0) and for other users o (world) - “r- -” in 4 (4+0+0). As a summary I will present pivot table with CHMOD permission values ​​expressed in both letters and numbers:

Now I will present another table that reflects the total CHMOD rights for all user groups in numerical format:

These are the main combinations that are most often used in the work of a webmaster. The rest are formed by analogy. If you are the site or blog administrator, but are working with the project without connecting via the FTP protocol, you also belong to the “Other users” group. In this case, when working with a site in this mode, you need to take into account the last digit in the CHMOD value.

Usually on the server where your files are located WordPress blog, folders have access rights set to 755, and files that are part of them are set to 644. This is true when the resource is built using HTML files, however, in modern conditions, CMS (content management systems), which include WordPress, are widely used to build a website. And here there may be objects that need to be written to by the “world” user group. There may be folders in which content is downloaded, including images.

Therefore, the assignment of CHMOD rights to certain files must be differentiated. If you log into site management via FTP, you can perform any actions, however, in many cases we work with our project through, and in this case problems may arise if the rights are too high, and, conversely, if access rights to one or another file (folder) are underestimated, then the security threat increases. Therefore, based on the above, we can determine some recommendations for the practical use of CHMOD for a WordPress blog:

777 - for folders in which files are constantly being written and erased (for the caching folder)
755 - in relation to folders in which files are constantly written but not deleted
666 - for files where you need to add an entry from time to time (for example, a .htaccess file)
644 - for files that are read-only (.php, .html, etc.)

How to configure CHMOD permissions using FileZilla FTP manager

If you need to make some changes when working with a resource, but because editing is prohibited, this cannot be done, you need to connect to the hosting server via FTP and change the access rights to 777. However, after making changes to the file, it is recommended to set the previous CHMOD again .

Now let's learn more about how to perform this operation using . To do this, open the program and connect via FTP to the hosting server. On the left side « Remote server» First, we mark the files whose attributes will be edited:

And from context menu caused by pressing the right mouse button, select "File Permissions". After this a dialog box will appear "Change file attributes":

Here we assign the necessary CHMOD values ​​for the selected (or selected) files. But this is only if you selected a file or group of files. If you want to set or change CHMOD values ​​for a directory (folder), when you select “Change file attributes”, an analog window will appear, somewhat different from the one located above, namely:

See, they appeared here additional settings. If you check the box next to the line "Redirect to subdirectories", this means that the specified access rights will be applied to directories (folders) or files nested in this directory. When the box below is checked, the group of settings located will become active and you will also need to select how the settings should be applied: to all files and directories, only to attached files, or only to directories.

(The initial value of file permissions is rwxrwxrwx - full access for everyone) Removing permission to execute a file for all users and groups:

$chmod a-x file(rw-rw-rw-)

To cancel writing to a file by a group and other users:

$ chmod go-w file (rw-r–r–)

Permission to execute file by owner:

$ chmod u+x file (rwxr–r–)

Granting the group the same permissions as the file owner:

$ chmod g=u file (rwxrwxr–)

Cancel reading and writing to a file by group users and other users:

$ chmod go-rw file (rwx–x-)

Examples of using the chmod command in absolute mode

Permission to read, write, execute file file by all users and groups (full control):

$ chmod 777 file (rwxrwxrwx)

Set read and write permissions for owner, group, and other users:

$ chmod 666 file (rw-rw-rw-)

Installation full access to the file for the owner and read-only for the group and other users:

$ chmod 744 file (rwxr–r–)

Setting full access to the file for the file owner and denying access to the group and other users:

$ chmod 700 file (rwx--)

Setting read and write permissions for the file owner and read only for the group and others:

$ chmod 644 file (rw-r–r–)

Setting read and write permissions for the file owner and his group and denying access to others:

$ chmod 640 file (rw-r-–)

Setting file access with read permission for all users and groups:

$ chmod 444 file (r–r–r–)

File permissions for read, write, execute by owner and read, execute by group and others:

$ chmod 755 file (rwxr-xr-x)

Allowing read and execute access to a file for a user and others and denying access to a group:

$ chmod 505 file (r-x-r-x)

If you want to assign permissions to all files in the current directory, simply put an * (asterisk) after the permissions you assign:

$chmod 755 *

As a result of executing this command, the owner will have full rights (read, modify, execute) to all files in the current directory, while the group and other users will have only read and execute rights. If you want your actions to propagate recursively (including all subdirectories), use the -R option:

$ chmod -R 777 *

The result of executing the above command will be to recursively “traverse” all subdirectories of the current directory and assign full access to all users and groups. This article covers just a few examples of how to use the chmod command. If you want to learn more about the chmod command and permissions in Linux, take a look at this article.

Changing permissions only for directories (recursively)

$ find /path/to/base/dir -type d -exec chmod 755() +

$ chmod 755 $(find /path/to/base/dir -type d)

$ chmod 755 `find /path/to/base/dir -type d`

$ find /path/to/base/dir -type d -print0 | xargs -0 chmod 755

Change permissions only for files (recursively)

$ find /path/to/base/dir -type f -exec chmod 644() +

$ chmod 644 $(find /path/to/base/dir -type f)

$ chmod 0755 `find ./ -type f`

$ find /path/to/base/dir -type f -print0 | xargs -0 chmod 644

Chmod Syntax for Folders and Files

Let's first understand the essence of the issue with Chmod in order to understand what exactly and how we configure it. So let's get started. Access rights are divided into Chmod for files and Chmod for directories. They are designated the same, but mean slightly different things.

Access rights (Chmod) to files are divided into:

r - right to read data.

w - the right to change the content (write - only change the content, but not delete).

x - the right to execute the file.

Let's take a closer look at the file's execution rights. The fact is that in linux (Unix), any file can be executed. Whether it is executable is not determined by its extension (the concept of extension is not in the file Unix system), and by access rights Chmod. If a file has the “X” right (chmod x), this means that it can be executed.

Now about access rights (Chmod) to the folder (directory):

r - right to read the directory (you can read the contents of the directory, i.e. get a list of objects located in it)

w - the right to change the contents of the directory (you can create and delete objects in this directory, and if you have write permission, you can even delete files that do not belong to you)

x - the right that allows you to enter the directory (this right is always checked first, and even if you have all the necessary rights to an object that is buried deep in the directory chain, you do not have the “X” right to access at least one directories on the path to this file, then you will never get through to it)

IN Linux systems(Unix) all these rights are distributed by the main administrator of the computer, to which he gains access by entering a password. And if most objects have read-only access rights (Chmod), then viruses will have practically nothing to do on such a computer, because they will neither be able to write themselves there nor then be fulfilled. This is exactly the result we need to achieve by setting access rights (Chmod) to objects on our site.

Chmod Syntax for User Groups

The access rights themselves (Chmod) are divided into three categories, depending on who is accessing the object:

“user” - u (the direct owner of the file)

"group" - g (member of the same group as the owner)

"world" - o (all others)

The server determines which user group to assign you to when you connect to the server. When you, for example, connect to a server via FTP, you log in with your username (and password), and then the server assigns you to the “user” (“u)” group. Other users who also connect via FTP to the server will be assigned to the group “group” (“g”), and the user who comes to your site using their browser will be assigned to the group “world” (“o”).

Variations of the three possible values ​​"r", "w" and "x" for the three categories "u", "g" and "o" determine the Chmod to the files. If a category is not specified, it is replaced with a hyphen “-”. access rights (Chmod) are specified sequentially in the given order:

first the rights for the owner - “u”

then for the group - “g”

and at the end of the right for everyone else - “o”

After the server assigns a user to a certain group, it grants him rights to act on objects, after which the user will be able to read, write or execute the file (depending on what his group is allowed to do with this object). To view the contents of a folder, it must have the “r” read attribute (for the group to which the server assigned the user). To create a file or folder in an existing one, it must have the Chmod attribute on the "w" entry.

For clarity, let's look at an example where the owner of the file (“user” - “u”) has all rights: the right to read, write to it and execute, and all other users only have the right to read. The entry for such Chmod will look like this: “rwx r-- r--”. Let's look at it in detail: “rwx” (this record specifies the rights to the object for the owner - “u”), “r--” (this record specifies the rights to the same object, but if the user is assigned by the server to a group - “g "), "r--" (this entry specifies the rights to the object for all other users - o").

What is the difference between Chmod files and folders?

Chmod syntax expressed in numbers (777)

You can see that the entries here are used to describe access rights using Latin letters and hyphens, but you've probably already encountered the fact that Chmod is usually specified in digital form, for example, the well-known combination: Chmod 777, which allows everything to everyone. Indeed, access rights (Chmod) are also indicated by numbers:

w (record) is replaced by 2

x (execution) is replaced by 1

0 means - do nothing (what is denoted by a hyphen in alphabetic notation) Let's go back to the example of writing access rights that I gave a little earlier: rwx r-- r--. If we replace letters and hyphens with numbers in it, in accordance with the rule just described, and at the same time add up the numbers in each triple, we get digital view of this entry: 744. That is It turns out that the sum of these numbers shows Chmod to the files or folder. For example:

7 (rwx) = 4 + 2 +1 (full rights)

5 (r-x)= 4 + 0 + 1 (read and execute)

6 (rw-) = 4 + 2 + 0 (read and write)

4 (r--) =4 + 0 + 0 (read only)

This table shows all possible Chmod combinations written in digital form:

Now let's look at the various Chmod combinations in numbers, in relation to user groups:

You yourself (except for the case when you access the site via FTP) and all other visitors to your site belong to the “word” group (everyone else), so to work with the website we need to first look at the last (third) Chmod number. In order for a script to “run a file” when a user works with a site, it will be enough for the access rights (Chmod) to be set on it, starting from “4” (r-- – read only) (5,6,7 are also suitable, but this will be unnecessary in terms of security).

“For the folder” in which the file of this script is located, you need to set the minimum to “5” (r-x - you can go into the folder and read its contents, you cannot delete or add). 7 will also work, but it will also be redundant in terms of security. If you need the script to not only read, but also “write” some data (for example, entered by the user), then the minimum rights for the “folder” will still be “5”, but for the “file” you will already need the rights “6” "(read and write).

Most likely, on the server where you copied the contents of your website engine, the following Chmods will be installed on objects:

Folders 755

the owner (user) can do everything, the group and everyone else can only read folders and enter them, but they are prohibited from writing files, changing names and erasing them in directories. (rwxr-xr-x)

Files 644

If you had a website consisting of only html, then you could leave everything like that. But modern sites are built on engines, and there may be objects that need to be written to on behalf of users from the “world” group - o (all others). These can be folders used for caching pages or those into which pictures, etc. will be loaded as you work with the site. It goes without saying that if you access the site via FTP, you can create an entry in these files or folders, but working with interface of the website, as a regular user, you may have problems. Therefore, the installation of certain Chmods must be approached selectively.

NAME
chmod - changing file access mode

SYNTAX

Chmod file mode...

DESCRIPTION
Access rights to the specified files (which may include directories) are changed in accordance with the specified mode. The mode can be specified in absolute or symbolic form.

Absolute form is an octal number that is bitwise OR of the following modes: 04000 When executing, reset the current user ID.

020#0 When executing, reset the effective group ID if # is 7, 5, 3 or 1; consider access blocking if # is 6, 4, 2 or 0. 01000 Intrusive bit [see man chmod(2)].

00400 Readable by owner.

00200 Writable by owner.

00100 Available for execution (in the case of a directory, for viewing) by the owner.

00040 Readable by group members.

00020 Writable by group members.

00010 Available for execution (viewing) by group members.

00004 Readable by other users.

00002 Writable by other users.

00001 Available for execution (viewing) by other users.

The use of a symbolic view is based on single-letter notations that define an access class and the access rights for members of that class. Access rights to a file depend on the user ID and the ID of the group to which the user belongs. The mode as a whole is described in terms of three sequences, each with three letters:

will add the right for the owner to write to file f1, and for group members and other users - the right to execute the file. Rights are set in the order specified. The s right can be added only for the user and group, the t right can only be added for the user.

Taking into account the blocking of access (l) to a file and its parts means the possibility of exclusive seizure of file segments for the duration of their processing. However, you cannot allow a file to be executed by group members while also allowing the file to be locked. It also cannot be allowed to reset the effective group ID at runtime and respect file locking. Therefore, the following commands are incorrect:

Chmod g+x,+l f2 chmod g+s,+l f3 Attempting to execute them will cause the corresponding diagnostics.

Only the owner or superuser can change the access mode of a file. Only the superuser can set the intrusive bit. To add the right to reset a group ID, you must be a member of that group; in addition, group members must be granted execution rights.

To view access and control rights when they change, use the command with the -l flag. The rights to reset user and group identifiers are marked with the letter s in place of the corresponding letter x: small s if the corresponding category of users has the right x, and large S if it does not; the right t is marked in place of the last letter x: a small t if other users have the right to execute the file, and a large T if they do not. Right l is marked in place of right x for group members.

EXAMPLES

1. To set permissions that allow the owner to read and write to a file, and group members and other users only to read, you need to add 0400, 0200, 0040 and 0004. Thus, the command can be written in two ways: chmod 644 f1 chmod u=rw,go= r f1
2. Allow everyone to execute file f2: chmod +x f2
3. Consider blocking access to file f3: chmod +l f3
4. Give everyone rights to read, write, execute, and also to reset the group ID when executing file f4: chmod =rwx,g+s f4 chmod 2777 f4

The chmod command is used to change the permissions of files or directories.

On Linux and other Unix-like operating systems For each file, there is a set of rules that determine who can access that file and how. These rules are called file permissions or file modes. The command name chmod means "change mode" and is used to determine how a file is accessed.

IN general view chmod commands look like this:

chmod permission options filename

If options are not specified, chmod changes the permissions of the file specified in file name, for the permissions specified in permissions.

Permissions define the access rights for the owner of the file ("user"), members of the group that owns the file ("group"), and everyone else ("others"). There are two ways to represent these permissions: using symbols (alphanumeric characters) or octal numbers (numbers 0 through 7).

Let's say you are the owner of a file named myfile and you want to set its permissions so that:

1. user ( u ser) could read ( r ead), write ( w rite) and execute ( x ecute) him;
2. group members ( g group) can read ( r ead) and execute ( x ecute) him;
3. as well as others ( o thers) can only read ( r ead) him.

This command will look like this:

chmod u=rwx,g=rx,o=r myfile

This example uses a symbolic permissions notation. The letters u, g, and o stand for “user,” “group,” and “other.” The equal sign (“=”) means “set permissions this way,” and the letters “r,” “w,” and “x” mean “read,” “write,” and “execute,” respectively. Commas separate the different permission classes, and there are no spaces between them.

Here is the equivalent command using octal permission notation:

chmod 754 myfile

Here, the numbers 7, 5, and 4 each individually represent permissions for user, group, and others in that order. Each digit is a combination of the numbers 4, 2, 1 and 0:

• 4 means "read"
• 2 means "write"
• 1 means "execute"
• 0 means "no permission".

So 7 is a combination of permissions 4 + 2 + 1 (read, write, and execute), 5 is 4 + 0 + 1 (read, no write, and execute), and 4 is 4 + 0 + 0 (read , no write, and no execute).

chmod syntax

chmod options

-c, --changes Similar to --verbose, but only produces verbose output when the change is actually made.

-f, --silent, --quiet Silent mode; suppress most error messages.

-v, --verbose Detailed mode; display a diagnostic message for each processed file.

--no-preserve-root Don't treat "/" (root directory) in any special way, which is the default setting.

--preserve-root Don't work recursively on "/".

--reference=RFILE Set permissions to match those of the RFILE file, ignoring any MODE specified.

-R, --recursive Change files and directories recursively.

--help Show help message and exit.

--version Print version information and exit.

Technical description

chmod changes the file mode of each specified FILE according to MODE, which can be either a symbolic representation of the change being made or an octal number representing the bit pattern for the new mode bits.

Symbolic mode format:

[[+-=]...]

where perms is zero or more letters from the set r, w, x, X, s and t, or one letter from the set u, g and o. You can specify multiple character modes, separated by commas.

A combination of the letters u, g, o and controls that will change user access to the file: the user who owns it (u), other users in the file's group (g), other users not in the file's group (o), or all users (a). If none of this is given, the effect is as if a had been given, but the bits that are set in umask were not affected.

The (+) operator causes the selected file mode bits to be added to each file's existing file mode bits; "-" causes them to be deleted; and "=" causes them to be added and causes unmentioned bits to be removed, except that immutable user installed directory bits and group IDs are not affected.

The letters r, w, x, X, s and t select the file mode bits for affected users: read (r), write (w), execute (x), execute only if the file is a directory or already has permission to execution for some user (X) set the user or group ID on execution (s), restricted delete flag, or fixed bit (t). For directories, the X and X runtime parameters determine permission to view the contents of the directory.

Instead of one or more of these letters, you can specify one of the letters u, g, or o: permissions granted to the user who owns the file (u), permissions granted to other users who are members of the file's group (g), and permissions granted to users , which do not fall into either of the two previous categories (o).

Numeric mode - one to four octal digits (0-7) obtained by adding the bits with the values ​​4, 2, and 1. The missing digits are assumed to be leading zeros. The first digit selects the specified user ID (4) and the specified group ID (2) and the restricted delete or pin attributes (1). The second digit selects the access rights for the user who owns the read (4), write (2) and execute (1) operations; the third selects access rights for other users in the file group with the same values; and a fourth for other users not in the file group, with the same values.

chmod never changes the permissions of symbolic links; The chmod system call cannot change their permissions. But this is not a problem since symlink permissions are never used. However, for each symbolic link specified in command line, chmod changes the permissions of the specified file. In contrast, chmod ignores symbolic links encountered during recursive directory traversals.

Setuid and Setgid bits

chmod clears the set-group-ID bit of a regular file if the file's group ID does not match the user's effective group ID or one of the user's secondary group IDs, unless the user has appropriate privileges. Additional restrictions may cause the set-user-ID and set-group-ID bits in MODE or RFILE to be ignored. This behavior depends on the policy and functionality of the underlying system call chmod. If in doubt, check the system behavior.

chmod preserves the set-user-ID and set-group-ID bits of a directory unless you specify otherwise. You can set or clear bits using symbolic modes such as u+s and g-s, and you can set (but not clear) bits using numeric mode.

Restricted removal flag (or "Sticky Bit")

The restricted delete flag or sticky bit is a single bit whose interpretation depends on the file type. This prevents users who do not own the file or directory from deleting or renaming a file in a directory; this is called the restricted directory deletion flag and is typically found on world-writable directories such as /tmp. For regular files on some older systems, this bit stores the program's text image on the swap device so it loads faster at startup; this is called a sticky bit.

How to view file permissions

A quick and easy way to list file permissions is by using the longlist (-l) option of the ls command. For example, to view permissions for file.txt, you can use the command:

Ls -l file.txt

Which will display output that looks like this:

Examples of using chmod

Sets the permissions for the file file.htm to “owner can read and write; the group can only read; others can only read.”

Chmod -R 755 myfiles

Recursively (-R) changes the permissions for the myfiles directory and all its folders and files to mode 755. The user can read, write, and execute; group members and other users can read and execute, but cannot write.

Chmod u=rw example.jpg

Changes the permissions for the owner of example.jpg so that the owner can read and write the file. Does not change permissions for the group or others.

Chmod u+s comphope.txt

Sets the "Set-User-ID" bit of the comphope.txt file so that anyone who tries to access this file will do so as if they were the owner of the file.

Chmod u-s comphope.txt

The opposite of the above command; clears the SUID bit

Chmod 755 file.cgi

Sets the permissions for file.cgi to "read, write, and execute by owner" and "read and execute by group and everyone else."

Chmod 666 file.txt

Sets file.txt's permission to "read/write by all".

Chmod a=rw file.txt

Performs the same thing as the above command using symbolic notation.

Related commands

chown- Change the owner of files or directories.
getfacl- Show file access control lists.
ls- a list of the contents of a directory or directories.