The chmod command enables you to change the permissions on a file. You must be superuser or the owner of a file or directory to change its permissions.
You can use the chmod command to set permissions in either of two modes:
Absolute Mode - Use numbers to represent file permissions (the method most commonly used to set permissions). When you change permissions by using the absolute mode, represent permissions for each triplet by an octal mode number.
Symbolic Mode - Use combinations of letters and symbols to add or remove permissions.
The table below lists the octal values for setting file permissions in absolute mode. You use these numbers in sets of three to set permissions for owner, group, and other (in that order). For example, the value 644 sets read/write permissions for owner, and read-only permissions for group and other.
Table 17-5 Setting File Permissions in Absolute Mode
Octal Value |
File Permissions Set |
Permissions Description |
---|---|---|
0 |
--- |
No permissions |
1 |
--x |
Execute permission only |
2 |
-w- |
Write permission only |
3 |
-wx |
Write and execute permissions |
4 |
r-- |
Read permission only |
5 |
r-x |
Read and execute permissions |
6 |
rw- |
Read and write permissions |
7 |
rwx |
Read, write, and execute permissions |
You can set special permissions on a file in absolute or symbolic modes. In absolute mode, you set special permissions by adding a new octal value to the left of the permission triplet. The table below lists the octal values to set special permissions on a file.
Table 17-6 Setting Special Permissions in Absolute Mode
Octal Value |
Special Permissions Set |
---|---|
1 |
Sticky bit |
2 |
setguid |
4 |
setuid |
The table below lists the symbols for setting file permissions in symbolic mode. Symbols can specify whose permissions are to be set or changed, the operation to be performed, and the permissions being assigned or changed.
Table 17-7 Setting File Permissions in Symbolic Mode
Symbol |
Function |
Description |
---|---|---|
u |
Who |
User (owner) |
g |
Who |
Group |
o |
Who |
Others |
a |
Who |
All |
= |
Operation |
Assign |
+ |
Operation |
Add |
- |
Operation |
Remove |
r |
Permission |
Read |
w |
Permission |
Write |
x |
Permission |
Execute |
l |
Permission |
Mandatory locking, setgid bit is on, group execution bit is off |
s |
Permission |
setuid or setgid bit is on |
S |
Permission |
suid bit is on, user execution bit is off |
t |
Permission |
Sticky bit is on, execution bit for others is on |
T |
Permission |
Sticky bit is on, execution bit for others is off |
The who operator permission designations in the function column specifies the symbols that change the permissions on the file or directory.
who |
Specifies whose permissions are changed. |
operator |
Specifies the operation to perform. |
permissions |
Specifies what permissions are changed. |
If you are not the owner of the file or directory, become superuser.
Only the current owner or superuser can use the chmod command to change file permissions on a file or directory.
Change permissions in absolute mode by using the chmod command.
$ chmod nnn filename |
nnn |
Specifies the octal values that represent the permissions for the file owner, file group, and others, in that order. See Table 17-5 for the list of valid octal values. |
filename |
Specifies the file or directory. |
If you use chmod to change the file group permissions on a file with ACL entries, both the file group permissions and the ACL mask are changed to the new permissions. Be aware that the new ACL mask permissions can change the effective permissions for additional users and groups who have ACL entries on the file. Use the getfacl(1) command to make sure the appropriate permissions are set for all ACL entries.
Verify the permissions of the file have changed.
$ ls -l filename |
The following example shows changing the permissions of a public directory from 744 (read/write/execute, read-only, and read-only) to 755 (read/write/execute, read/execute, and read/execute).
$ ls -ld public_dir drwxr--r-- 1 ignatz staff 6023 Aug 5 12:06 public_dir $ chmod 755 public_dir $ ls -ld public_dir drwxr-xr-x 1 ignatz staff 6023 Aug 5 12:06 public_dir |
The following example shows changing the permissions of an executable shell script from read/write to read/write/execute.
$ ls -l my_script -rw------- 1 ignatz staff 6023 Aug 5 12:06 my_script $ chmod 700 my_script $ ls -l my_script -rwx------ 1 ignatz staff 6023 Aug 5 12:06 my_script |
If you are not the owner of the file or directory, become superuser.
Only the current owner or superuser can use the chmod command to change the special permissions on a file or directory.
Change special permissions in absolute mode by using the chmod command.
$ chmod nnnn filename |
nnnn |
Specifies the octal values that change the permissions on the file or directory. The first octal value on the left sets the special permissions on the file. See Table 17-6 for the list of valid octal values for the special permissions. |
filename |
Specifies the file or directory. |
If you use chmod to change the file group permissions on a file with ACL entries, both the file group permissions and the ACL mask are changed to the new permissions. Be aware that the new ACL mask permissions can change the effective permissions for additional users and groups who have ACL entries on the file. Use the getfacl(1) command to make sure the appropriate permissions are set for all ACL entries.
Verify the permissions of the file have changed.
$ ls -l filename |
The following example sets setuid permission on the dbprog file.
$ chmod 4555 dbprog $ ls -l dbprog -r-sr-xr-x 1 db staff 12095 May 6 09:29 dbprog |
The following example sets setgid permission on the dbprog2 file.
$ chmod 2551 dbprog2 $ ls -l dbprog2 -r-xr-s--x 1 db staff 24576 May 6 09:30 dbprog2 |
The following example sets sticky bit permission on the pubdir directory.
$ chmod 1777 pubdir |
If you are not the owner of the file or directory, become superuser.
Only the current owner or superuser can use the chmod command to change file permissions on a file or directory.
Change permissions in symbolic mode by using the chmod command.
$ chmod who operator permission filename |
who operator permission |
who specifies whose permissions are changed, operator specifies the operation to perform, and permission specifies what permissions are changed. See Table 17-7 for the list of valid symbols. |
filename |
Specifies the file or directory. |
Verify the permissions of the file have changed.
$ ls -l filename |
The following example takes away read permission from others.
$ chmod o-r filea |
The following example adds read and execute permissions for user, group, and others.
$ chmod a+rx fileb |
The following example assigns read, write, and execute permissions to group.
$ chmod g=rwx filec |