The chmod command enables you to change the permissions on a file. You must be superuser or the owner of a file or directory to change its permissions.
You can use the chmod command to set permissions in either of two modes:
Absolute Mode – Use numbers to represent file permissions (the method most commonly used to set permissions). When you change permissions by using the absolute mode, you represent permissions for each triplet by an octal mode number.
Symbolic Mode – Use combinations of letters and symbols to add or remove permissions.
The following table lists the octal values for setting file permissions in absolute mode. You use these numbers in sets of three to set permissions for owner, group, and other (in that order). For example, the value 644 sets read and write permissions for owner, and read-only permissions for group and other.
Table 16–5 Setting File Permissions in Absolute Mode
Octal Value |
File Permissions Set |
Permissions Description |
---|---|---|
0 |
--- |
No permissions |
1 |
--x |
Execute permission only |
2 |
-w- |
Write permission only |
3 |
-wx |
Write and execute permissions |
4 |
r-- |
Read permission only |
5 |
r-x |
Read and execute permissions |
6 |
rw- |
Read and write permissions |
7 |
rwx |
Read, write, and execute permissions |
You can set special permissions on a file in absolute or symbolic modes. However, you cannot set or remove setuid permissions on a directory by using absolute mode. You must use symbolic mode. In absolute mode, you set special permissions by adding a new octal value to the left of the permission triplet. The following table lists the octal values to set special permissions on a file.
Table 16–6 Setting Special Permissions in Absolute Mode
Octal Value |
Special Permissions Set |
---|---|
1 |
Sticky bit |
2 |
setguid |
4 |
setuid |
The following table lists the symbols for setting file permissions in symbolic mode. Symbols can specify whose permissions are to be set or changed, the operation to be performed, and the permissions that are being assigned or changed.
Table 16–7 Setting File Permissions in Symbolic Mode
Symbol |
Function |
Description |
---|---|---|
u |
Who |
User (owner) |
g |
Who |
Group |
o |
Who |
Others |
a |
Who |
All |
= |
Operator |
Assign |
+ |
Operator |
Add |
- |
Operator |
Remove |
r |
Permission |
Read |
w |
Permission |
Write |
x |
Permission |
Execute |
l |
Permission |
Mandatory locking, setgid bit is on, group execution bit is off |
s |
Permission |
setuid or setgid bit is on |
S |
Permission |
suid bit is on, user execution bit is off |
t |
Permission |
Sticky bit is on, execution bit for others is on |
T |
Permission |
Sticky bit is on, execution bit for others is off |
The who operator permission designations in the function column specifies the symbols that change the permissions on the file or directory.
who |
Specifies whose permissions are to be changed. |
operator |
Specifies the operation to be performed. |
permissions |
Specifies what permissions are to be changed. |
Use the following procedure to change permissions in absolute mode.
If you are not the owner of the file or directory, become superuser or assume an equivalent role.
Only the current owner or superuser can use the chmod command to change file permissions on a file or directory.
Change permissions in absolute mode by using the chmod command.
$ chmod nnn filename |
nnn |
Specifies the octal values that represent the permissions for the file owner, file group, and others, in that order. See Table 16–5 for the list of valid octal values. |
filename |
Specifies the file or directory. |
If you use the chmod command to change the file group permissions on a file with ACL entries, both the file group permissions and the ACL mask are changed to the new permissions. Be aware that the new ACL mask permissions can change the permissions for additional users and groups who have ACL entries on the file. Use the getfacl command to make sure that the appropriate permissions are set for all ACL entries. For more information, see the getfacl(1) man page.
Verify that the permissions of the file have changed.
$ ls -l filename |
In the following example, the permissions of a public directory are changed from 744 (read, write, execute; read-only; and read-only) to 755 (read, write, execute; read and execute; and read and execute).
$ ls -ld public_dir drwxr--r-- 1 ignatz staff 6023 Aug 5 12:06 public_dir $ chmod 755 public_dir $ ls -ld public_dir drwxr-xr-x 1 ignatz staff 6023 Aug 5 12:06 public_dir |
In the following example, the permissions of an executable shell script are changed from read and write to read, write, and execute.
$ ls -l my_script -rw------- 1 ignatz staff 6023 Aug 5 12:06 my_script $ chmod 700 my_script $ ls -l my_script -rwx------ 1 ignatz staff 6023 Aug 5 12:06 my_script |
Use the following procedure to change special permissions in absolute mode.
If you are not the owner of the file or directory, become superuser or assume an equivalent role.
Only the current owner or superuser can use the chmod command to change the special permissions on a file or directory.
Change special permissions in absolute mode by using the chmod command.
$ chmod nnnn filename |
nnnn |
Specifies the octal values that change the permissions on the file or directory. The first octal value on the left sets the special permissions on the file. For the list of valid octal values for the special permissions, see Table 16–6. |
filename |
Specifies the file or directory. |
If you use the chmod command to change the file group permissions on a file with ACL entries, both the file group permissions and the ACL mask are changed to the new permissions. Be aware that the new ACL mask permissions can change the permissions for additional users and groups who have ACL entries on the file. Use the getfacl command to make sure that the appropriate permissions are set for all ACL entries. For more information, see the getfacl(1) man page.
Verify that the permissions of the file have changed.
$ ls -l filename |
In the following example, the setuid permission is set on the dbprog file.
$ chmod 4555 dbprog $ ls -l dbprog -r-sr-xr-x 1 db staff 12095 May 6 09:29 dbprog |
In the following example, the setgid permission is set on the dbprog2 file.
$ chmod 2551 dbprog2 $ ls -l dbprog2 -r-xr-s--x 1 db staff 24576 May 6 09:30 dbprog2 |
In the following example, the sticky bit permission is set on the public_dir directory.
$ chmod 1777 public_dir $ ls -ld public_dir drwxrwxrwt 2 ignatz staff 512 May 15 15:27 public_dir |
Use the following procedure to change permissions in symbolic mode.
If you are not the owner of the file or directory, become superuser.
Only the current owner or superuser can use the chmod command to change file permissions on a file or directory.
Change permissions in symbolic mode by using the chmod command.
$ chmod who operator permission filename |
who operator permission |
who specifies whose permissions are to be changed, operator specifies the operation to be performed, and permission specifies what permissions are to be changed. For the list of valid symbols, see Table 16–7. |
filename |
Specifies the file or directory. |
Verify that the permissions of the file have changed.
$ ls -l filename |
In the following example, read permission are taken away from others.
$ chmod o-r filea |
In the following example, read and execute permissions are added for user, group, and others.
$ chmod a+rx fileb |
In the following example, read, write, and execute permissions are assigned to group.
$ chmod g=rwx filec |