chmod

Change access permissions, change mode.

Syntax
       chmod [Options]... Mode [,Mode]... file...

       chmod [Options]... Numeric_Mode file...

       chmod [Options]... --reference=RFile file...

Options
  -f, --silent, --quiet   Suppress most error messages.

  -v, --verbose           Output a diagnostic for every file processed.
  -c, --changes           like verbose but report only when a change is made.

      --reference=RFile   use RFile’s mode instead of Mode values.

  -R, --recursive         Change files and directories recursively. Take care to not run
                          recursive chmod on the root '/' directory or any other system directory.

      --help              Display help and exit.

      --version           output version information and exit.

chmod changes the permissions of each given file according to mode, which can be either :

An octal number representing the bit pattern for the new permissions (755)
or
A symbolic representation of changes to make, (+-= rwxXstugoa)

Interactive Calculator:

Permissions:

Owner Group Other

Read

Write

Execute

Optionally, the Superuser and sticky codes below can be added, making a 4 digit mode, e.g. Owner: Read + Stickybit =1400

setuid

setgid

stickybit

Value

setuid
setgid
stickybit
Value

When chmod is applied to a directory:

read = List files in the directory.
write = Add new files to the directory.
execute = List all files & directory search permission.

chmod never changes the permissions of a symbolic link. This is not a problem since the permissions of symbolic links are never used. However, for each symbolic link listed on the command line, chmod changes the permissions of the pointed-to file. In contrast, chmod ignores symbolic links encountered during recursive directory traversals.

Numeric (Octal) mode:

The numeric mode is calculated as follows.
From one to four digits, any omitted digits are assumed to be leading zeros.

First digit Second digit Third digit Fourth digit

Optional attributes
default=0 The User who owns the file Group - Other users in the file’s group World/Other - users not in the file’s group

Set User ID : 4000
Set Group ID : 2000
Sticky bit : 1000 Read : 4
Write : 2
Execute : 1 Read : 4
Write : 2
Execute : 1 Read : 4
Write : 2
Execute : 1

The mode/value is calculated by adding up the values for each digit, for example:

User (rwx) = 4 + 2 + 1 = 7
Group(rx) = 4 + 1 = 5
World (rx) = 4 + 1 = 5
Concatenating those three numbers we get a mode = 755

Numeric Examples

Grant read permission to User + Group + World:
$ chmod 444 file

Allow User all rights, but Group + World: to only read, and execute the file:
$ chmod 755 file

Allow Group + World: to read, and execute all files under directory:
$ chmod -R 755 directory

Make file readable by anyone and writable by the owner only:
$ chmod 644 file

Make file readable and writable by the Group + World:
$ chmod 066 file

All the individual modes:

chmod 400 file - Read by Owner
chmod 040 file - Read by Group
chmod 004 file - Read by World

chmod 200 file - Write by Owner
chmod 020 file - Write by Group
chmod 002 file - Write by World

chmod 100 file - Execute by Owner
chmod 010 file - Execute by Group
chmod 001 file - Execute by World

To combine these, just add the numbers together:
Grant Read permission to Owner + Group + World = chmod 444 file
Everything - Allow Owner + Group + World to Read +Write + Execute file = chmod 777 file

First digit	Second digit	Third digit	Fourth digit
Optional attributes default=0	The User who owns the file	Group - Other users in the file’s group	World/Other - users not in the file’s group
Set User ID : 4000 Set Group ID : 2000 Sticky bit : 1000	Read : 4 Write : 2 Execute : 1	Read : 4 Write : 2 Execute : 1	Read : 4 Write : 2 Execute : 1

Symbolic Mode

The format of a symbolic mode is a combination of the letters +-= rwxXstugoa
Multiple symbolic operations can be given, separated by commas.
The full syntax is [ugoa...][[+-=][rwxXstugo...]...][,...] but this is explained below.

A combination of the letters ugoa controls which users' access to the file will be changed:

User letter

The user who owns it u

Other users in the file’s Group g

Other users not in the file’s group o

All users (equivalent to ugo) a

If none of these are given, the effect is as if (a) were given, but bits that are set in the umask are not affected.

The operator '+' causes the permissions selected to be added to the existing permissions of each file;
'-' causes them to be removed; and '=' causes them to be the only permissions that the file has.

if = is specified with no who then all (owner, group and other) will be cleared.

The letters 'rwxXstugo' select the new permissions for the affected users:

Permission letter

Read r

Write w

Execute (or access for directories) x

Execute only if the file is a directory
(or already has execute permission for some user) X

Set User ID and Group ID on execution bits. s

Restricted deletion flag or sticky bit t

The permissions that the User who owns
the file currently has for it u

The permissions that other users in the
file’s Group have for it g

Permissions that Other users not in the
file’s group have for it o

Symbolic Mode Examples

Deny execute permission to everyone:

$ chmod a-x file

Allow read permission to everyone:

$ chmod a+r file

Make a file readable and writable by the group and others:

$ chmod go+rw file

Make a shell script executable by the user/owner:

$ chmod u+x myscript.sh

You can then execute it like this:

$ ./myscript.sh

Allow everyone to read, write, and execute the file and turn on the set group-ID:

$ chmod =rwx,g+s file

User	letter
The user who owns it	u
Other users in the file’s Group	g
Other users not in the file’s group	o
All users (equivalent to ugo)	a

Permission	letter
Read	r
Write	w
Execute (or access for directories)	x
Execute only if the file is a directory (or already has execute permission for some user)	X
Set User ID and Group ID on execution bits.	s
Restricted deletion flag or sticky bit	t
The permissions that the User who owns the file currently has for it	u
The permissions that other users in the file’s Group have for it	g
Permissions that Other users not in the file’s group have for it	o

Symbolic vs Numeric mode

Above we covered the two methods of specifying permissions, Symbolic and Numeric/Octal.

The symbolic notation is more fine-grained, allowing the modification of specific mode bits while leaving other mode bits untouched. this is particularly useful for a script where you don't know what the current permissions are.

For example, to remove all (rwx) permissions from Other/World using symbolic notation, we can do

chmod o-rwx file

With Numeric notation, you would have to know, or assume, the permissions for User and Group.

This page documents the GNU version of chmod.

“It’s easier to ask forgiveness than it is to get permission” ~ Rear Admiral Grace Hopper

Related Linux commands

access - Determine whether a file can be accessed.
ls -l - List current permissions: -- u (owner) -- g (group) -- O (Other).
chgrp - Change group ownership.
chown - Change file owner and group.
getfacl - Get file access control lists.
setfacl - Set file access control lists.
stat - Display file or file system status.
umask - Users file creation mask.
bash syntax - Permissions
Equivalent Windows command: CACLS - Change file permissions.

chmod

Numeric (Octal) mode:

Symbolic Mode

Symbolic Mode Examples

Symbolic vs Numeric mode

Related Linux commands