So to understand this concept in a simpler way, think of file permissions as a 3x3 matrix, where owners, groups, and others each have r, w, and x settings. In the above example:
Now, let’s see the default permission values for a directory. Let's say the directory
chmod_directory
was created with the default permissions of 755. Unlike files, a directory has files in it. In order for anyone other than the owner to '
cd
' into the directory, it needs an execute permission, which in turn makes the directory:
Note: The r-x designation does NOT mean r minus x, it means read and execute but missing write. The - is a placeholder for a permission.
(Please take a minute to think about why this is the default behavior.)
Ok, now that you have learned the basics of file and directory permissions, let’s take a look into the
chmod
command, which helps with making permission changes for files and directories.
This manual page documents the GNU version of chmod. chmod changes the file mode bits of each given file according to mode, which can be either a symbolic representation of changes to make, or an octal number representing the bit pattern for the new mode bits.
The format of a symbolic mode is [ugoa...][[+-=][perms...]...], where perms is either zero or more letters from the set rwxXst, or a single letter from the set ugo. Multiple symbolic modes can be given, separated by commas.
A combination of the letters ugoa controls which users' access to the file will be changed: the user who owns it (u), other users in the file's group (g), other users not in the file's group (o), or all users (a). If none of these are given, the effect is as if a were given, but bits that are set in the umask are not affected.
Using octal representation
For changing file permissions, you can either use octal representation (numeric), or symbolic representation (the letters). In octal representation, the first digit is for the user, the second digit is for the group, and the third digit is for others. Let’s look at two examples of setting permissions with octal representation to understand this concept.
Example 1
: If you want to give read (4), write (2), and execute (1) permissions to both the user and group, and only read (4) permission to others, you can use:
localhost@user1$ chmod 774 <file-name>
Example 2
: If you want to restrict write permissions to all others except the file’s owner, you can use:
localhost@user1$ chmod 744 <file-name>
Using symbolic representation
You can also change permissions using symbolic representation rather than numeric. Symbolic representation is assigning permissions to user (u), group (g), and others (o) using letters (symbols) and the letter designations: r, w, and x.
Let’s look at these examples again, but using symbolic representation.
Example 1
: Read, write, and execute for the user and group, plus only read for others, maps as:
localhost@user1$ chmod ug+rwx,o+r <filename>
Example 2
: Read, write, and execute for the user and only read permissions for group and others maps as:
localhost@user1$ chmod u+rwx,go+r <file-name>
Awesome, I’m proud of you all: You have now mastered file permission concepts. But I’ll caution you that there are two dangerous scenarios that you might want to avoid, so keep this as a best practice while using chmod. Avoid using boundary cases, such as
chmod 777 <file-name>
and
chmod 000 <filename>
. Using
chmod 777 <file-name>
gives everyone rwx permissions, and it is generally not a good practice to give full powers to all the users in a system. The second case, I will leave you guys to figure out.
Using umasks
I will leave you guys with one more concept that you need to be aware of (umask) that decides the default permissions for a file. Overall, the default values are:
-
Umask: 0022
-
File: 0666
-
Directory: 0777
As you might remember, the default file permission value is 0644, and the default directory’s is 0755. The default umask value is subtracted from the overall file/directory default value. You can set the umask values in
/etc/profile
or in
~/.bashrc
.
Wrapping up
Chmod is a great Linux command for manipulating file and directory permissions. With the concepts mentioned in this article, you are equipped with sufficient knowledge to handle permissions in Linux-based distros.
I work as a Solutions Engineer at Red Hat and my day-to-day work involves OpenShift and Ansible. I'm highly passionate about open source software, cloud, security, and networking technologies.
More about me
Troubleshooting Linux performance, building a golden image for your RHEL homelab, and more tips for sysadmins
Check out Enable Sysadmin's top 10 articles from March 2023.
The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. The content published on this site are community contributions and are for informational purpose only AND ARE NOT, AND ARE NOT INTENDED TO BE, RED HAT DOCUMENTATION, SUPPORT, OR ADVICE.
Red Hat and the Red Hat logo are trademarks of Red Hat, Inc., registered in the United States and other countries.
