chmod – change file permissions
chmod changes the access permissions of files and directories. Permissions control who can read, write, or execute a file.
Synopsis
chmod [OPTIONS] MODE FILE...
chmod [OPTIONS] OCTAL FILE...
Permission Basics
Each file has three permission sets:
- User (u) — the file owner
- Group (g) — members of the file’s group
- Others (o) — everyone else
Each set can have:
- r (read) — view contents
- w (write) — modify contents
- x (execute) — run as program / enter directory
Common Options
| Option | Description |
|---|---|
-R | Recursive (apply to directories and contents) |
-v | Verbose (show files being changed) |
-c | Report only when changes are made |
--reference=FILE | Copy permissions from another file |
Symbolic Mode
Use letters to add (+), remove (-), or set (=) permissions:
| Command | Meaning |
|---|---|
chmod u+x file | Add execute for user |
chmod g-w file | Remove write for group |
chmod o=r file | Set others to read only |
chmod a+x file | Add execute for all (user, group, others) |
chmod ug+rw file | Add read/write for user and group |
Octal Mode
Permissions can be set using octal numbers (0-7):
| Number | Permission | Meaning |
|---|---|---|
| 0 | --- | No permissions |
| 1 | --x | Execute only |
| 2 | -w- | Write only |
| 3 | -wx | Write and execute |
| 4 | r-- | Read only |
| 5 | r-x | Read and execute |
| 6 | rw- | Read and write |
| 7 | rwx | Read, write, execute |
Common Octal Permissions
| Mode | Permissions | Use Case |
|---|---|---|
755 | rwxr-xr-x | Executables, public directories |
644 | rw-r--r-- | Regular files |
700 | rwx------ | Private executables |
600 | rw------- | Private files (SSH keys) |
777 | rwxrwxrwx | Full access (avoid!) |
Examples
Make a script executable
$ chmod +x script.sh
$ ls -l script.sh
-rwxr-xr-x 1 greys staff 1024 Jan 15 10:00 script.sh
Set specific permissions with octal
$ chmod 644 document.txt
$ ls -l document.txt
-rw-r--r-- 1 greys staff 2048 Jan 15 10:00 document.txt
Secure SSH private key
$ chmod 600 ~/.ssh/id_rsa
Make directory accessible to group
$ chmod 775 shared_folder/
Apply recursively to directory
$ chmod -R 755 /var/www/html/
Remove all permissions for others
$ chmod o-rwx private_file.txt
Copy permissions from another file
$ chmod --reference=file1.txt file2.txt
Add execute for directories only (recursive)
$ find /path -type d -exec chmod +x {} \;
Special Permissions
| Mode | Name | Effect |
|---|---|---|
4xxx | setuid | Run as file owner |
2xxx | setgid | Run as file group / inherit group in dirs |
1xxx | sticky | Only owner can delete (e.g., /tmp) |
# Set sticky bit on directory
$ chmod 1777 /tmp
# Set setuid on executable
$ chmod 4755 /usr/bin/passwd
Tips
- Check before changing:
ls -l fileto see current permissions - Directories need +x to be entered (cd into them)
- Avoid 777 — it’s a security risk
- SSH keys must be 600 or SSH will refuse to use them
- Web files typically need 644 (files) and 755 (directories)
See Also
Related Commands
- chown — Change file owner and group
- ls — List files (use
-lto see permissions) - umask — Set default permissions for new files
