The chmod command is used to manage file system access permissions on Unix and Linux systems. There are three basic file system permissions applied to files and directories:
read (r)
write (w)
execute (x)
Each of these permissions can be applied to these three classes of users:
user (u)
group (g)
other (o)
The user is the account that owns the file and the group is generally a collection of users. Other is everyone else, including the public outside world.
Checking permissions
Type in ls -la
in any directory which contains files. An example output looks like this, showing the file permissions, owner and group:
$ ls -la
total 44
drwxr-xr-x 2 user group 4096 Apr 7 13:13 .
drwxr-xr-x 23 user group 4096 Apr 17 09:42 ..
-rw-r--r-- 1 user group 9632 Feb 19 2022 file-one.txt
-rw-r--r-- 1 user group 21731 Jul 11 2019 file-two.txt
Concerning the two files, file-one.txt and file-one.txt, we see the permissions represented as -rw-r--r--
.
The order of permissions from left-to-right is Owner + Group + Other. Therefore, -rw-r--r--
means:
-rw- r-- r-- (Owner can Read and Write)
-rw- r-- r-- (Group members can Read)
-rw- r-- r-- (Other users can Read)
Numerical values
Having grown up on the Internet, my brain is hardwired to think in FTP-applied permissions for HTML directories and files.
0 = --- [No permissions]
1 = --x [Can execute]
2 = -w- [Can write]
3 = -wx [Can write and execute]
4 = r-- [Can read]
5 = r-x [Can read and execute]
6 = rw- [Can read and write]
7 = rwx [Can read, write and execute]
Directories are always 755
, represented as:
drwxr-xr-x 2 user group 4096 Apr 7 13:13 .
Files are always 644
, represented as:
-rw-r--r-- 1 user group 9632 Feb 19 2022 file-one.txt
Changing permissions
Where files (such as scripts) require execution permissions, 740
works quite well. This allows only the owner to execute the file.
Script.sh shows a permission of value of 644
:
$ ls -la
-rw-r--r-- 1 user group 0 Apr 17 10:55 script.sh
To apply 740
permissions, run:
$ chmod 740 script.sh
Confirming the change:
$ ls -la
-rwxr----- 1 user group 0 Apr 17 10:55 script.sh