How to Change File Permissions in Linux (chmod command)

Updated on

11 min read

Linux Chmod Command

In Linux, you can control file access through permissions, attributes, and ownership. This ensures that only authorized users and processes can read, modify, or execute files and directories.

This tutorial explains how to use the chmod command to change permissions on files and directories.

Linux File Permissions Overview

Before going further, let’s explain the basic Linux permissions model.

Every file and directory in Linux has an owner and a group, and is assigned permission access rights for three different classes of users:

  • Owner (the user who owns the file)
  • Group (users in the file’s group)
  • Others (everyone else)

File ownership can be modified with chown (for owner) and chgrp (for group).

Three file permission types apply to each class:

  • Read (r): View file contents or list directory contents
  • Write (w): Modify file or add/remove items in a directory
  • Execute (x): Run file as program/script or enter (cd) directory

Special bits (setuid, setgid, sticky) appear as s, S, t, or T in the execute position.

This concept allows you to specify which users are allowed to read, write, or execute the file.

File permissions can be viewed using the ls command:

Terminal
ls -l filename.txt
output
-rw-r--r-- 12 linuxize users 12.0K Apr  8 20:51 filename.txt
|[-][-][-]-   [------] [---]
| |  |  | |      |       |
| |  |  | |      |       +-----------> 7. Group
| |  |  | |      +-------------------> 6. Owner
| |  |  | +--------------------------> 5. Alternate Access Method
| |  |  +----------------------------> 4. Others Permissions
| |  +-------------------------------> 3. Group Permissions
| +----------------------------------> 2. Owner Permissions
+------------------------------------> 1. File Type

Breakdown:

  • The first character shows the file type. It can be a regular file (-), a directory (d), a symbolic link (l), or any other special type of file.

  • The following nine characters represent the file permissions, three triplets of three characters each. The first triplet shows the owner permissions, the second one group permissions, and the last shows others permissions. The permissions can have a different meaning depending on the file type.

In the example (rw-r--r--):

  • The file owner has read and write permissions (rw-)
  • The group and others have only read permissions (r--)

The permission types can have different effects, depending on whether they are set to a file or to a directory:

Permissions on Files

PermissionCharacterMeaning on File
Read-The file is not readable. Cannot view contents.
rThe file is readable.
Write-The file cannot be deleted or modified.
wThe file can be deleted or modified.
Execute-The file cannot be executed.
xThe file can be executed and run as a program/script.
sIf found in the user triplet, it sets the setuid bit. If found in the group triplet, it sets the setgid bit. It also means that the x flag is set.
When the setuid or setgid flags are set on an executable file, the file is executed with the file’s owner and/or group privileges.
SSame as s, but the x flag is not set. This flag is rarely used on files.
tIf found in the others triplet, it sets the sticky bit.
It also means that the x flag is set. This flag is useless on files.
TSame as t, but the x flag is not set. This flag is useless on files.

Permissions on Directories (Folders)

Info
In Linux, directories are special types of files that contain other files and directories.
PermissionCharacterMeaning on Directory
Read-The directory’s contents cannot be listed.
rThe directory’s contents can be listed.
(e.g., You can list files inside the directory with ls .)
Write-The directory’s contents cannot be altered.
wThe directory’s contents can be altered.
(e.g., You can create new files , rename files, delete files , etc.)
Execute-The directory cannot be changed to (Cannot enter).
xThe directory can be navigated using cd .
sIf found in the user triplet, it sets the setuid bit. If found in the group triplet it sets the setgid bit. It also means that the x flag is set. When the setgid flag is set on a directory, the new files created within it inherit the directory group ID (GID), instead of the primary group ID of the user who created the file.
setuid has no effect on directories.
SSame as s, but the x flag is not set. This flag is useless on directories.
tIf found in the others triplet, it sets the sticky bit.
It also means that the x flag is set. When the sticky bit is set on a directory, only the file’s owner, the directory’s owner, or an administrative user can delete or rename the files within the directory.
TSame as t, but the x flag is not set. This flag is useless on directories.

Using the chmod Command

The chmod command takes the following syntax:

sh
chmod [OPTIONS] MODE FILE...

The chmod command allows you to change the permissions on a file using either a symbolic or numeric mode or a reference file. We will explain the modes in more detail later in this article. The command can accept one or more files and/or directories separated by spaces as arguments.

Only the root, the file owner, or a user with sudo privileges can change the permissions of a file. Be extra careful when using chmod, especially when changing permissions recursively.

Symbolic (Text) Method

Syntax:

sh
chmod [OPTIONS] [ugoa…][-+=]perms…[,…] FILE...

The first set of flags ([ugoa…]) represent the users’ classes:

  • u - The file owner.
  • g - The users who are members of the group.
  • o - All other users.
  • a - All users, identical to ugo.

If the user’s flag is omitted, the default one is a, and the permissions that are set by umask are not affected.

The second set of flags ([-+=]), the operation flags, defines whether the permissions are to be removed, added, or set:

  • - Removes the specified permissions.
  • + Adds specified permissions.
  • = Changes the current permissions to the specified permissions. If no permissions are specified after the = symbol, all permissions from the specified user class are removed.

The permissions (perms...) can be explicitly set using either zero or one or more of the following letters: r, w, x, X, s, and t. Use a single letter from the set u, g, and o when copying permissions from one user’s class to another user’s class.

When setting permissions for more than one user class ([,…]), use commas (without spaces) to separate the symbolic modes.

Below are some examples of how to use the chmod command in symbolic mode:

  • Give the members of the group permission to read the file, but not to write and execute it:

    Terminal
    chmod g=r filename

  • Remove the execute permission for all users:

    Terminal
    chmod a-x filename

  • Recursively remove the write permission for other users:

    Terminal
    chmod -R o-w dirname

  • Remove the read, write, and execute permission for all users except the file’s owner:

    Terminal
    chmod og-rwx filename

    The same can be also accomplished by using the following form:

    Terminal
    chmod og= filename

  • Give read, write, and execute permissions to the file’s owner, read permissions to the file’s group, and no permissions to all other users:

    Terminal
    chmod u=rwx,g=r,o= filename

  • Add the file’s owner permissions to the permissions that the members of the file’s group have:

    Terminal
    chmod g+u filename

  • Add a sticky bit to a given directory:

    Terminal
    chmod o+t dirname

Numeric (Octal) Method

Basic syntax:

sh
chmod [OPTIONS] NUMBER FILE...

In numeric mode, you set permissions for all three user classes (owner, group, and others) at once.

When using the numeric mode, you can set the permissions for all three user classes (owner, group, and all others) at the same time.

The NUMBER can be a 3 or 4 digits number.

When a three-digit number is used, the first digit represents the permissions for the file’s owner, the second for the file’s group, and the last for all other users.

Each write, read, and execute permissions have the following number value:

  • r (read) = 4
  • w (write) = 2
  • x (execute) = 1
  • no permissions = 0

The permissions number for a specific user class is the sum of the values of the permissions for that group.

To find out the file’s permissions in numeric mode, simply calculate the totals for all user classes. For example, to give read, write, and execute permission to the file’s owner, read and execute permissions to the file’s group, and only read permissions to all other users, you would do the following:

  • Owner: rwx=4+2+1=7
  • Group: r-x=4+0+1=5
  • Others: r-x=4+0+0=4

Using the method above, we come up with the number 754, which represents the desired permissions.

To set up the setuid, setgid, and sticky bit flags use a four-digit number.

When the four-digit number is used, the first digit has the following meaning:

  • setuid=4
  • setgid=2
  • sticky=1
  • no changes = 0

The next three digits have the same meaning as when using a three-digit number.

If the first digit is 0, it can be omitted, and the mode can be represented with 3 digits. The numeric mode 0755 is equivalent to 755.

To calculate the numeric mode, you can also use another method (the binary method), but it is a little more complicated. Knowing how to calculate the numeric mode using 4, 2, and 1 is sufficient for most users.

You can check the file’s permissions in the numeric notation using the stat command:

sh
stat -c "%a" filename
output
644

Here are some examples of how to use the chmod command in numeric mode:

  • Give the file’s owner read and write permissions and only read permissions to group members and all other users:

    Terminal
    chmod 644 dirname

  • Give the file’s owner read, write, and execute permissions, read and execute permissions to group members, and no permissions to all other users:

    Terminal
    chmod 750 dirname

  • Give read, write, and execute permissions, and a sticky bit to a given directory:

    Terminal
    chmod 1777 dirname

  • Recursively set read, write, and execute permissions to the file owner and no permissions for all other users on a given directory:

    Terminal
    chmod -R 700 dirname

Using a Reference File

The --reference=ref_file option allows you to set the file’s permissions to be the same as those of the specified reference file (ref_file).

sh
chmod --reference=REF_FILE FILE

For example, the following command will assign the permissions of file1 to file2:

Terminal
chmod --reference=file1 file2

Recursively Change the File’s Permissions

To recursively operate on all files and directories under the given directory, use the -R (--recursive) option:

sh
chmod -R MODE DIRECTORY

For example, to change the permissions of all files and subdirectories under the /var/www directory to 755, you would use:

Terminal
chmod -R 755 /var/www

Recursive changes may affect unintended files and can be dangerous. When not sure, test with find ... -print first. You can also limit the scope with the find command.

Symbolic links always have 777 permissions.

By default, when changing a symlink’s permissions, chmod will change the permissions on the file the link is pointing to.

Terminal
chmod 755 symlink

Chances are that instead of changing the target ownership, you will get a “cannot access ‘symlink’: Permission denied” error.

The error occurs because, by default, symlinks are protected on most Linux distributions, so you cannot operate on the target files. This option is set in /proc/sys/fs/protected_symlinks. 1 means enabled and 0 disabled. It is recommended not to disable the symlink protection.

Changing File Permissions in Bulk

Sometimes you need to bulk change file and directory permissions. The most common scenario is to recursively change the website’s files permissions to 644 and the directories permissions to 755.

Using the numeric method:

Terminal
find /var/www/my_website -type d -exec chmod 755 {} \;
find /var/www/my_website -type f -exec chmod 644 {} \;

Using the symbolic method:

Terminal
find /var/www/my_website -type d -exec chmod u=rwx,go=rx {} \;
find /var/www/my_website -type f -exec chmod u=rw,go=r {} \;

The find command will search for files and directories under /var/www/my_website and pass each found file and directory to the chmod command to set the permissions.

Troubleshooting Common chmod Errors

Here are frequent issues and how to fix them:

  • “Permission denied” You don’t have the authority to change permissions. Fix: Use sudo chmod ... or switch to root or the file owner.

  • “No such file or directory” The path is incorrect, or the file doesn’t exist. Fix: Verify that the file exists with ls, use absolute paths, or tab-complete.

  • “Operation not permitted” (even with sudo) Caused by filesystem mounts (e.g., FAT/NTFS), immutable attributes, or SELinux/AppArmor. Fix: Check with the mount command for noexec/nodev; remove the immutable flag with chattr -i file; review security policies.

  • Changes not applying to symbolic links Using chmod on a symlink may fail due to protected_symlinks. Fix: Use chmod on the target file.

  • Invalid mode errors (e.g., “invalid mode: ‘abc’”) Typo in symbolic or numeric mode. Fix: Double-check syntax; numeric modes must be 3-4 digits (e.g., no leading zeros beyond 4 digits).

Use chmod --verbose to see what changes are applied, and always verify afterward with ls -l.

Conclusion

The chmod command is essential for managing file permissions in Linux, using symbolic, numeric, or reference modes.

For full details, visit the chmod man page.

If you have any questions or feedback, feel free to leave a comment.

Tags: linux commands