Chmod is the system call used to change the access permissions for files and directories. It is also capable of changing additional permissions or special modes. The current status can be checked with "ls -l".
The general syntax of the Chmod call is
$ chmod [options] mode[,mode] file1 [file2 ...]
|-r||Recursive, i.e. include objects in subdirectories|
|-f||force processing to continue if errors occur|
|-v||verbose, show objects changed (unchanged objects are not shown)|
The main part of the chmod calls are the octal modes.
|first character||r: readable|
|second character||w: writable|
|third character||x: executable|
"Set user id" (setuid for short) allows users to execute the program with the same rights as its owner. Similarly, "set group id" (setgid) lets group members execute the program with the same permissions as the group owner. The so-called "sticky bit" is deprecated regarding executable files. It used to ensure that the program's text image was kept inside the swap space after the execution had ended. For shared directories, however, the sticky bit guarantees that only the owner of a file is allowed to delete and rename said file. The permissions to read, write or execute a file are not affected by the sticky bit.
The very first character (in front of the first triad) shows the type of the file and cannot be changed with chmod.
|Common file types|
|-||a file (e.g. executable, document, picture, etc.)|
The file permissions can also be represented in decimal numbers in the chmod call. Up to 4 digits can be set where the leading digit is optional and used to specify the special setuid, setgid, and sticky flags. The remaining 3 digits represent the read, write and execute permissions.
|7||read, write and execute||rwx||111|
|6||read and write||rw-||110|
|5||read and execute||r-x||101|
|3||write and execute||-wx||011|
For example, the call
$ chmod 777 file1
enables reading, writing and executing for the owner, the group and all other users (use with care!).
Valid values for the optional first digit (sticky bit) are:
|1||only the owner is allowed to delete and rename files in the directory|
|2||setgid: give permissions to delete and rename files to group|
|4||setuid: give permissions to delete and rename files to user|
Another way to use chmod is the symbolic mode. The permissions are specified by a string using this structure:
|u||user: owner of the file/directory|
|g||group: members of a group a file/directory belongs to|
|o||other: users that are not part of the group and not the owner|
|a||all: all three classes above (affects all triads)|
|+||adds permissions on its right side to the classes on its left side|
|-||removes specified permissions from the given classes|
|=||sets the permissions exactly as specified|
For the modes, see above.
Give execute permissions to users, groups and others:
chmod a+x file1
Remove read and write permissions from others and the group:
chmod go-rw file1
Set user and group permissions to "rw-":
chmod ug=rw file1
Commonly used calls
A few example calls that are commonly used:
|chmod 664 file1||sets read and write permissions for owner and group, and provides read to others.|
|chmod 744 file1||sets read, write and execute for the owner and read only for the group and all others.|
|chmod 777 file1||sets read, write and execute for everyone.|
|chmod 600 file1||sets read and write permissions only for the user (typical permissions for private SSH key).|