There are times when you create, say, a bash script on your Linux machine. But when you try running it, you get a permission error. What do you do? Simple, assuming you’re on Ubuntu, right click on the file’s icon, go to the ‘Permissions’ tab, and enable the ‘Allow executing file as program’ option. But what if the requirement is to do this change from the command line?
If you are new to Linux, and are looking for a way to change file/directory permissions through the command line, you’ll be glad to know there exists a command – dubbed chmod – that lets you easily do this. In this tutorial, we will discuss the basics of this command as well as provide examples explaining how it can be used in various scenarios.
Please note that all examples and instructions mentioned in this tutorial have been tested on Ubuntu 16.04LTS, and the chmod version we’ve used is 8.25.
Consider the following ls command example:
The first column in the output is of our interest. Leave aside the initial ‘-‘ (which signifies the type of file), the remaining fields in the column can be broken down further as: rw- , rw- , and r–. These are the permissions that the file owner, the group the file belongs to, and others have when it comes to this file.
What this means is, the owner has both read (r) and write (w) permissions. So does the group. Others, however, only have read permissions for the file. Please note that we’re assuming the file is owned by the current user.
Now suppose the requirement is to give everyone the right to execute this file. Here’s how this can be done:
chmod +x script.sh
Here’re the permissions now:
The extra ‘x’ in permissions for owner, group, as well as others signifies that now everyone has execute access for this file.
However, more likely than not, you might not want everyone to have execute access for a file. What if the requirement is to grant only the owner/current user execute access to script.sh.
Well, for this, the first step now would be to take back execute access from everyone, something which you can do using the following command:
chmod -x script.sh
And then grant it explicitly to the owner:
chmod u+x script.sh
As you’d have guessed, ‘u+x’ says grant (+) the owner/current user (u) execute (x) access to the file. Similarly, for group, you can use ‘g’ and for others you can use ‘o’.
Please note that whenever you want to grant/revoke a common set of permissions to/from all, you can use ‘a’ instead of ‘ugo’. What I mean is, this:
chmod ugo-x script.sh
can be replaced by this:
chmod a-x script.sh
Also, remember that if none of these (‘u’, ‘g’, ‘o’, and ‘a’) is explicitly specified, then also the default is assumed to be ‘a’.
Moving on, if you want, you can also simply copy permissions granted to, say, the owner/current user and have them for the group or others. For this use the sign ‘=’.
For example, to copy owner/user permissions to group, use the following command:
chmod g=u script.sh
Another scenario could be to copy permissions for a particular file and have them for your file. For this, use the –reference command line option. Here’s the general template for using this command line option:
chmod –reference=[source-file] [destination file]
In the above command, source-file is the file whose permission bits you want to copy, and destination-file is the file whose permission bits you want to change.
Moving on further, there’s also a numerical notation (also known as octal representation) using which you can tell chmod to change permissions. There are three numbers you play with in this mode: 4, 2, and 1. While 4 is for read, the other two are for write and execute, respectively.
For example, consider the following example:
Now, suppose the task is to add execute permission for owner/user, remove write permission but add execute permission to group, and remove all permissions from others. This can be done as follows:
chmod 750 script.sh
In the above command, ‘7’ is for user, which is the result of 4+2+1 as the requirement for user is to have all permissions. Similarly, ‘5’ is for group, which the result of 4+0+1 as the requirement is to give only read and execute permissions to group. Finally, ‘0’ is for others, which is the result of 0+0+0, as the requirement is to revoke all permissions from others.
For those dealing with symbolic links, here’s something worth knowing:
chmod never changes the permissions of symbolic links; the chmod system call cannot change their permissions. This is not a problem since the
permissions of symbolic links are never used. However, for each symbolic link listed on the command line, chmod changes the permissions of
the pointed-to file. In contrast, chmod ignores symbolic links encountered during recursive directory traversals.
The chmod command might not be the one that you may require on daily basis, but it’s an extremely useful/important tool that you should know about. Here, in this tutorial, we have discussed most of the basics related to this tool, and the examples we’ve discussed are aimed at making those basics clear.
Please note that our discussion mainly focused on files. There are some details that you should keep in mind while using chmod with directories. For all that info (as well as more details on chmod), head to the tool’s man page.