In my previous blog post I discussed how Linux file permissions work, and now I am going to discuss how to change permissions using chmod.
Note: Only the object owner, superuser or root account can change the permissions of a file/folder.
chmod is the command used to change the permissions of an object, and is short for “CHange MODe”.
The chmod command can be used with octals (as discussed in the Linux file permissions blog post) or symbolic representation.
For my examples in this blog post I have created a directory called permissions containing several files, a directory and the usual system directories (. and ..).
The directories all have the permissions:
representing that they are directories (d), that the owner has read, write and execute (rwx) permissions, that the group has read and execute (r-x) permissions and that others (world) have read and execute (r-x) permissions. They are owned by the user pi and the group pi.
The three files (confidential.txt, personalinfo.csv and secret.txt) all have the permissions:
representing that they are regular files (-), that the owner has read and write (rw-) permissions, that the group has read permissions (r–) and that others (world) have read permissions (r–).
chmod with octals
With the octals knowledge from my previous post it only takes one command to change the permissions on an object.
Take for example confidential.txt which has the following permissions:
The same as octal value 644. Using the command:
chmod 777 confidential.txt
Changes the permission of the file to octal value 777, which is the same as:
This has given the object owner, group and other read, write and execute permission on an object when previously they only had read/write (owner) or read (group/other).
chmod with symbolic representation
Remembering octals can be hit and miss, even with a fantastic website like geektechstuff.com at hand. With this in mind the chmod command can also be used with symbolic representation.
Symbolic representation uses the following characters:
- u for user
- g for group
- o for other
- a for u, g and o together (i.e. a as in all)
- r for read
- w for write
- x for execute
- + for adding a permission
- – for removing a permission
- = for setting the new permission and removing old permissions
For example, personalinfo.csv has the permissions:
which allows group (g) to only have read (r) permissions. chmod can be used to give group (g) the permissions of write and execute (x):
chmod g+wx personalinfo.csv
Or could be used to reduce the object owner (u) from having the read (r) and write permissions to just having read (r) permissions using the command:
chmod u=r personalinfo.csv
When setting permissions using the chmod command multiple arguments can be given so that the permissions are set quickly in one command rather than multiple commands. For example, to change the permissions on confidential.txt so that the owner has read (r), write and execute (x) whilst group and other are reduced to only read (r), the following command can be used:
chmod u=wrx,g=r,o=r confidential.txt
Setting object permissions individually is powerful, but what if you have a whole folder of objects that you want to change permissions on? Simply add a -R after the chmod, then the permissions and then the path to the directory holding all the objects.
chmod -R permissions_to_amend /path/to/directory
for example let us imagine that the geektechstuff.com directory containing all the top secret passwords and information has been given permissions that all anyone to read, write or execute files within the directory.
using the command:
chmod -R u=wrx, g=r, o-rwx ~/permissions
gives the object owner read, write and execute permissions, gives the group read permissions and takes all permissions from other.