chmod ("change mode") sets the permission bits of files and directories. Linux permissions are grouped into three categories—owner (u), group (g), and others (o)—each with three bits for read (r), write (w), and execute (x). chmod accepts two syntaxes: symbolic and octal.
Symbolic:
chmod u+x script.sh # add execute for owner
chmod go-w file # remove write for group and others
chmod a=r file # everyone read-only (a = all)
chmod u=rwx,g=rx,o= file # explicit per-class
Octal: each digit represents one class, with the bits 4 (read), 2 (write), and 1 (execute) summed:
chmod 755 script.sh # rwxr-xr-x
chmod 644 file # rw-r--r--
chmod 600 secret # rw-------
chmod -R 755 dir/ # recursive
A fourth octal digit, placed before the others, encodes the setuid, setgid, and sticky bit (4, 2, 1 respectively), as in chmod 4755 for a setuid binary. Understanding chmod is essential for securing a Linux system: mis-set permissions are one of the most common causes of both security holes and "permission denied" frustration.
Discussed in:
- Chapter 9: Users, Groups, and Permissions — chmod: Changing Permissions
Also defined in: Textbook of Linux