wikiChmod
Chmod (change file mode bits) changes the access rights of files and folders on POSIX-conform systems as Linux.
Right groups
Access rights are stored separately for:
- u - (u)ser (rights for the user who owns the file or directory)
- g - (g)roup (rights for members of the group to which the file or directory is assigned)
- o - (o)ther (rights for all others)
If the rights are to be changed for all rights groups, the abbreviation “a” can be used:
- a - (a)ll = ugo (user + group + other)
file rights
File rights describe what a user is allowed to do with a file.
r - (r)ead
Right to read. If this right is available, the user is allowed to read the file.
w - (w)rite
right to write. If this right is available, the user is allowed to write to the file.
x - e(x)ecute
right of execution. If this right is available, the user is allowed to execute the file (programs, scripts).
Octal values
These three file permissions (read, write, execute) are stored as three consecutive bits, often represented as an octal value (0 to 7).
The following applies:
- first bit: read (binary 100, octal 4)
- second bit: write (binary 010, octal 2)
- third bit: execute (binary 001, octal 1)
If several rights are combined (e.g., read and write), the following sum octal values result:
| octal | binary | description |
|---|---|---|
| 0 | 000 | no rights |
| 1 | 001 | just execute (execute, x) |
| 2 | 010 | just write (write, w) |
| 3 | 011 | write (write, w) and execute (execute, x) |
| 4 | 100 | just read (read, r) |
| 5 | 101 | read (read, r) and execute (execute, x) |
| 6 | 110 | read (read, r) and write (write, w) |
| 7 | 111 | read (read, r), write (write, w) and execute (execute, x) |
Examples
The following two examples show a text file as well as an executable file:
| example | special permissions | user (u) | group (g) | other (o) | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SUID
user+s(pecial) |
SGID
group+s(special) |
sticky
other+t(sticky) |
Read (r)
(read) |
Write (w)
(write) |
eXecute (x)
(execute) |
Read (r)
(read) |
Write (w)
(write) |
eXecute (x)
(execute) |
Read (r)
(read) |
Write (w)
(write) |
eXecute (x)
(execute) | ||
| text file | binary | 000 | 000 | 000 | 100 | 010 | 000 | 100 | 000 | 000 | 100 | 000 | 000 |
| octal | 0 | 0 | 0 | 4 | 2 | 0 | 4 | 0 | 0 | 4 | 0 | 0 | |
| sum (octal) | 0 | 0 | 0 | 6 | 4 | 4 | |||||||
| octal notation for chmod | 0644 (= 644) | ||||||||||||
| display in ls output | -
|
r
|
w
|
-
|
r
|
-
|
-
|
r
|
-
|
-
| |||
-rw-r--r--
| |||||||||||||
werner@x390:~/Documents$ ls -l gnome-software.png -rw-r--r-- 1 werner werner 41305 Okt 9 2023 gnome-software.png | |||||||||||||
| script (executable) | binary | 000 | 000 | 000 | 100 | 010 | 001 | 100 | 000 | 001 | 100 | 000 | 001 |
| octal | 0 | 0 | 0 | 4 | 2 | 1 | 4 | 0 | 1 | 4 | 0 | 1 | |
| sum (octal) | 0 | 0 | 0 | 7 | 5 | 5 | |||||||
| octal notation for chmod | 0755 (= 755) | ||||||||||||
| display in ls output | -
|
r
|
w
|
x
|
r
|
-
|
x
|
r
|
-
|
x
| |||
-rwxr-xr-x
| |||||||||||||
werner@x390:~$ ls -l bin/test-1.sh -rwxr-xr-x 1 werner werner 39 Apr 22 11:35 bin/test-1.sh | |||||||||||||
Directory rights
Directory rights differ from the file rights especially in the following point:
- The execution rights refer to whether a directory may be accessed.
Special bits SETUID, SETGID, Sticky Bit
The following table shows the meaning of SETUID, SETGID and Sticky Bit:
| SETUID | SETGID | Sticky Bit / Restricted Deletion Flag | |
|---|---|---|---|
| octal value | 4000 | 2000 | 1000 |
| display in symbolic mode | "s" instead of "x" for user (u) rights | "s" instead of "x" for the group (g) rights | "t" instead of "x" for the other (o) rights |
| meaning for files | For executable files, it grants the executing process the rights to use the file's user rights. | For executable files, it grants the executing process the rights to use the file's group rights. | - (does not function under Linux) |
| meaning for directories | - (does not function under Linux) | Every file that is newly created in this directory or a new subdirectory inherits the group of the directory. | For directories, it prevents unprivileged users from deleting or renaming a file in the directory unless they are the owner of the file or directory. This is referred to as the “restricted deletion flag” for the directory and is often found on directories such as /tmp, which can be written to by any user. |
chmod - change of rights
With chmod, the file rights can be adjusted. There are two possibilities:
- SYMBOLIC MODE: format [ugoa][-+=][rwx]
- NUMERIC/OCTAL MODE: format 1-4 digits of 0-7
More information
 |
Author: Werner Fischer Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.
|
 |
Translator: Alina Ranzinger Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.
|
