What is chmod?

Short for ‘change mode’, chmod was developed in the early 1970s at the same time as AT&T’s first version of Unix. In Unix-like multi-user operating systems, chmod is responsible for assigning and changing access rights in file systems that are supported by Unix rights management. This also applies to all standard file systems in conventional Linux derivatives intended for server operation support. Changing access rights with this command can only be carried out by the file owner or the root user.

Linux distributions such as Ubuntu are among the most popular choices for web server operators. One feature that all Unix derivatives share is that files and directories are assigned certain access rights. But users have the ability to change such settings by activating the command line program, ‘chmod’.

How to use chmod?

In general, the system for Unix data rights relies on user classes and individual access rights. Chmod supports two different systems: the symbolic notation using letters and allocation of data rights through digit-based octal codes. As previously mentioned, changes to access rights can only be made by the file owner or root user. Executing the following procedures should always conform to the following syntax:

$ chmod options mode file

The command chmod can be followed by the “options” element which allows further options of the chmod command to be defined. The element “mode” represents the so-called umask that is applied to the “file” (which can also be a directory). This mask contains the information responsible for determining whether or not a user class should receive new access rights or be removed of the rights that they currently have.

What are the chmod classes?

According to the Unix file system, each file on a given Linux server has individual access rights; the same also applies to directories. Managing such access rights is supported through three user classes:

User

Generally, any user who creates a file in a Unix data system is automatically defined as that file’s ‘user’. Ownership can also be retroactively changed by entering the command ‘chown’.

Group

The user class ‘group’ combines different user accounts on the server. In Unix-like systems, every user’s account is automatically assigned to a group. Assigning users to additional groups still remains possible, however. Group assignment can be configured by both the owner as well as the root user by using the command, ‘chgrp’.

Others

The user class ‘others’ encompasses all users that are neither file owners nor members of a group with access rights. The user class ‘others’ is denoted by the shorthand symbolic notation ‘o’.

The umask can either be created in symbolic or octal notation. Their main features and advantages are briefly summarised in the following paragraph.

Symbolic notation

In symbolic mode, user classes and access rights are assigned individual letters. The combination of letters makes it easy to specify which rights are added or removed. The following table summarises the letters for users and rights used in symbolic notation.

Letters for access rights

Meaning

r

Reading rights; also referred to as R-bit

w

Writing rights; also referred to as W-bit

x

Execution rights; also referred to as X-bit

Letters for users classes

Meaning

u

User class “user“

g

User class “group”

o

User class “others”

a

“all”; command referring to all user classes

Umasks created according to symbolic notation make use of the following operands. These are responsible for connecting user classes to file rights:

+

The operand ‘+’ assigns user classes new file rights. Only affected data rights are overwritten.

-

The operand ‘-’ removes file rights from a user class.

=

Should the file rights of a user class be reset, then the operand ‘=‘ is used.

The following chmod command modifies the mock file, example.txt, so that the owner (user) as well other users (group, other) receive writing and reading rights:

$ chmod ugo+rw example.txt

Referencing all the user classes (a) is a possible alternative:

$ chmod a+rw example.txt

When called in the terminal, the file example.txt would display the following rights instead of its original rights:

Access rights prior to change

chmod command

Access rights after change

-rw-------

a+rw

-rw-rw-rw-

user: read, write

group: no rights

other: no rights

a = all

+ = add access rights

r = read

w = write

user: read, write

group: read, write

other: read, write

Octal notation

While easy for users to read, symbolic notation can be cumbersome when regularly used. For this reason, many administrators rely on octal notation to allocate access rights. This method employs a three-figure digit sequence in which each digit represents one of the server’s user classes. Octal notation also follows the standard sequence as laid out per default:

Digit position of user class

Meaning

1

Corresponds to the user class ‘user’.

2

Corresponds to the user class ‘group’.

3

Corresponds to the user class ‘others’.

Which access rights are assigned to the individual user classes is determined by the value of each digit. This is calculated by the sum of the individual values that the corresponding rights are assigned to:

Value for access right

Meaning

4

reading

2

writing

1

execution

0

no rights

The following value combinations also result from this allocation:

Access right

Value

0

None

1

only execute

2

only write

3

write/execute

4

only read

5

read/execute

6

read/write

Octal notation can best be visualised using an example. Let’s assume the user of example.txt wants to grant reading rights to the group ‘examplegroup’.

$ chmod 640 example.txt

With the value ‘6’ placed in first position of the umask, the owner retains the main access rights: 4 (read) + 2 (write). The umask’s second value indicates the access rights granted to the specified group: 4 (read). Other users are not provided with any rights, which corresponds to the value ‘0’ in third place.

Options of chmod commands

Whether users opt for numeric or symbolic notation, there are always multiple options for allocating access rights. These alternatives are added in the command line between the command and the umask:

Code

Option

Description

-R

recursive

Access right changes refer to all files and sub-directories within a given folder.

-v

verbose

A diagnosis for all the processed files is issued after the shell command.

-c

changes

A diagnosis for all the changed files is issued after the shell command.

-f

silent

Error reports are suppressed

The following example command changes access rights recursively for all sub-directories and files as well as for the folder itself:

$ chmod -R 744 examplefolder

The following applies to all files and subfolders in the directory ‘examplefolder’: the owner receives full access rights (7); group members and other users only have reading access (4).

An example of how to use chmod

In order to get a better understanding of Unix file rights, it may prove helpful to get a glimpse of how access rights for files or directories are displayed in the terminal. Folder content can be displayed in the terminal with the command ‘ls’.  Owners or root users can gain information on file rights by using the attribute ‘-l‘.

ls -l

A possible output for this command would look like this:

total 3
-rwx------  1 det det    0 2020-02-02 10:41 file1.txt
-rw-rw-r--  1 det det    0 2020-02-02 10:41 file2.txt
drwxr-xr-x  2 det det 4096 2020-02-02 10:44 directory

The queried path contains two files (“file1.txt” and “file2.txt”) and one directory (“directory”). Each entrance starts with a 10-digit block which points to the access rights of the files and directory. The digit in the first place specifies what the code is about. For files, the code begins on a minus sign (“-“) as is the case in the first two lines of the example. A “d” (for “directory”) indicates the directory. For links, the “d” would be replaced with a “l” (for “link”).

The advantage of the Unix file system lies in its simple structures. By using multi-user operating systems, complex problems are solvable with minimal effort. Additionally, this approach is intuitive to use and is easy for computer systems to process. Those who do not feel comfortable with their abilities to allocate access rights in the terminal can alternatively rely on file managers. Common FTP programs generally offer a graphic user interface.

What follows are the three basic access rights – with three letters each – which inform on current access rights. These follow octal notation order: block 1 signifies the “user” or owner, block 2 stands for “group” and block 3 for “others”. Within each block, the order is always the same:

  • The first digit indicates whether read access (r) is granted
  • The second digit shows whether write (w) access is given
  • And the third digit signifies if defined user groups have the rights to execute (x)

Where a letter is placed, the corresponding rights are granted. Alternatively, there will be a minus sign in the corresponding position. Referring back to our example of the two files and the directory the code translates to:

file1.txt

User

Group

Others

Read

x

x

Write

x

x

Execute

x

x

file2.txt

User

Group

Others

Read

Write

x

Execute

x

x

x

directory

User

Group

Others

Read

Write

x

x

Execute

chmod example: adding access rights

To demonstrate how access rights can be amended to include additional user classes, let’s look at an example. Reading and executing rights for File1.txt are currently reserved for the owner only. In order to unlock access rights for all other user classes, the following chmod command should be used:

chmod a+rx file1.txt

All user classes (a) are granted new rights (+) to read (r) and execute (x) the file1.txt.

To view the listing of user rights, the entry for file1.txt looks like this:

-rwxr-xr-x  1 det det    0 2020-02-02 10:41 file1.txt

chmod example: withdraw user rights

In our second example, we’ll withdraw the writing rights in file2.txt for all users (including the owner) using the following chmod command:

chmod a-w file2.txt

The command refers to all user classes (a), and withdraws (-) their writing rights (w) for file2.txt. The final entry is:

-r--r--r--  1 det det    0 2020-02-02 10:41 file2.txt
In order to provide you with the best online experience this website uses cookies. By using our website, you agree to our use of cookies. More Info.
Manage cookies