Changing Permissions ( chmod )

In general, the chmod command take the form: chmod [options] permissions filename. If no options are specified, it modifies the permissions of the file to the permissions specified by permissions.

The permissions string is specified with user category (user, group, other or all), and an operator to add, substract or set permissions, followed by the permissions themself, Read, Write or Execute.

ItemMeaning
User CategoryugoaUser category: user, group, other, all
Operator+-=Add, substract or set permissions
PermissionrwxRead, Write, Execute

To add the write permission to the group of test.txt file.

$ chmod g+w test.txt
$ ls -l test.txt
-rw-rw-r--@  1 robin  staff    411 16 Sep 22:50 test.txt

To remove write permission from the group of test.txt file.

$ chmod g-w test.txt
$ ls -l test.txt
-rw-r--r--@  1 robin  staff    411 16 Sep 22:50 test.txt

To change more than one permissions at a time, for example to add write and execute:

$ chmod g+wx test.txt
$ ls -l test.txt
-rw-rwxr--@  1 robin  staff    411 16 Sep 22:50 test.txt

You can use commas ( , ) to seperate the permissions specifications for different user categories. For example, for u and g categories:

$ chmod u+rwx,g-w test.txt
$ ls -l test.txt
-rwxr--r--@  1 robin  staff    411 16 Sep 22:50 test.txt

Octal or Numeric Based Permissions

In addition to symbolic mode, octal mode or numeric mode can be used with chmod to set file and directory permissions.

In octal mode, permissions are based in binary. Each permission type is treated as a bit that either set to off 0 or on 1. And in permissions, order has meaning and so permissions are always in Read , Write , and Execute order. So, if r, w and x are all set to off, the binary representation is 000.

rwx
000Value for off
111Binary value for on
421Base 10 or decimal value for on

The permissions number is determined by adding up all the values for each permission type. There are 8 possible values from 0 to 7, hence the name octal mode. Below is the list of all possible options.

OctalBinaryStringDescription
00---No permissions
11--xExecute only
210-w-Write only
311-wxWrite and execute (2+1)
4100r--Read only
5101r-xRead and execute (4+1)
6110rw-Read and write (4+2)
7111rwxRead, write, and execute (4+2+1)

The user categories are always in User, Group and Other order. Therefore, once you determine the octal value for each category, you specify them in that order.

For example:

To set r, w, x for User, r and x for Group, and just r for Other:

UGO
Symbolicrwxr-xr--
Binary111101100
Decimal754

You would specify chmod 754 filename.

Commonly Used Permissions

SymbolOctalMeaning
-rwx------700A file can be read, edited and executed by owner, and no one else on the system will have access to that file.
-rwxr-xr-x755Allows everyone on the system to execute the file. But only the user or the owner of the file can edit it.
-rw-rw-r--664Allows a group of people to modify the file and let others read it.
-rw-rw----660Allows a group of people to modify the file and not let other read it.
-rw-r--r--644Allows everyone on the system to read the file. But only the user or the owner of that file can edit it.

Important: In general, it is good to avoid the 777 and 666 permisson modes. The 777 gives everyone full access to that file and the 666 gives everyone the Write permissions, they could cause unnecessary trouble. If you tempt to use the 777 or 666 for permissions, you need to check if there is a better way to do that.