Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
chmod
open-in-new
<h2 id="use">Use</h2> <p>Although the syntax of the command varies somewhat by implementation, it generally accepts either a single octal value (which specifies <i>all</i> the mode bits on each file), or a comma-delimited list of symbolic specifiers (which describes how to change the existing mode bits of each file). The remaining arguments are a list of paths to files to be modified.<a class="footnote-ref" id="fnref:7" href="#fn:7"><sup>7</sup></a> </p><p>Changing permissions is only allowed for the superuser (root) and the owner of a file. </p><p>If a <a href="/facts/Symbolic_link/laB0S68t">symbolic link</a> is specified, the target of the link has its mode bits adjusted. Permissions directly associated with a symbolic link file system entry are typically not used. </p> <h3>Options</h3> <p>Optional, command-line options may include: </p> <ul><li>-R recursive; include contained files and subdirectories of specified directories</li> <li>-v verbose; log changed file names</li></ul> <h3>Octal notation</h3> <p>Given a numeric permissions argument, the chmod command treats it as an <a href="/facts/Octal/4nRcq0Ce">octal</a> number, and replaces <i>all</i> the mode bits for each file. (Although 4 digits are specified, leading 0 digits can be elided.)<a class="footnote-ref" id="fnref:8" href="#fn:8"><sup>8</sup></a> </p><p>Why octal rather than decimal? <a class="footnote-ref" id="fnref:9" href="#fn:9"><sup>9</sup></a> </p><p>There are twelve standard mode bits, comprising 3 special bits (<a href="/facts/Setuid/F2TnVj73">setuid</a>, <a href="/facts/Setgid/F2TnVj73">setgid</a>, and <a href="/facts/Sticky_bit/13lVSEfb">sticky</a>), and 3 permission groups (controlling access by <i>user</i>, <i>group</i>, and <i>other</i>) of 3 bits each (<i>read</i>, <i>write</i>, and <i>exec/scan</i>); each permission bit grants access if set (1) or denies access if clear (0). </p><p>As an octal digit represents a 3-bit value, the twelve mode bits can be represented as four octal digits. chmod accepts up to four digits and uses 0 for left digits not specified (as is normal for numeric representation). In practice, 3 digits are commonly specified since the special modes are rarely used and the user class is usually specified. </p><p>In the context of an octal digit, each operation bit represents a numeric value: read: 4, write: 2 and execute: 1. The following table relates octal digit values to a class operations value. </p> Octal digit permission<table><tbody><tr><th>#</th><th>bits</th><th>rwx</th><th>granted operations</th></tr><tr><td>7</td><td>4 + 2 + 1</td><td>rwx</td><td>read, write and execute</td></tr><tr><td>6</td><td>4 + 2 </td><td>rw-</td><td>read and write</td></tr><tr><td>5</td><td>4 + 1</td><td>r-x</td><td>read and execute</td></tr><tr><td>4</td><td>4</td><td>r--</td><td>read only</td></tr><tr><td>3</td><td> 2 + 1</td><td>-wx</td><td>write and execute</td></tr><tr><td>2</td><td> 2</td><td>-w-</td><td>write only</td></tr><tr><td>1</td><td> 1</td><td>--x</td><td>execute only</td></tr><tr><td>0</td><td></td><td>---</td><td>none</td></tr></tbody></table> <p>The command <a href="/facts/Stat_(Unix)/5DeWQJFS">stat</a> can report a file's permissions as octal. For example: </p> $ stat -c %a findPhoneNumbers.sh 754 <p>The reported value, 754 indicates the following permissions: </p> <ul><li>user class: read, write, and execute; 7 => (4 + 2 + 1)</li> <li>group class: read and execute; 5 => (4 + 1)</li> <li>others class: read only; (4)</li></ul> <p>A code permits execution if and only if it is <a href="/facts/Odd_number/7zq2UM4V">odd</a> (i.e. 1, 3, 5, or 7). A code permits read if and only if it is greater than or equal to 4 (i.e. 4, 5, 6, or 7). A code permits write if and only if it is 2, 3, 6, or 7. </p> <h3>Symbolic notation</h3> <p>The chmod command accepts symbolic notation that specifies how to modify the existing permissions.<a class="footnote-ref" id="fnref:10" href="#fn:10"><sup>10</sup></a> The command accepts a comma-separate list of specifiers like: [<i>classes</i>]+|-|=<i>operations</i> </p><p>Classes map permissions to users. A change specifier can select one class by including its symbol, multiple by including each class's symbol with no delimiter or if not specified, then all classes are selected and further the bits of <a href="/facts/Umask/guGm0ye9">umask</a> mask will be unchanged.<a class="footnote-ref" id="fnref:11" href="#fn:11"><sup>11</sup></a> Class specifiers include: </p> Class specifiers<table><tbody><tr><th>symbol</th><th>description</th></tr><tr><td>u</td><td>user: file owner</td></tr><tr><td>g</td><td>group: members of the file's group</td></tr><tr><td>o</td><td>others: users who are neither the file's owner nor members of the file's group</td></tr><tr><td>a</td><td>all three classes; same as ugo</td></tr></tbody></table> <p>As ownership is key to access control, and since the symbolic specification uses the abbreviation <i>o</i>, some incorrectly think that it means <i>owner</i>, when, in fact, it is short for <i>others</i>. </p><p>The change operators include: </p> Operators<table><tbody><tr><th>symbol</th><th>description</th></tr><tr><td>+</td><td>add operations/flags</td></tr><tr><td>-</td><td>remove operations/flags</td></tr><tr><td>=</td><td>set the entire operations/flags field; grants the specified operations and denies others</td></tr></tbody></table> <p>Operations can be specified as follows: </p> Operation specifiers<table><tbody><tr><th>symbol</th><th>description</th></tr><tr><td>r</td><td>read a regular file or list a directory's contents</td></tr><tr><td>w</td><td>write to a file</td></tr><tr><td>x</td><td>execute a regular file or recurse a directory tree</td></tr><tr><td>X</td><td>special execute: selects to apply execute to directories (regardless of their current permissions) and apply execute to files that already have at least one execute permission granted (for any class); only useful with operation + and usually in combination with option -R for giving group or others access to a directory tree without setting execute permission on regular files, which would normally happen if with chmod -R a+rx .; instead use chmod -R a+rX .</td></tr><tr><td>s</td><td>setuid mode or setgid mode</td></tr><tr><td>t</td><td>sticky mode</td></tr></tbody></table> <p>Most chmod implementations support the specification of the special modes in octal, but some do not which requires using the symbolic notation. </p><p>The <a href="/facts/Ls/5GsH3v2a">ls</a> command can report file permissions in a symbolic notation that is similar to the notation used with chmod. ls -l reports permissions in a notation that consists of 10 letters. The first indicates the type of the file system entry, such as dash for regular file and 'd' for directory. Following that are three sets of three letters that indicate read, write and execute permissions grouped by user, group and others classes. Each position is either dash to indicate lack of permission or the single-letter abbreviation for the permission to indicate that it's granted. For example: </p> $ ls -l findPhoneNumbers.sh -rwxr-xr-- 1 dgerman staff 823 Dec 16 15:03 findPhoneNumbers.sh <p>The permission specifier -rwxr-xr-- starts with a dash which indicates that findPhoneNumbers.sh is a regular file; not a directory. The next three letters rwx indicate that the file can be read, written, and executed by the owning user dgerman. The next three letters r-x indicate that the file can be read and executed by members of the staff group. And the last three letters r-- indicate that the file is read-only for other users. </p> <h2 id="examples">Examples</h2> <p>Add write permission to the group class of a directory, allowing users in the same group to add files: </p> $ ls -ld dir # before drwxr-xr-x 2 jsmitt northregion 96 Apr 8 12:53 shared_dir $ chmod g+w dir $ ls -ld dir # after drwxrwxr-x 2 jsmitt northregion 96 Apr 8 12:53 shared_dir <p>Remove write permission for all classes, preventing anyone from writing to the file: </p> $ ls -l ourBestReferenceFile -rw-rw-r-- 2 tmiller northregion 96 Apr 8 12:53 ourBestReferenceFile $ chmod a-w ourBestReferenceFile $ ls -l ourBestReferenceFile -r--r--r-- 2 tmiller northregion 96 Apr 8 12:53 ourBestReferenceFile <p>Set the permissions for the user and group classes to read and execute only; no write permission; preventing anyone from adding files: </p> $ ls -ld referenceLib drwxr----- 2 ebowman northregion 96 Apr 8 12:53 referenceLib $ chmod ug=rx referenceLib $ ls -ld referenceLib dr-xr-x--- 2 ebowman northregion 96 Apr 8 12:53 referenceLib <p>Enable write for the user class while making it read-only for group and others: </p> $ chmod u=rw,go=r sample $ ls -ld sample drw-r--r-- 2 oschultz warehousing 96 Dec 8 12:53 sample <p>To recursively set access for the directory docs/ and its contained files: </p><p>chmod -R u+w docs/ </p><p>To set user and group for read and write only and set others for read only: </p><p>chmod 664 file </p><p>To set user for read, write, and execute only and group and others for read only: </p><p>chmod 744 file </p><p>To set the sticky bit in addition to user, group and others permissions: </p><p>chmod 1755 file </p><p>To set UID in addition to user, group and others permissions: </p><p>chmod 4755 file </p><p>To set GID in addition to user, group and others permissions: </p><p>chmod 2755 file </p> <h2 id="see-also">See also</h2> <ul><li><a href="/facts/Attrib/t81evL39">attrib</a></li> <li><a href="/facts/Cacls/6x6KPPum">cacls</a>, modifies access control lists</li> <li><a href="/facts/Chattr/HHLsJqbA">chattr</a>, changes the attributes of a file</li> <li><a href="/facts/Chgrp/L1sDNa1r">chgrp</a>, changes the group of a file</li> <li><a href="/facts/Chown/JPm7Xv6u">chown</a>, changes the owner of a file</li> <li><a href="/facts/Group_identifier/23lndCN4">Group identifier</a> – Unix/POSIX system account group number; numeric value used to represent a specific group</li> <li><a href="/facts/List_of_POSIX_commands/EEuIsUx9">List of POSIX commands</a></li> <li><a href="/facts/User_identifier/PurxNtA5">User identifier</a> – Value identifying a user account in Unix and Unix-like operating systems</li> <li><a href="/facts/Umask/guGm0ye9">umask</a>, restricts permissions at file creation</li></ul> <h2 id="external-links">External links</h2> The Wikibook <i>Guide to Unix</i> has a page on the topic of: <i>Commands</i> <ul><li><a href="https://www.freebsd.org/cgi/man.cgi?query=chmod&sektion=1">chmod(1)</a>: change file modes – <a href="/facts/FreeBSD/RKsFTm7F">FreeBSD</a> General Commands <a href="/facts/Man_page/S2yYjy0J">Manual</a></li> <li><a href="https://9p.io/magic/man2html/1/chmod">chmod(1)</a> – <a href="/facts/Plan_9_from_Bell_Labs/pQjPlS7w">Plan 9</a> Programmer's Manual, Volume 1</li> <li><a href="http://man.cat-v.org/inferno/1/chmod">chmod(1)</a> – <a href="/facts/Inferno_(operating_system)/baKPoWRU">Inferno</a> General commands <a href="/facts/Man_page/S2yYjy0J">Manual</a></li> <li><a href="https://www.gnu.org/software/coreutils/manual/html_node/chmod-invocation.html">chmod</a> — manual page from <a href="/facts/GNU/EpSzvJGJ">GNU</a> <a href="/facts/Coreutils/Q9cop5U5">coreutils</a>.</li> <li><a href="https://www.gnu.org/software/coreutils/manual/html_node/Setting-Permissions.html">GNU "Setting Permissions" manual</a></li> <li><a href="http://neosmart.net/dl.php?id=4">CHMOD-Win 3.0</a> — Freeware Windows' ACL ↔ CHMOD converter.</li> <li><a href="http://catcode.com/teachmod/index.html">Beginners tutorial with on-line "live" example</a></li></ul> <h2 id="references">References</h2> <ol> <li id="fn:1"><p>The modes/permissions are shown when listing files in long format. <a href="/wiki/Ls" target="_blank">/wiki/Ls</a> <a href="#fnref:1" class="footnote-back-ref">↩</a></p></li> <li id="fn:2"><p>"Tutorial for chmod". catcode.com. <a href="http://catcode.com/teachmod/" target="_blank">http://catcode.com/teachmod/</a> <a href="#fnref:2" class="footnote-back-ref">↩</a></p></li> <li id="fn:3"><p>"Native Win32 ports of some GNU utilities". unxutils.sourceforge.net. <a href="http://unxutils.sourceforge.net/" target="_blank">http://unxutils.sourceforge.net/</a> <a href="#fnref:3" class="footnote-back-ref">↩</a></p></li> <li id="fn:4"><p>IBM. "IBM System i Version 7.2 Programming Qshell" (PDF). IBM. Retrieved 5 September 2020. <a href="/wiki/IBM" target="_blank">/wiki/IBM</a> <a href="#fnref:4" class="footnote-back-ref">↩</a></p></li> <li id="fn:5"><p>"AIX 5.3 System management". IBM knowledge Center. IBM. Retrieved 30 August 2015. <a href="http://www-01.ibm.com/support/knowledgecenter/#!/ssw_aix_53/com.ibm.aix.baseadmn/doc/baseadmndita/acl.htm?cp=ssw_aix_53" target="_blank">http://www-01.ibm.com/support/knowledgecenter/#!/ssw_aix_53/com.ibm.aix.baseadmn/doc/baseadmndita/acl.htm?cp=ssw_aix_53</a> <a href="#fnref:5" class="footnote-back-ref">↩</a></p></li> <li id="fn:6"><p>"chmod(1): change file mode bits - Linux man page". linux.die.net. <a href="https://linux.die.net/man/1/chmod" target="_blank">https://linux.die.net/man/1/chmod</a> <a href="#fnref:6" class="footnote-back-ref">↩</a></p></li> <li id="fn:7"><p>"chmod Man Page with examples and calculator - Linux - SS64.com". ss64.com. (note that "space delimited" is a feature of the shell, not of chmod itself.) <a href="https://ss64.com/bash/chmod.html" target="_blank">https://ss64.com/bash/chmod.html</a> <a href="#fnref:7" class="footnote-back-ref">↩</a></p></li> <li id="fn:8"><p>This differs from the “C” language, where the 0 prefix for octal numbers is a remnant of its early period. <a href="#fnref:8" class="footnote-back-ref">↩</a></p></li> <li id="fn:9"><p>Although rarely used today, during the early development of UNIX, octal was very useful because repeating groups of 3 bits were common in the physical structure of computers at the time, and these bits were easier to read & understand when encoded as octal digits, just as groups of 4 bits are easier when grouped into hexadecimal digits. The numeric expression of filesystem permissions in octal is one of the few of the few remnants of this time. <a href="#fnref:9" class="footnote-back-ref">↩</a></p></li> <li id="fn:10"><p>"AIX 5.5 Commands Reference". IBM Knowledge Center. IBM. Retrieved 30 August 2015. <a href="http://www-01.ibm.com/support/knowledgecenter/#!/ssw_aix_53/com.ibm.aix.cmds/doc/aixcmds1/chmod.htm?cp=ssw_aix_53%2F1-2-0-2-78" target="_blank">http://www-01.ibm.com/support/knowledgecenter/#!/ssw_aix_53/com.ibm.aix.cmds/doc/aixcmds1/chmod.htm?cp=ssw_aix_53%2F1-2-0-2-78</a> <a href="#fnref:10" class="footnote-back-ref">↩</a></p></li> <li id="fn:11"><p>"Permissions masking with umask, chmod, 777 octal permissions". teaching.idallen.com. <a href="http://teaching.idallen.com/cst8207/19w/notes/510_umask.html" target="_blank">http://teaching.idallen.com/cst8207/19w/notes/510_umask.html</a> <a href="#fnref:11" class="footnote-back-ref">↩</a></p></li> </ol>